EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Evaluating - some question

Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.
#25071
Posted: 05/27/2013 13:01:32
by Toni Santa (Standard support level)
Joined: 05/27/2013
Posts: 57

Hi,
I'm evaluating your SecureBlackbox. I'ld like to generate signed p7m-files with use of certificates loaded from smartcard or USB-Tokens. Do you have such sample?

Trying your "MessagesDemo"-project and loading a certificate from a .cer-file I receive an error "Invalid certificate data". The certificate should be used to encrypt files. The certificate are downloaded from this http://www.processotelematico.giustizia.it/pdapublic/resources/file/CertificatiCifratura/ side. Where do I mistake?

best regards
Toni
#25073
Posted: 05/27/2013 13:12:07
by Eugene Mayevski (EldoS Corp.)

Certificate files in question are in PEM format but have CER extension, which is normally used for certificates in binary DER format. Consequently, when loading the certificate(s) to the demo, you need to choose PEM format. If you choose CER format, loading method will fail as, obviously, the file is not in DER format.

TElX509Certificate class has LoadFrom*Auto() methods which try to guess the format, but the samples don't use these methods.


Sincerely yours
Eugene Mayevski
#25074
Posted: 05/27/2013 13:15:19
by Toni Santa (Standard support level)
Joined: 05/27/2013
Posts: 57

Hi Ken,
hmm. As said, the .cer-file should be used not for signing but only for encrypting. The "giustizia.it" says I've to use this files, the only available. There are no pfx or pem to download.
Toni
#25075
Posted: 05/27/2013 13:20:11
by Ken Ivanov (EldoS Corp.)

Toni,

So what do you want to achieve? Do you want to sign or encrypt files? The certificates from the link can only be used for encryption as they don't contain any private keys. Please load them as Eugene suggested.
#25076
Posted: 05/27/2013 13:30:38
by Toni Santa (Standard support level)
Joined: 05/27/2013
Posts: 57

Hi Ken, Eugene,
thank you for your outstanding speed in responding.
Sorry to have asked two different question within the same topic. For question two (.cer-file) after renaming the .cer to .pem the encrypting process works fine.

For the signing process (creation of p7m) a demo showing the use of certifates loaded from a smartcard or usb-token would be appreciated.

Best regards
Toni
#25077
Posted: 05/27/2013 14:32:48
by Ken Ivanov (EldoS Corp.)

Toni,

Please have a look at the CertTokenDemo sample. It illustrates general aspects of work with PKCS#11 smart cards, as well as using smart card certificates for signing with TElMessageSigner component.
#25085
Posted: 05/28/2013 03:30:45
by Toni Santa (Standard support level)
Joined: 05/27/2013
Posts: 57

Hi Ken,
do you mean the projects in folders of Samples\Delphi\PKIBlackbox\PKCS11? The "available slots"-lookup is empty, when doing a "File - Open" a .dll is asked. What will I've to select?
The smartcard-reader is attached, smartcard present and working fine with other software like Dike.exe.
Toni
#25086
Posted: 05/28/2013 03:40:14
by Ken Ivanov (EldoS Corp.)

Hello Toni,

Certificates stored on HSMs can be accessed in two different ways, either through a native PKCS#11 driver DLL (that's what the sample is asking you about), or through a Windows CryptoAPI CSP which maps smart card originating certificates to your Windows certificate stores. First of all you need to choose which approach suits your application more and proceed with it.

To access certificates through a system store and not through a lower-level PKCS#11 driver please use the TElWinCertStorage component instead of TElPKCS11CertStorage. Some code illustrating the use of this component is available the PDFBlackbox TinySigner sample. In short, you first need to add the 'MY' store to the SystemStores list and then iterate over the Certificates[] list to find the right certificate. In all other aspects the use of TElMessageSigner component is the same as it is for other certificate storage types.
Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.

Reply

Statistics

Topic viewed 1354 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!