EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Adding certificate to windows repository without opening Dialog

Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.
#25769
Posted: 07/23/2013 06:49:45
by Rodrigo Godinho Palhano (Standard support level)
Joined: 04/26/2012
Posts: 12

Hello there,

we have an use case where the client doesn't want to install his .pfx certificate. In our HTTP tier, we use wininet. So to configure the certificate into the connection we need a pointer to CERT_CONTEXT structure. When the certificate is installed, we can use TElX509Certificate.certhandle to get this structure. But when it's not, certhandle returns nil. So what I'm trying to do is add the certificate to the repository, then get it from the TElWinCertStorage, so I can have certhandle.

here is a excerpt of the code:

Code
FCertSBB := TElX509Certificate.Create(nil);
FCertSBB.LoadFromStreamPFX(_stream, FPasswordCertificate);
if not fStore.IsPresent(FCertSBB) then
  fStore.Add(FCertSBB,True);
_certIndex := fStore.IndexOf(FCertSBB);
_cert := fStore.Certificates[_certIndex];
FContextoSBB := _cert.CertHandle;


This works, but it opens a windows dialog to the user asking about the private key of a certificate. We do not want that, so I've tried the following:

Code
FCertSBB := TElX509Certificate.Create(nil);
FCertSBB.LoadFromStreamPFX(_stream, FPasswordCertificate);
if not fStore.IsPresent(FCertSBB) then
  fStore.Add(FCertSBB,False);
_certIndex := fStore.IndexOf(FCertSBB);
_cert := fStore.Certificates[_certIndex];
_stream.Seek(0,soBeginning);
_cert.LoadKeyFromStreamAuto(_stream,FPasswordCertificate,0);
FContextoSBB := _cert.CertHandle;


The difference is in the Add method parameter copyprivatekey. I try to load the key with LoadKeyFromStreamAuto expecting to set the private key for the certificate in the repository, without opening the windows dialog. I don't know if that will work because when I use LoadKeyFromStreamAuto it says that the file isn't in PEM format. More specifically, it raises EELPEMERROR "Invalid file format (possibly not a PEM?) (error code is 7425)". Then it raises another exception, EELX509ERROR "Invalid file format (possibly not a PVK?) (error code is 20481)".

I'm confused because in the documentation of LoadKeyFromStreamAuto it says "It recognizes the format automatically;" and "The supported formats are: DER, PEM, PFX, PVK, NET, PKCS#8."

So, I need clarification of what I'm doing wrong with the LoadKeyFromStreamAuto method and if what I'm trying to do (add certificate with private key to the windows repository without opening a dialog) is possible.
#25771
Posted: 07/23/2013 07:02:16
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you for contacting us.

LoadKeyFromStreamAuto raises a few exceptions and all of them are handled internally. You will not see them if you run the application outside the IDE and you can simply ignore them.

Please try to use another Add method overload:
Code
procedure Add(Certificate : TElX509Certificate; StoreName : string; CopyPrivateKey : boolean = true; Exportable : boolean = true; Protected : boolean = true);

and set StoreName to 'MY', CopyPrivateKey to 'true', Exportable to any value and Protected to 'false'.
#25772
Posted: 07/23/2013 07:31:30
by Rodrigo Godinho Palhano (Standard support level)
Joined: 04/26/2012
Posts: 12

Thanks for the fast reply, it worked!

Reply

Statistics

Topic viewed 973 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!