EldoS | Feel safer!

Software components for data protection, secure storage and transfer

SSL connection with smart card certificate

Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.
Posted: 05/01/2012 07:26:16
by Darko Karamarko (Standard support level)
Joined: 03/02/2012
Posts: 3


I have a need to establish secure SSL connection with pkcs#11 certificate on smart card, so I don't have cert & key pair in files as expected in SSL examples.

There is example how to access certificate on smart card, no problem here,
but I'm missing SSL example how to establish connection with such.

If making whole example would be too much I'll be happy with some code snippet for that part, with C# language.

Appreciate your time, many thanks
Darko Karamarko
Posted: 05/01/2012 08:13:37
by Ken Ivanov (EldoS Corp.)

Thank you for contacting us.

There is almost no difference in using certificates originating from files and smart cards for SSL negotiation. Basically, you take a TElX509Certificate object, put it to a TElMemoryCertStorage, and assign the latter to the client's CertStorage property. The main difference is the origin of that TElX509Certificate object. While in the case of a file-based certificate you create and initialize this object manually, in smart card case you take an already initialized certificate object from TElPKCS11CertStorage object. That is, the code will look somewhat like the following:
// opening the storage
TElPKCS11CertStorage smartCardStorage = new TElPKCS11CertStorage();
smartCardStorage.DLLName = <path to PKCS#11 DLL>;
TElPKCS11SessionInfo sessInfo = smartCardStorage.OpenSession(...);

// retrieving the appropriate certificate and adding it to new storage
TElX509Certificate cert = smartCardStorage.get_Certificates(...);
TElMemoryCertStorage clientStorage = new TElMemoryCertStorage();
clientStorage.Add(cert, true);

// binding the memory storage to the client
TElSimpleSSLClient client = new TElSimpleSSLClient();
client.CertStorage = clientStorage;

// running all the needed SSL connections
// ...

// closing the storages
Posted: 05/01/2012 11:36:22
by Darko Karamarko (Standard support level)
Joined: 03/02/2012
Posts: 3

Hi Innokentiy,

Many thanks for code and explanation,
which one of existing SSL examples should be better as a starting point here?

Kind Regards
Darko Karamarko
Posted: 05/01/2012 11:48:17
by Ken Ivanov (EldoS Corp.)

It depends on the service you aim to connect to. If it's an HTTPS (HTTP over SSL) service, TElHTTPSClient object and HTTPGet sample (Users\Public\Documents\EldoS\SecureBlackbox.NET\Samples\C#\HTTPBlackbox\Client\HTTPGet\) would be the best to start with. For a plain SSL service, use SimpleSSLClient sample (Users\Public\Documents\EldoS\SecureBlackbox.NET\Samples\C#\SSLBlackbox\Client\SimpleSSLClient\).



Topic viewed 1347 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!