EldoS | Feel safer!

Software components for data protection, secure storage and transfer

How does one set the cryptographic provider?

Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.
#1662
Posted: 11/15/2006 00:05:33
by David Cross (Basic support level)
Joined: 09/23/2006
Posts: 3

My HSM vendor has a compatable microsoft cryptographic provider that supposedly will allow a program that can access cryptographic providers to sign certs with the keys on the HSM. I guess i need to find out in what context SBB can select the provider so I can determine if I could make the custom provider work in the signing process.

It sounds like in the documentation that the crypto provider setting may only be used in storing a certificate to a specific location?

I'm using Delphi and I can set the custom provider to "default" so that if I set the provider in SBB to Default that should select the "custom" provider I want. I guess I need to know what SBB objects deal with the provider and how to set it and or when to set it in the cert creation process.

Thanks!

#1663
Posted: 11/15/2006 02:18:14
by Ken Ivanov (EldoS Corp.)

SecureBlackbox can access certificates stored on cryptographic devices in two ways, (a) using CryptoAPI, and (b) using PKCS#11 interface provided by the device driver. The corresponding classes are (a) TElWinCertStorage and (b) TElPKCS11CertStorage. These storage classes transparantly map certificates stored on device to TElX509Certificate class, so in most cases you do not need to know, where exactly the particular certificate is stored (either in memory, in Windows system store or on crypto token). All the cryptographic operations are performed on lower level, i.e. application just needs to call e.g. Generate() method, and SecureBlackbox redirects this call to the appropriate cryptographic provider.

Most of cryptographic devices map certificates stored on them to the 'MY' system certificate store, so you can access your certificate using TElWinCertStorage object with SystemStores property set to 'MY' value.

You can also configure the use of custom provider using AccessType, Provider and StorageType properties of TElWinCertStorage object.

Reply

Statistics

Topic viewed 2486 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!