EldoS | Feel safer!

Software components for data protection, secure storage and transfer

SubjectKeyIdentifier from CertificateRequest

Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.
#24429
Posted: 04/03/2013 09:02:20
by David Eršil (Standard support level)
Joined: 01/15/2013
Posts: 34

Hi,

I would like to ask you for help with following:

I am creating PKCS10 certificate request (using TElCertificateRequest class) to be sent to CA. This works fine, but I also need to get (and store) public key's SubjectKeyIdentifier for future use, as it is needed by the CA when fetching the newly issued certificate.
I know I can obtain SKID from certificate extension somehow, but am I able to get it directly from the request?

Thank you for your help.
David
#24431
Posted: 04/03/2013 09:06:27
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you for contacting us.

You can use TElCertificateRequest.Extensions.SubjectKeyIdentifier to retrieve it.
#24434
Posted: 04/03/2013 09:38:03
by David Eršil (Standard support level)
Joined: 01/15/2013
Posts: 34

Thank you, Vsevolod. It seems so easy now :)

However, even if I "include" the ceSubjectKeyIdentifier into extensions before generating the request, when I try to access it, I get only two bytes of SKID (4 and 0), which seems odd to me. I would expect it to be much longer, even the help says that SBB uses SHA-1 hash...

My code is as following, should it be of any help:
Code
request.Extensions.Included |= SBX509Ext.Unit.ceSubjectKeyIdentifier;
await request.GenerateAsync(nAlgorithm, nKeySize, nHash);
byte[] skid = request.Extensions.SubjectKeyIdentifier.Value;


I thought I might be using wrong property, but SubjectKeyIdentifier.KeyIdentifier has 0 bytes. And, to be complete, SubjectKeyIdentifier.OID has 3 bytes.
#24446
Posted: 04/04/2013 01:24:22
by Vsevolod Ievgiienko (EldoS Corp.)

Sorry, I forgot to write that you should also add croGenerateKeyIdentifier to TElCertificateRequest.Options. This option will force the component to generate SKID automatically.
#24447
Posted: 04/04/2013 02:34:07
by David Eršil (Standard support level)
Joined: 01/15/2013
Posts: 34

Yup, it seems to be working now :)
Thank you very much!
Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.

Reply

Statistics

Topic viewed 581 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!