EldoS | Feel safer!

Software components for data protection, secure storage and transfer

decrypt - cert specification ?

Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.
#11314
Posted: 10/12/2009 06:11:14
by Kvetoslav Jansta (Standard support level)
Joined: 05/06/2008
Posts: 56

Hello,

how to use decrypting in XMLBlackBox ?
I suppose :
...
Decryptor.Load(TElXMLDOMElement(Node));
X509KeyData := TElXMLKeyInfoX509Data.Create
X509KeyData.Certificate := function mygetcert : TElX509Certificate;
Decryptor.KeyEncryptionKeyData := X509KeyData;
Decryptor.Decrypt
....

the problem is in mygetcert :(, how to construct that ?
in capicom.dll there was possibility not to specify decrypting certificate,
capicom has found it itself. In XMLBlackBox is there such a possibility ?

or if not :

how to get IssuerName + SerialNumber of certificate that was used for Encrypting ?
In xml file, there is X509Data element, but I don't think I should parse it myself. any relevant properties ?


the best way for me is that decryptor.decrypt will search 'MY' store itself and will use certificate it needs, user would not specify the encryption certificate.

thank you, slava
#11315
Posted: 10/12/2009 07:00:06
by Dmytro Bogatskyy (EldoS Corp.)

Quote
the problem is in mygetcert :(, how to construct that ?
in capicom.dll there was possibility not to specify decrypting certificate,
capicom has found it itself. In XMLBlackBox is there such a possibility ?

No, because there is no strict rules what info about encryption certificate should be present in the KeyInfo element, it is an application specific.
Quote
how to get IssuerName + SerialNumber of certificate that was used for Encrypting ?
In xml file, there is X509Data element, but I don't think I should parse it myself. any relevant properties ?

To access KeyInfo structure use: Decryptor.EncryptedData.EncryptedKey.KeyInfo property (see: http://www.eldos.com/security/articles/6102.php )
Then use X509KeyData.IssuerRDNs/SerialNumbers/SubjectRDNs/IssuerSerialCount properties of ElXMLKeyInfoData to lookup for encryption certificate.
#11317
Posted: 10/12/2009 10:18:05
by Kvetoslav Jansta (Standard support level)
Joined: 05/06/2008
Posts: 56

Quote
Bogatskyy wrote:
To access KeyInfo structure use: Decryptor.EncryptedData.EncrypteKey.KeyInfo property
Then use X509KeyData.IssuerRDNs/SerialNumbers/SubjectRDNs/IssuerSerialCount properties of ElXMLKeyInfoData to lookup for encryption certificate.


ok, I have SerialNumber, but still can not find IssuerName :(
X509KeyData.SubjectRDNCount = 0
X509KeyData.IssuerRDNs[0].Count = 0

where is it ?
orig xml was :
<X509Data><X509IssuerSerial><X509IssuerName>O=Prvni certifikacni autorita a.s., CN=I.CA - Standard root certificate, C=CZ</X509IssuerName><X509SerialNumber>1392952</X509SerialNumber></X509IssuerSerial></X509Data>

and I need the CN.
#11319
Posted: 10/12/2009 12:01:33
by Dmytro Bogatskyy (EldoS Corp.)

Quote
ok, I have SerialNumber, but still can not find IssuerName :(

Please modify TElXMLKeyInfoX509Data.GetIssuerRDNs method in SBXMLSec.pas in the following way:
Change:
Code
Result := TElRelativeDistinguishedName(FIssuerSerials[Index])

to
Code
Result := TElXMLIssuerSerial(FIssuerSerials[Index]).IssuerRDN


Thank you.
#11321
Posted: 10/12/2009 13:07:03
by Kvetoslav Jansta (Standard support level)
Joined: 05/06/2008
Posts: 56

Quote
Bogatskyy wrote:
Quote
ok, I have SerialNumber, but still can not find IssuerName :(

Please modify TElXMLKeyInfoX509Data.GetIssuerRDNs method in SBXMLSec.pas in the following way:
Change:
Code
Result := TElRelativeDistinguishedName(FIssuerSerials[Index])

to
Code
Result := TElXMLIssuerSerial(FIssuerSerials[Index]).IssuerRDN


Thank you.


ou ou,... I don't have .pas, only .dcu, because I have purchased only pdfblackbox yet, money for xmlblackbox is on the way.
ok, will wait or you can send me .dcu or .pas by email. [KJat ..... LCS... cz]
thank you, slava
#11323
Posted: 10/12/2009 14:09:06
by Dmytro Bogatskyy (EldoS Corp.)

Quote
ou ou,... I don't have .pas, only .dcu, because I have purchased only pdfblackbox yet, money for xmlblackbox is on the way.
ok, will wait or you can send me .dcu or .pas by email. [KJat ..... LCS... cz]

The fix will be included in the next build.
Temporarily, you can use this code "TElXMLIssuerSerial(TObject(X509KeyData.IssuerRDNs[0])).IssuerRDN"
But, with new build it become invalid, and you'll need to change it back to "X509KeyData.IssuerRDNs[0]"
#11324
Posted: 10/12/2009 16:02:44
by Kvetoslav Jansta (Standard support level)
Joined: 05/06/2008
Posts: 56

Quote
Bogatskyy wrote:
Quote
ou ou,... I don't have .pas, only .dcu, because I have purchased only pdfblackbox yet, money for xmlblackbox is on the way.
ok, will wait or you can send me .dcu or .pas by email. [KJat ..... LCS... cz]

The fix will be included in the next build.
Temporarily, you can use this code "TElXMLIssuerSerial(TObject(X509KeyData.IssuerRDNs[0])).IssuerRDN"
But, with new build it become invalid, and you'll need to change it back to "X509KeyData.IssuerRDNs[0]"


ok, seems will be ok,
but a small problem with retrieving value,
as I can see I could use GetValuesByOID('CN', method.
TElXMLIssuerSerial(TObject(X509KeyData.IssuerRDNs[0])).IssuerRDN.GetValuesByOID('CN', myStringList );

in the documentation, there is : procedure GetValuesByOID(OID : string; Values : TStringList);
but compiling, the error will occure :
E2010 Incompatible types: 'TElBufferTypeList' and 'TStringList'

I can not find the class : TElBufferTypeList in web nor chm documentation.


thank you,
slava
#11325
Posted: 10/12/2009 16:45:40
by Dmytro Bogatskyy (EldoS Corp.)

Quote
n the documentation, there is : procedure GetValuesByOID(OID : string; Values : TStringList);
but compiling, the error will occure :
E2010 Incompatible types: 'TElBufferTypeList' and 'TStringList'

TElBufferTypeList class is similar to TStringList, but for RawByteString (AnsiString). It is needed for Delphi 2009 and 2010. Defined in SBStringList unit.
#11327
Posted: 10/13/2009 02:31:21
by Kvetoslav Jansta (Standard support level)
Joined: 05/06/2008
Posts: 56

Quote
Bogatskyy wrote:
TElBufferTypeList class is similar to TStringList.Defined in SBStringList unit.


Hi, ok, TElBufferTypeList clear.

one questions about OIDs, what is it ?
because if I display OIDs[0..2] I get 3 values :
'U'#4#$A
'U'#4#3
'U'#4#6

I have supposed it should be O, CN, C like in xml example.
If I use metod GetValuesByOID('U'#4#3, stringlist) I will get good values.
maybe is there a bug in converting string/ansistring on your side,
or there is any transfering table which I don't know.

orig xml was :
<X509Data><X509IssuerSerial><X509IssuerName>O=Prvni certifikacni autorita a.s., CN=I.CA - Standard root certificate, C=CZ</X509IssuerName><X509SerialNumber>1392952</X509SerialNumber></X509IssuerSerial></X509Data>
#11329
Posted: 10/13/2009 04:08:46
by Dmytro Bogatskyy (EldoS Corp.)

Quote
one questions about OIDs, what is it ?
because if I display OIDs[0..2] I get 3 values :
'U'#4#$A
'U'#4#3
'U'#4#6

I have supposed it should be O, CN, C like in xml example.

These values are object identifiers.
CN or commonName have an OID: 2.5.4.3, or in binary view is what you see.
You should use SB_CERT_OID_COMMON_NAME constant to get values.
See: https://www.eldos.com/documentation/sb...ctrdn.html
Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages

Reply

Statistics

Topic viewed 3504 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!