EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Question concerning certificates

Posted: 02/18/2010 06:13:00
by neil young (Standard support level)
Joined: 11/05/2007
Posts: 96

Hold on, probably in GenerateCert.cs, below line 1213? :) Can this extension also
be set for non-selfsigned certs?

UPDATE: ARGHGHHG, my version does not have SBX509Ext.Unit.gnRFC822Name...
Found this:
Cert.Extensions.SubjectAlternativeName.Content.get_Names(0).NameType = SBX509Ext.TSBGeneralName.gnRFC822Name;

Posted: 02/18/2010 06:47:23
by Ken Ivanov (Team)

The standard declares a signature as following:
struct {
SignatureAndHashAlgorithm algorithm;
SignerIdentity identity;
opaque signature_value<0..2^16-1>;
} Signature;

Entities like "signature, hash algorithm" pair or "opaque signature value" (i.e. direct cryptographic parameters references) are only used on the lowest possible level of digital signing task. The only specification that fills this level is PKCS#1. All other signature standards (PKCS#7, CMS, CAdES) work on higher level and deal with more abstract terms. Actually, a reference to TLS SignatureAlgorithm Registry confirms this.

The only requirement for certificate extension setup is that it must be performed before Generate() method is called. In particular, it can be performed at the following location:
Cert.SubjectRDN.set_OIDs(5, SBUtils.Unit.SB_CERT_OID_COMMON_NAME);
Cert.SubjectRDN.set_Values(5, SBUtils.Unit.BytesOfString(edtCommonName.Text));
Cert.ValidFrom = dtpFrom.Value;
Cert.ValidTo = dtpTo.Value;
... <------ here

Extensions can be set up in the above way for both self-signed and CA-signed certificates.
Posted: 02/18/2010 07:12:25
by neil young (Standard support level)
Joined: 11/05/2007
Posts: 96

Yes, thanks. Found that already. To be continued...

Thanks so far. That was very helpful (as ever).



Topic viewed 3833 times

Number of guests: 2, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!