EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Certificate request

Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.
#10569
Posted: 07/12/2009 16:07:12
by Paweł Sałek (Basic support level)
Joined: 07/12/2009
Posts: 6

Hi,
I'd like to issue a certificate, which is based on pkcs10 certificate request. My idea is to use p10 request as a way of transport of public key from end-user to ca. Other necessary information should be added before cert generation. How can I do it?
Documentation mentioned that, it is possible to set serial number and validity period of certificate (and it works fine). But when I add i.e. Key usage:

TElX509CertificateEx cert = new TElX509CertificateEx(null);
cert.ValidFrom = DateTime.Now;
cert.ValidTo = DateTime.Now.AddDays(7);
string data = DateTime.UtcNow.ToString();
Guid g = Guid.NewGuid();
cert.SerialNumber = g.ToByteArray();

cert.Extensions.KeyUsage.Critical = true;
cert.Extensions.KeyUsage.DigitalSignature = true;
CACert.Generate(req, cert); //CACert is ca cert selected from windows store, req is a pkcs10 request loaded from byte buffer.

Actually nothing happens : ). Certificate consist everything except key usage.
Could you send me any hint how to resolve my problem?
Any help will be appreciated.
Best regards,
Pawel.


-------------
little update.
I resolved my problem with extensions.I've got to set up Extensions.Included flag in ElCertificateExtensions class.

But how can I change subject dname?
#10573
Posted: 07/13/2009 04:48:23
by Ken Ivanov (EldoS Corp.)

Thank you for contacting us.

Subject name can be set via the SubjectName or SubjectRDN properties of TElX509Certificate(Ex) class.
#10575
Posted: 07/13/2009 09:25:48
by Paweł Sałek (Basic support level)
Joined: 07/12/2009
Posts: 6

Thank you for your answer.

I'm afraid, that changes in TElX509CertificateEx SubjectRDN doesn’t work. Actually such code:

TElX509CertificateEx cert = new TElX509CertificateEx(null);
cert.ValidFrom = DateTime.Now;
cert.ValidTo = DateTime.Now.AddDays(7);

req.Subject.Clear(); //removes subject dname from request.

cert.SubjectRDN.Count = 2;
cert.SubjectRDN.set_OIDs(0, SBUtils.Unit.SB_CERT_OID_COUNTRY);
cert.SubjectRDN.set_Values(0, SBUtils.Unit.BytesOfString("US"));
cert.SubjectRDN.set_Tags(0, SBASN1Tree.Unit.SB_ASN1_UTF8STRING);
cert.SubjectRDN.set_OIDs(1, SBUtils.Unit.SB_CERT_OID_COMMON_NAME);
cert.SubjectRDN.set_Values(1, SBUtils.Unit.BytesOfString("Test"));
cert.SubjectRDN.set_Tags(1, SBASN1Tree.Unit.SB_ASN1_UTF8STRING);

throws System.IndexOutOfRangeException exception in Generate method.

I've found, that there are two ways to achieve my goal:
1. use SetSubject (TName) method in TElX509CertificateEx and set TName attributes - it works, but it is not good enough (lack of given name and surname attributes).

2. change SubjectRDN in TElCertificateRequest - it works fine for me.

Well, I think, that my problem is resolved.

Regards,

Pawel.
#10576
Posted: 07/13/2009 09:32:58
by Ken Ivanov (EldoS Corp.)

If the certificate is generated from a request, then the subject name values set via the SubjectRDN property are ignored. The name is actually taken from the request in this case.
#10577
Posted: 07/13/2009 11:33:11
by Paweł Sałek (Basic support level)
Joined: 07/12/2009
Posts: 6

Thank you for your help and suggestions.

Regards,

Pawel.
Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.

Reply

Statistics

Topic viewed 1989 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!