EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Question concerning certificates

Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.
Posted: 02/18/2010 06:13:00
by neil young (Standard support level)
Joined: 11/05/2007
Posts: 96

Hold on, probably in GenerateCert.cs, below line 1213? :) Can this extension also
be set for non-selfsigned certs?

UPDATE: ARGHGHHG, my version does not have SBX509Ext.Unit.gnRFC822Name...
Found this:
Cert.Extensions.SubjectAlternativeName.Content.get_Names(0).NameType = SBX509Ext.TSBGeneralName.gnRFC822Name;

Posted: 02/18/2010 06:47:23
by Ken Ivanov (EldoS Corp.)

The standard declares a signature as following:
struct {
SignatureAndHashAlgorithm algorithm;
SignerIdentity identity;
opaque signature_value<0..2^16-1>;
} Signature;

Entities like "signature, hash algorithm" pair or "opaque signature value" (i.e. direct cryptographic parameters references) are only used on the lowest possible level of digital signing task. The only specification that fills this level is PKCS#1. All other signature standards (PKCS#7, CMS, CAdES) work on higher level and deal with more abstract terms. Actually, a reference to TLS SignatureAlgorithm Registry confirms this.

The only requirement for certificate extension setup is that it must be performed before Generate() method is called. In particular, it can be performed at the following location:
Cert.SubjectRDN.set_OIDs(5, SBUtils.Unit.SB_CERT_OID_COMMON_NAME);
Cert.SubjectRDN.set_Values(5, SBUtils.Unit.BytesOfString(edtCommonName.Text));
Cert.ValidFrom = dtpFrom.Value;
Cert.ValidTo = dtpTo.Value;
... <------ here

Extensions can be set up in the above way for both self-signed and CA-signed certificates.
Posted: 02/18/2010 07:12:25
by neil young (Standard support level)
Joined: 11/05/2007
Posts: 96

Yes, thanks. Found that already. To be continued...

Thanks so far. That was very helpful (as ever).



Topic viewed 3676 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!