EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Need help: How to deal with PEM file?

Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.
#15106
Posted: 11/23/2010 03:58:14
by Steven Jiang (Basic support level)
Joined: 11/23/2010
Posts: 2

Hi, I am just starting learning secureblackbox. And here is my case: i have a PEM file(not encryped) with a pass phrase provided by someone who set up the SSL enabled server.
And I am now trying to use secureblackbox to do a HTTPS GET with the server. How should I achieve it?
I now put a ElHTTPSClient1 and a ElFileCertStorage1(file name set to the PEM file), link ElFileCertStorage1 to ElHTTPSClient1 and called ElHTTPSClient1.Get(https://server...), but it failed, per the captured packet flow I find like:
client hello
server hello
certificate request, server hello done
client: certificate
server: handshake failure
client: client key exchange
server then restore the connection

Can someone help me out? many thanks!

BTW, when I open PEM file with editor, it includes following info:
Certificate:
Data:
..........
Subject Public Key Info:
..........
-----BEGIN CERTIFICATE-----
.....
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
.....
-----END RSA PRIVATE KEY-----
-----BEGIN PUBLIC KEY-----
....
-----END PUBLIC KEY-----
#15107
Posted: 11/23/2010 04:20:36
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

Hi. That PEM file is not a certificate storage, and contains only one certificate.
You should load TElX509Certificate from that PEM file (using, for example, LoadFromFileAuto), check if function returns 0, and check .PrivateKeyExists property to make sure that it was loaded successfully.
#15108
Posted: 11/23/2010 07:21:49
by Steven Jiang (Basic support level)
Joined: 11/23/2010
Posts: 2

Quote
Mykola Olshevsky wrote:
Hi. That PEM file is not a certificate storage, and contains only one certificate.
You should load TElX509Certificate from that PEM file (using, for example, LoadFromFileAuto), check if function returns 0, and check .PrivateKeyExists property to make sure that it was loaded successfully.


Thanks, I now put a ElX509Certificate1 there, but I can only find LoadFromStreamPEM, there is no LoadFromFileAuto, my SecureBlackbox version is 5.1, the return of LoadFromFileAuto is 0, but PrivateKeyExists is false...
and the https get still failed

here is my code block:
Code
  getPath := 'C:\cert.pem';
  getStream := TFileStream.Create(getPath, fmOpenRead);
  if form1.ElX509Certificate1.LoadFromStreamPEM(getStream,'test') = 0 then
  form1.Memo1.Lines.Append('LoadFromStreamPEM returns 0!');
  if ElX509Certificate1.PrivateKeyExists then form1.Memo1.Lines.Append('PrivateKeyExists true')
  else form1.Memo1.Lines.Append('PrivateKeyExists false');
  form1.ElHTTPSClient1.Get('https://192.168.1.1/XXX/');
#15109
Posted: 11/23/2010 07:40:09
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

5.1 is quite old version of SBB. Please download the latest one, it also includes samples for HTTPS requests.

Reply

Statistics

Topic viewed 1339 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!