EldoS | Feel safer!

Software components for data protection, secure storage and transfer

SerialNumber changes is size

Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.
#15758
Posted: 02/15/2011 07:03:29
by Rodrigo Garcia (Basic support level)
Joined: 02/15/2011
Posts: 2

Hello,

I am using SecureBlackbox version 8.0.176.21198 with .NET Framework 4.0 and I have a method which generates a certificate from a certificate Request, but I have a problem with the serial number.Sometimes, it changes its size, placing two 00 before the original serial number.
Here is the code of the method:
Code
public CertificateInfo GenerateCertificateFromRequest(X509Certificate2 issuer, LicenseBase lic, string serialNumber, byte[] certRequest) {

TElX509CertificateEx cert = new TElX509CertificateEx();
cert.ValidFrom = DateTime.Today.AddHours(-1);
cert.ValidTo = new DateTime(2020, 1, 1);
cert.SerialNumber = CertificatesHelper.ConvertSerialNumber(serialNumber);
cert.Extensions.SubjectDirectoryAttributes.Attributes.Count++;
            cert.Extensions.SubjectDirectoryAttributes.Attributes.set_Attributes(0, SBUtils.Unit.BytesOfString(licData));
cert.Extensions.Included |= 0x800000;

string password=CertificatesHelper.GeneratePassword();
byte[] caCertBuffer = issuer.Export(X509ContentType.Pfx, password);

TElX509CertificateEx CertCA = new TElX509CertificateEx();
CertCA.LoadFromBufferPFX(caCertBuffer, password);

TElCertificateRequest request = new TElCertificateRequest();
request.LoadFromBufferPEM(certRequest);          
          
if (request.ValidateSignature()) {
     CertificatesHelper.SetStandardOIDValues(request.Subject, lic, CvsCertificateType.MCG);
//Calling the following method, changes the field cert.SerialNumber sometimes
     CertCA.Generate(request, cert);
            
//cert.SerialNumber = CertificatesHelper.ConvertSerialNumber(serialNumber); --> //doesn't solve the problem

     X509Certificate2 certGenerated = cert.ToX509Certificate2(false);
     return certGenerated;
  }
  else{
      return null;
  }

}
public static byte[] ConvertSerialNumber(string serialNumber) {
            List<string> listSubstring = new List<string>();  
            for (int i = 0; i < 13; i++) {
                listSubstring.Add(serialNumber.Substring(i * 2, 2));
            }
            byte[] serial = new byte[13];
            for (int i = 0; i < 13; i++) {
                serial[i] = Convert.ToByte(listSubstring[i], 16);
            }
            return serial;
        }


After calling CertCA.Generate(request, cert) the field cert.SerialNumber changes its size and places a byte set to zero in the first position.
So the content of the field looks like this:
{byte[13]}
[0]: 182
[1]: 166
[2]: 239
[3]: 216
[4]: 133
[5]: 37
[6]: 32
[7]: 233
[8]: 102
[9]: 46
[10]: 56
[11]: 17
[12]: 238

and after calling that method:

{byte[14]}
[0]: 0
[1]: 182
[2]: 166
[3]: 239
[4]: 216
[5]: 133
[6]: 37
[7]: 32
[8]: 233
[9]: 102
[10]: 46
[11]: 56
[12]: 17
[13]: 238

What can I be doing wrong? The problem doesn't happen always.

Thanks in advance
#15759
Posted: 02/15/2011 07:45:48
by Ken Ivanov (EldoS Corp.)

Thank you for contacting us.

According to the X.509 specification, serial number should be an unsigned integer, i.e. it cannot start with a byte greater or equal to 0x80. This way, our implementation "fixes" incorrect serial numbers by prepending them with zeroes to make them non-negative.
#15760
Posted: 02/15/2011 08:52:20
by Rodrigo Garcia (Basic support level)
Joined: 02/15/2011
Posts: 2

Hello Innokentiy,

You solved my problem!!!! Thank you so much for your help!!

Reply

Statistics

Topic viewed 920 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!