EldoS | Feel safer!

Software components for data protection, secure storage and transfer

"Secret key nor found"

Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.
#12563
Posted: 02/23/2010 09:38:15
by GUSTAVO BAEZ (Standard support level)
Joined: 06/10/2009
Posts: 7

Hello, greetings to all!

I need your help once again.

Almost a year ago I turned to you to help me to convert a file with .CER extension,into another one with .PFX extension.

Everything worked fine until today. Today, after doing the conversion,
I used the resulting file (PFX) to sign a string and generate a digital stamp.

There was not any problem until today, instead of getting results in the digital seal the result is a message that says: "Secret key not found".

The conversion of .CER file to a .PFX was successful (or at least I think).To build the .PFX is required a .CER file, a .KEY file too and a password.

If the file .KEY or password are not correct, the routine generates an error message and no conversion takes place, however if I could generate the PFX file without problem.

The question is why I get this error message ("Secret key not found") instead of the digital stamp?

Any idea?

Thank you very much for everything, and I hope I you can help me again!

------------------------------------------------------------------------------
This segment of code that generates the digital seal
------------------------------------------------------------------------------
function ObtenSelloDigital(stMyString,stPFXfile,password:string):string;
var myFile : TextFile;
InputFile : String;
OutputFile : String;
stSelloDigital : String;
stMD5 : String;
stB64 : String;
begin

if fileExists(stPFXfile) then begin
// Hash MD5
stMD5 := stMyString;
stMD5 := CalcHash2(stMyString,haMD5);
// Base64 encoding
stB64 := B64Encode(stMD5);
// Generate _InputFile B64 encoded
InputFile := ExtractFileDir(stPFXfile) + '\ORI_' + FechaHora() + '.TXT';
OutPutFile := ExtractFileDir(stPFXfile) + '\SGN_' + FechaHora() + '.TXT';
AssignFile(myFile,InputFile);
Rewrite(myFile);
Writeln(myFile,stB64);
CloseFile(myFile);
// Sign inputFile
result := DoSignDetached(InputFile, OutputFile, stPFXfile, password);
end else result := 'Imposible generar el Sello Digital: NO EXISTE EL ARCHIVO ['+stPFXfile+']';
end;
-----------------------------------------------------------------------------


-----------------------------------------------------------------------------
This segment of code that converts a CER into a PFX
-----------------------------------------------------------------------------
function ConvertCerToPFX(KEYfile, CERfile, PFXfile,password:string):boolean;
var
P8 : TElPKCS8PrivateKey;
R : integer;
F : TFileStream;
Cert : TElX509Certificate;
KM : BufferType;
begin
P8 := TElPKCS8PrivateKey.Create();
result := false;
try
F := TFileStream.Create(KEYfile, fmOpenRead);
try
R := P8.LoadFromStream(F, password);
Assert(R = 0);
finally
FreeAndNil(F);
end;

Cert := TElX509Certificate.Create(nil);
try
F := TFileStream.Create(CERfile, fmOpenRead);
try
Cert.LoadFromStream(F);
finally
FreeAndNil(F);
end;
KM := P8.KeyMaterial;
Cert.LoadKeyFromBuffer(@KM[1], Length(KM));

F := TFileStream.Create(PFXfile, fmCreate);
try
Cert.SaveToStreamPFX(F, password);
result := true;
finally
FreeAndNil(F);
end;
finally
FreeAndNil(Cert);
end;
finally
FreeAndNil(P8);
end;
end;
#12605
Posted: 02/25/2010 09:25:22
by GUSTAVO BAEZ (Standard support level)
Joined: 06/10/2009
Posts: 7

Sorry to insist, but I need at least an idea what could be the problem to fix, thank you very much! Have a nice day
#12606
Posted: 02/25/2010 10:24:45
by Ken Ivanov (EldoS Corp.)

Thank you for contacting us and sorry for the delay.

The first thing to check is to check the value of TElX509Certificate.PrivateKeyExists property after loading the certificate from a PFX file. It will let you know whether the private key is there (and thus whether the certificate has been converted correctly).
#12613
Posted: 02/26/2010 11:35:03
by GUSTAVO BAEZ (Standard support level)
Joined: 06/10/2009
Posts: 7

Thanks for your answer. I was testing with the property "TElX509Certificate.PrivateKeyExists" to check whether or not the certificate has the private key. Apparently it brings, then what is the second step to try?

Can I upload my files ( ". Cer". "Key" and "password) to tell me I'm doing wrong?
#12614
Posted: 02/26/2010 11:44:28
by Ken Ivanov (EldoS Corp.)

Yes, having those items would help much.
#12615
Posted: 02/26/2010 12:02:02
by GUSTAVO BAEZ (Standard support level)
Joined: 06/10/2009
Posts: 7

...any idea what could be the problem? How can I determine that the certificate is wrong?
#12658
Posted: 03/02/2010 21:38:59
by GUSTAVO BAEZ (Standard support level)
Joined: 06/10/2009
Posts: 7

...any idea what could be the problem? How can I determine that the certificate is wrong?
#12659
Posted: 03/03/2010 01:36:29
by Ken Ivanov (EldoS Corp.)

I have answered to the ticket you have posted the files to. As the investigation of the issue might require further file exchange, let's continue the conversation there.
#12720
Posted: 03/04/2010 19:20:03
by GUSTAVO BAEZ (Standard support level)
Joined: 06/10/2009
Posts: 7

Indeed, you were right, the certificate and private key did not match with each other. Ultimately the error was in the way which was processed and delivered these files, luckily that was it, a misunderstanding. Again, thank you very much!

Greetings for all!
#12803
Posted: 03/16/2010 11:03:21
by GUSTAVO BAEZ (Standard support level)
Joined: 06/10/2009
Posts: 7

Helpme again, please! I'm lost!

Since the beginning: I have a string and I need to sign it. I have a file for it "Key" and a password and with these 3 elements must be able to encrypt it.

What PKI functions I use to achieve that?

Previously used my certificate file. "CER", the private key. 'KEY' and with those 2 generated a third party. "PFX" with which he was signing, but apparently that is not the case :-(

... please help!
Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.

Reply

Statistics

Topic viewed 6412 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!