EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Access violation in CryptoTokenManagerDemo

Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.
#14061
Posted: 08/02/2010 02:26:16
by Jesus Garcia (Standard support level)
Joined: 05/23/2010
Posts: 15

I'm using CryptoTokaneManagerDemo with one SIEMENS CARD OS API version 1.1. When i run the application and open a Session, i'm getting and exception with the message CKR_FUNCTION_NOT_SUPPORTED in function C_GetObject size, after that, the pin is required, and then another exception is raised with the error CKR_OPERATION_ACTIVE in function C_FindObjectsInit, and after that and access violation at address XXXXXXXX.

CryptoTokenDemo runs fine.
#14063
Posted: 08/02/2010 03:56:45
by Ken Ivanov (EldoS Corp.)

Thank you for contacting us.

It seems that the driver of the token does not expose some PKCS#11 functions. Could you please check if CryptoTokenDemo sample (not CryptoTokenManagerDemo) exposes the same problem?
#14067
Posted: 08/02/2010 05:07:19
by Jesus Garcia (Standard support level)
Joined: 05/23/2010
Posts: 15

Hello, CryptotokenDemo runs fine.
#14068
Posted: 08/02/2010 05:10:46
by Ken Ivanov (EldoS Corp.)

Thank you for checking. And what exactly task you need to achieve with the components? Would TElPKCS11CertStorage class (used in CryptoTokenDemo) fit it?
#14070
Posted: 08/02/2010 06:13:30
by Jesus Garcia (Standard support level)
Joined: 05/23/2010
Posts: 15

Hello, i bought the component on the end of last year for a project. Now i'm starting to use them and i was checking the examples. The users of the application has certificates in a card and uses Siemens CardOS API. I'm going to use the components for:

1. User login in win32 application. When the user executes the application, can use username and password or a certificate stored in a card.

2. Sign PDF. The application create PDF reports and has to be signed.

3 The applications save data in tables of and Interbase Database. The user has to sign record of a table of the database and store in a field the signature of each record.

4. The user fills a request in a Web Page. When the user post the data, i have to create an XMLDocument with it and sign the XML document with the user certificate. I don't Know if i can create an activex component to do it or is better to use capicom.
#14071
Posted: 08/02/2010 06:31:39
by Ken Ivanov (EldoS Corp.)

Quote
1. User login in win32 application. When the user executes the application, can use username and password or a certificate stored in a card.

Yes. Certificates can be managed directly via TElPKCS11CertStorage object and its Add(), Remove() and other methods. As for the objects of different types (raw keys, user data), please use methods and properties of the active TElPKCS11SessionInfo object (Objects[], ObjectCount, AddObject(), ...).

Quote
2. Sign PDF. The application create PDF reports and has to be signed.

Simply add the desired certificate from TElPKCS11CertStorage to a TElMemoryCertStorage object and assign the latter to TElPDFPublicKeySecurityHandler.CertStorage property, as it is done in the TinySigner sample with TElWinCertStorage object.

Quote
3 The applications save data in tables of and Interbase Database. The user has to sign record of a table of the database and store in a field the signature of each record.

This can be done in a number of different ways. For instance, you can use TElMessageSigner to create PKCS#7/CMS-compliant signatures.

Quote
4. The user fills a request in a Web Page. When the user post the data, i have to create an XMLDocument with it and sign the XML document with the user certificate. I don't Know if i can create an activex component to do it or is better to use capicom.

Well, CAPICOM is actually implemented with the use of ActiveX technology. As SBB offers out-of-the-box support for XML signatures, designing a custom ActiveX object seems a preferred way for me.
#14072
Posted: 08/02/2010 06:50:46
by Jesus Garcia (Standard support level)
Joined: 05/23/2010
Posts: 15

Quote
Innokentiy Ivanov wrote:
Quote
3 The applications save data in tables of and Interbase Database. The user has to sign record of a table of the database and store in a field the signature of each record.

This can be done in a number of different ways. For instance, you can use TElMessageSigner to create PKCS#7/CMS-compliant signatures.


I was thinking in create a HASH code with the content of the fields in the record, sign the hash code and save the digital signature in a varchar field of that record. Some users can sign around 100.000 records a day and i don't want to save in each record public key, user data, etc. How is the best way to do it with the components?
#14073
Posted: 08/02/2010 07:22:48
by Ken Ivanov (EldoS Corp.)

That is another possible solution. Please use TElRSAPublicKeyCrypto (see PKIBlackbox\Primitives\Sign\ sample) to create raw PKCS#1-compliant signatures.
#14074
Posted: 08/02/2010 07:40:03
by Jesus Garcia (Standard support level)
Joined: 05/23/2010
Posts: 15

With a detached signature, to verify it i need public data of the certificated that signed the document.

How can i extract the information of the certificate needed to verify a detached sign?

Thank you for your support.
#14075
Posted: 08/02/2010 07:55:28
by Ken Ivanov (EldoS Corp.)

Use TElX509Certificate.GetPublicKeyBlob() method. You can pass the obtained public key blob later to TElRSAKeyMaterial.LoadPublic() method to initialize the key material object instance with the appropriate public key data.
Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.

Reply

Statistics

Topic viewed 3069 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!