EldoS | Feel safer!

Software components for data protection, secure storage and transfer

PFX Password Invalid When Importing to Windows Store

Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.
#13660
Posted: 06/14/2010 18:30:44
by SJVAPCD Programmers (Standard support level)
Joined: 06/14/2010
Posts: 9

I am using SBB version 7.2.0.169. I created a PFX certificate using the code below. I can reopen the certificate via code and extract information from it fine using the password (12345) specified but when I double click on the PFX file and try to import it into the Windows certificate store, the password is invalid. I used Crypto4 to open the PFX file successfully to view it's properties using the password. It just doesn't work when importing the PFX to Windows store. Is there something missing in the construction of the PFX certificate in my code? I also attached the PFX file.

Code
Dim CACert As New SBX509.TElX509Certificate
        Dim cert As New SBX509Ex.TElX509CertificateEx
        Dim sigAlgorithm As Byte
        Dim CAfs As FileStream
        Dim CertStream As FileStream

        'Load the certificate authority that will be used to sign the subject certificate.
        CAfs = New FileStream(txtCACert.Text, FileMode.Open)
        CACert.LoadFromStreamPFX(CAfs, txtCAPassword.Text, CInt(CAfs.Length))
        CAfs.Close()

        'Set the CA in the subject certificate.
        cert.SetCACertificate(CACert)

        'Loads CA private key to buffer.
        Dim len As Integer = 4096
        Dim tmpbuf(4095) As Byte
        CACert.SaveKeyToBuffer(tmpbuf, len)
        Dim bufKey(len - 1) As Byte
        Dim i As Integer
        For i = 0 To len - 1
            bufKey(i) = tmpbuf(i)
        Next i

        'Set CA private key in subject certificate.
        cert.SetCAPrivateKey(bufKey)

        ' Set the subject certificate's attributes
        cert.ValidFrom = DateTime.Now
        cert.ValidTo = DateTime.Now.AddYears(5) 'Default certificate validatity to 5 years from current date.
        setRDNProperty(cert.SubjectRDN, ByteArrayFromBufferType(SBUtils.Unit.SB_CERT_OID_COUNTRY), txtCountry.Text.Trim)
        setRDNProperty(cert.SubjectRDN, ByteArrayFromBufferType(SBUtils.Unit.SB_CERT_OID_STATE_OR_PROVINCE), txtState.Text.Trim)
        setRDNProperty(cert.SubjectRDN, ByteArrayFromBufferType(SBUtils.Unit.SB_CERT_OID_LOCALITY), txtLocation.Text.Trim)
        setRDNProperty(cert.SubjectRDN, ByteArrayFromBufferType(SBUtils.Unit.SB_CERT_OID_ORGANIZATION), txtOrg.Text.Trim)
        setRDNProperty(cert.SubjectRDN, ByteArrayFromBufferType(SBUtils.Unit.SB_CERT_OID_ORGANIZATION_UNIT), txtJob.Text.Trim)
        setRDNProperty(cert.SubjectRDN, ByteArrayFromBufferType(SBUtils.Unit.SB_CERT_OID_COMMON_NAME), txtFullName.Text.Trim)
        setRDNProperty(cert.SubjectRDN, ByteArrayFromBufferType(SBUtils.Unit.SB_CERT_OID_EMAIL), txtEmail.Text.Trim)

        ' Tell the generator to include authority key ID and subject key id with keyusage specification to
        ' specify exactly the use of the certificate.
        cert.Extensions.Included = SBX509Ext.Unit.ceAuthorityKeyIdentifier Or SBX509Ext.Unit.ceSubjectKeyIdentifier _
        Or SBX509Ext.Unit.ceKeyUsage

        'Specify what the certificate will be use for.
        cert.Extensions.KeyUsage.NonRepudiation = True
        cert.Extensions.KeyUsage.DataEncipherment = True

        'Specify the encryption algorithm used for generating the subject public key.
        sigAlgorithm = SBUtils.Unit.SB_CERT_ALGORITHM_SHA1_RSA_ENCRYPTION
        cert.CAAvailable = True ' Indicate that the subject certificate will be signed by a CA.

        'Set the unique serial number assigned to the subject certificate.
        Dim encText As New System.Text.UTF8Encoding()
        Dim btText() As Byte
        btText = encText.GetBytes(txtSerial.Text.Trim)
        cert.SerialNumber = btText

        'Generate the subject certificate.  Set key length of public key to 2048bits.
        cert.Generate(sigAlgorithm, CShort(2048 \ 32))

        'Set the location where to save the newly generated certificate.
        CertStream = New FileStream(txtSaveTo.Text.Trim, FileMode.Create)

        'Save the newly generated subject certificate to file and protect it with the user's password.
        cert.SaveToStreamPFX(CertStream, "12345", SBConstants.Unit.SB_ALGORITHM_PBE_SHA1_3DES, SBConstants.Unit.SB_ALGORITHM_PBE_SHA1_RC4_128)

        CertStream.Close()


[ Download ]
#13666
Posted: 06/15/2010 07:02:38
by Ken Ivanov (EldoS Corp.)

Thank you for contacting us.

Windows only understands SB_ALGORITHM_PBE_SHA1_3DES and SB_ALGORITHM_PBE_SHA1_RC2_40 password-based key derivation algorithms. Please use the first one to encrypt the private key, and the second one to encrypt the certificate to make the PFX understandable by Windows.
#13681
Posted: 06/15/2010 10:29:51
by SJVAPCD Programmers (Standard support level)
Joined: 06/14/2010
Posts: 9

Thank you for the quick response and help. I took your advice and it works now.

Reply

Statistics

Topic viewed 1527 times

Number of guests: 2, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!