EldoS | Feel safer!

Software components for data protection, secure storage and transfer

SubjectKeyIdentifier from CertificateRequest

Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.
Posted: 04/03/2013 09:02:20
by David Eršil (Standard support level)
Joined: 01/15/2013
Posts: 35


I would like to ask you for help with following:

I am creating PKCS10 certificate request (using TElCertificateRequest class) to be sent to CA. This works fine, but I also need to get (and store) public key's SubjectKeyIdentifier for future use, as it is needed by the CA when fetching the newly issued certificate.
I know I can obtain SKID from certificate extension somehow, but am I able to get it directly from the request?

Thank you for your help.
Posted: 04/03/2013 09:06:27
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you for contacting us.

You can use TElCertificateRequest.Extensions.SubjectKeyIdentifier to retrieve it.
Posted: 04/03/2013 09:38:03
by David Eršil (Standard support level)
Joined: 01/15/2013
Posts: 35

Thank you, Vsevolod. It seems so easy now :)

However, even if I "include" the ceSubjectKeyIdentifier into extensions before generating the request, when I try to access it, I get only two bytes of SKID (4 and 0), which seems odd to me. I would expect it to be much longer, even the help says that SBB uses SHA-1 hash...

My code is as following, should it be of any help:
request.Extensions.Included |= SBX509Ext.Unit.ceSubjectKeyIdentifier;
await request.GenerateAsync(nAlgorithm, nKeySize, nHash);
byte[] skid = request.Extensions.SubjectKeyIdentifier.Value;

I thought I might be using wrong property, but SubjectKeyIdentifier.KeyIdentifier has 0 bytes. And, to be complete, SubjectKeyIdentifier.OID has 3 bytes.
Posted: 04/04/2013 01:24:22
by Vsevolod Ievgiienko (EldoS Corp.)

Sorry, I forgot to write that you should also add croGenerateKeyIdentifier to TElCertificateRequest.Options. This option will force the component to generate SKID automatically.
Posted: 04/04/2013 02:34:07
by David Eršil (Standard support level)
Joined: 01/15/2013
Posts: 35

Yup, it seems to be working now :)
Thank you very much!
Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.



Topic viewed 610 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!