EldoS | Feel safer!

Software components for data protection, secure storage and transfer

decrypt - cert specification ?

Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages
#11314
Posted: 10/12/2009 06:11:14
by Kvetoslav Jansta (Standard support level)
Joined: 05/06/2008
Posts: 56

Hello,

how to use decrypting in XMLBlackBox ?
I suppose :
...
Decryptor.Load(TElXMLDOMElement(Node));
X509KeyData := TElXMLKeyInfoX509Data.Create
X509KeyData.Certificate := function mygetcert : TElX509Certificate;
Decryptor.KeyEncryptionKeyData := X509KeyData;
Decryptor.Decrypt
....

the problem is in mygetcert :(, how to construct that ?
in capicom.dll there was possibility not to specify decrypting certificate,
capicom has found it itself. In XMLBlackBox is there such a possibility ?

or if not :

how to get IssuerName + SerialNumber of certificate that was used for Encrypting ?
In xml file, there is X509Data element, but I don't think I should parse it myself. any relevant properties ?


the best way for me is that decryptor.decrypt will search 'MY' store itself and will use certificate it needs, user would not specify the encryption certificate.

thank you, slava
#11315
Posted: 10/12/2009 07:00:06
by Dmytro Bogatskyy (EldoS Corp.)

Quote
the problem is in mygetcert :(, how to construct that ?
in capicom.dll there was possibility not to specify decrypting certificate,
capicom has found it itself. In XMLBlackBox is there such a possibility ?

No, because there is no strict rules what info about encryption certificate should be present in the KeyInfo element, it is an application specific.
Quote
how to get IssuerName + SerialNumber of certificate that was used for Encrypting ?
In xml file, there is X509Data element, but I don't think I should parse it myself. any relevant properties ?

To access KeyInfo structure use: Decryptor.EncryptedData.EncryptedKey.KeyInfo property (see: http://www.eldos.com/security/articles/6102.php )
Then use X509KeyData.IssuerRDNs/SerialNumbers/SubjectRDNs/IssuerSerialCount properties of ElXMLKeyInfoData to lookup for encryption certificate.
#11317
Posted: 10/12/2009 10:18:05
by Kvetoslav Jansta (Standard support level)
Joined: 05/06/2008
Posts: 56

Quote
Bogatskyy wrote:
To access KeyInfo structure use: Decryptor.EncryptedData.EncrypteKey.KeyInfo property
Then use X509KeyData.IssuerRDNs/SerialNumbers/SubjectRDNs/IssuerSerialCount properties of ElXMLKeyInfoData to lookup for encryption certificate.


ok, I have SerialNumber, but still can not find IssuerName :(
X509KeyData.SubjectRDNCount = 0
X509KeyData.IssuerRDNs[0].Count = 0

where is it ?
orig xml was :
<X509Data><X509IssuerSerial><X509IssuerName>O=Prvni certifikacni autorita a.s., CN=I.CA - Standard root certificate, C=CZ</X509IssuerName><X509SerialNumber>1392952</X509SerialNumber></X509IssuerSerial></X509Data>

and I need the CN.
#11319
Posted: 10/12/2009 12:01:33
by Dmytro Bogatskyy (EldoS Corp.)

Quote
ok, I have SerialNumber, but still can not find IssuerName :(

Please modify TElXMLKeyInfoX509Data.GetIssuerRDNs method in SBXMLSec.pas in the following way:
Change:
Code
Result := TElRelativeDistinguishedName(FIssuerSerials[Index])

to
Code
Result := TElXMLIssuerSerial(FIssuerSerials[Index]).IssuerRDN


Thank you.
#11321
Posted: 10/12/2009 13:07:03
by Kvetoslav Jansta (Standard support level)
Joined: 05/06/2008
Posts: 56

Quote
Bogatskyy wrote:
Quote
ok, I have SerialNumber, but still can not find IssuerName :(

Please modify TElXMLKeyInfoX509Data.GetIssuerRDNs method in SBXMLSec.pas in the following way:
Change:
Code
Result := TElRelativeDistinguishedName(FIssuerSerials[Index])

to
Code
Result := TElXMLIssuerSerial(FIssuerSerials[Index]).IssuerRDN


Thank you.


ou ou,... I don't have .pas, only .dcu, because I have purchased only pdfblackbox yet, money for xmlblackbox is on the way.
ok, will wait or you can send me .dcu or .pas by email. [KJat ..... LCS... cz]
thank you, slava
#11323
Posted: 10/12/2009 14:09:06
by Dmytro Bogatskyy (EldoS Corp.)

Quote
ou ou,... I don't have .pas, only .dcu, because I have purchased only pdfblackbox yet, money for xmlblackbox is on the way.
ok, will wait or you can send me .dcu or .pas by email. [KJat ..... LCS... cz]

The fix will be included in the next build.
Temporarily, you can use this code "TElXMLIssuerSerial(TObject(X509KeyData.IssuerRDNs[0])).IssuerRDN"
But, with new build it become invalid, and you'll need to change it back to "X509KeyData.IssuerRDNs[0]"
#11324
Posted: 10/12/2009 16:02:44
by Kvetoslav Jansta (Standard support level)
Joined: 05/06/2008
Posts: 56

Quote
Bogatskyy wrote:
Quote
ou ou,... I don't have .pas, only .dcu, because I have purchased only pdfblackbox yet, money for xmlblackbox is on the way.
ok, will wait or you can send me .dcu or .pas by email. [KJat ..... LCS... cz]

The fix will be included in the next build.
Temporarily, you can use this code "TElXMLIssuerSerial(TObject(X509KeyData.IssuerRDNs[0])).IssuerRDN"
But, with new build it become invalid, and you'll need to change it back to "X509KeyData.IssuerRDNs[0]"


ok, seems will be ok,
but a small problem with retrieving value,
as I can see I could use GetValuesByOID('CN', method.
TElXMLIssuerSerial(TObject(X509KeyData.IssuerRDNs[0])).IssuerRDN.GetValuesByOID('CN', myStringList );

in the documentation, there is : procedure GetValuesByOID(OID : string; Values : TStringList);
but compiling, the error will occure :
E2010 Incompatible types: 'TElBufferTypeList' and 'TStringList'

I can not find the class : TElBufferTypeList in web nor chm documentation.


thank you,
slava
#11325
Posted: 10/12/2009 16:45:40
by Dmytro Bogatskyy (EldoS Corp.)

Quote
n the documentation, there is : procedure GetValuesByOID(OID : string; Values : TStringList);
but compiling, the error will occure :
E2010 Incompatible types: 'TElBufferTypeList' and 'TStringList'

TElBufferTypeList class is similar to TStringList, but for RawByteString (AnsiString). It is needed for Delphi 2009 and 2010. Defined in SBStringList unit.
#11327
Posted: 10/13/2009 02:31:21
by Kvetoslav Jansta (Standard support level)
Joined: 05/06/2008
Posts: 56

Quote
Bogatskyy wrote:
TElBufferTypeList class is similar to TStringList.Defined in SBStringList unit.


Hi, ok, TElBufferTypeList clear.

one questions about OIDs, what is it ?
because if I display OIDs[0..2] I get 3 values :
'U'#4#$A
'U'#4#3
'U'#4#6

I have supposed it should be O, CN, C like in xml example.
If I use metod GetValuesByOID('U'#4#3, stringlist) I will get good values.
maybe is there a bug in converting string/ansistring on your side,
or there is any transfering table which I don't know.

orig xml was :
<X509Data><X509IssuerSerial><X509IssuerName>O=Prvni certifikacni autorita a.s., CN=I.CA - Standard root certificate, C=CZ</X509IssuerName><X509SerialNumber>1392952</X509SerialNumber></X509IssuerSerial></X509Data>
#11329
Posted: 10/13/2009 04:08:46
by Dmytro Bogatskyy (EldoS Corp.)

Quote
one questions about OIDs, what is it ?
because if I display OIDs[0..2] I get 3 values :
'U'#4#$A
'U'#4#3
'U'#4#6

I have supposed it should be O, CN, C like in xml example.

These values are object identifiers.
CN or commonName have an OID: 2.5.4.3, or in binary view is what you see.
You should use SB_CERT_OID_COMMON_NAME constant to get values.
See: https://www.eldos.com/documentation/sb...ctrdn.html
Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.

Reply

Statistics

Topic viewed 3502 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!