EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Extract Exponent , Modulus and public key from a pfx file

Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages
#26405
Posted: 09/12/2013 04:23:53
by Jacob jvandiermen (Standard support level)
Joined: 08/09/2013
Posts: 55

Hello Eldos,

For my project I have to extract the exponent , modulus and the public key from a pfx file. These value then have to be assigned to xml elements in a xml file. I have a x509KeyData object where the pfx file is loaded with method Certificate.LoadFromStreamPFX. I managed to extract the subjectname from the X509KeyData through the property Certificate.SubjectName. Further I have a RSAKeyData object that is already loaded with the pfx file with method RSAKeyData.RSAKeyMaterial.LoadSecret. I want to use the property PublicExponent and PublicModulus from the object RSAKeyData.RSAKeyMaterial but both properties are nil. Besides that I don't now how to extract the public key.
Also all the values must be string values so that I can assign them to the xml elements.

Regards,

Jacob
#26406
Posted: 09/12/2013 04:35:29
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you for contacting us.

Please use TElX509Certificate and its LoadFromStreamPFX method to load both public part and secret key of a certificate. Then use TElX509Certificate.GetRSAParams to extract RSA parameters and TElX509Certificate.GetPublicKeyBlob to extract a public key. All values may be converted to strings using SBUtils.BinaryToString method.
#26407
Posted: 09/12/2013 07:39:27
by Jacob jvandiermen (Standard support level)
Joined: 08/09/2013
Posts: 55

Hello Vsevolod Ievgiienko,

Thank you for the information.
I tried the following:
Code
x509Certificate:=  TElX509Certificate.Create(nil);
x509Certificate.LoadFromBufferPFX(certificateFileStream,
                                  certificateFileStream.Size,password);

x509Certificate.GetRSAParams(nil, modulusSize, nil, exponentSize);
SetLength(rsaExponent, exponentSize);
SetLength(rsaModulus, modulusSize);

if not x509Certificate.GetRSAParams(@rsaModulus[0], modulusSize,
                                    @rsaExponent[0], exponentSize) then
   begin
     modulusStringValue:= SBUtils.BinaryToString(@rsaModulus[0], modulusSize);
     exponentStringValue:= SBUtils.BinaryToString(@rsaExponent[0],  
                                                  exponentSize);
   end;

blobBufferType:= '';
  try
    hashFunction:= TElHashFunction.Create(SB_ALGORITHM_DGST_SHA1);
    try
      blobSize:= 0;
      x509Certificate.GetPublicKeyBlob(nil , blobSize);
      SetLength(blobBufferType, blobSize);
      x509Certificate.GetPublicKeyBlob(@blobBufferType[1] , blobSize);
      hashFunction.Update(@blobBufferType[1] , blobSize);
      blobBufferType := hashFunction.Finish();
      blobStringValue:= SBUtils.BinaryToString(@blobBufferType, blobSize);
    finally
      FreeAndNil(hashFunction);
    end;
  except
    ;
  end;

But the strange thing is that exponentSize,modulusSize & blobSize are all zero.
So I can't retrieve the modulus, exponenent or public key from the pfx file.
All the StringValues are empty!
By the way the pfx file has more then one certificate and was issued by Digisign. I want to use a specific certificate.

Regards,

Jacob
#26408
Posted: 09/12/2013 07:43:45
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

Does the .LoadFromBufferPFX return zero?
#26409
Posted: 09/12/2013 07:44:45
by Vsevolod Ievgiienko (EldoS Corp.)

First of all check the return value of LoadFromBufferPFX method. It should be equal to zero if loading procedure succeed. You should also check if the certificate contains an RSA keypair but not a keypair for some other algorithm.
#26411
Posted: 09/12/2013 08:36:50
by Jacob jvandiermen (Standard support level)
Joined: 08/09/2013
Posts: 55

Hello Vsevolod Ievgiienko & Mykola Olshevsky

The Certificate has a RSA keypair. When I use the pfx file in combination ot the password and KeyName in the SimpleSigner sample project it signs the xml file and I can see the exponent,modulus & public key of the certificate.
LoadFromBufferPFX returns not the value zero but the value 7937.
What am I doing wrong? I think that i must some how tell the TElX509Certificate wichh Keyname it must use!

Regards,

Jacob
#26413
Posted: 09/12/2013 08:40:50
by Eugene Mayevski (EldoS Corp.)

Quote
Jacob jvandiermen wrote:
x509Certificate.LoadFromBufferPFX(certificateFileStream, certificateFileStream.Size,password);


For me this code doesn't make a single bit of sense. Are you passing stream object as a pointer? That won't work of course.


Sincerely yours
Eugene Mayevski
#26414
Posted: 09/12/2013 08:44:56
by Jacob jvandiermen (Standard support level)
Joined: 08/09/2013
Posts: 55

Hello Eugene Mayevski,

certificateFileStream:= TFileStream.Create(fileNameCertificate, fmOPENREAD or fmShareDenyWrite );
Yes I pass a stream object as pointer.
In the SimpleSigner project
you have F := TFileStream.Create(frmSign.KeyFile, fmOpenRead or fmShareDenyWrite);
and then RSAKeyData.RSAKeyMaterial.LoadSecret(F);



I need these xml values:
<ds:Modulus>
<ds:Exponent>
<ds:X509Certificate>

Here is the output of the Simplesigner project when I use the pfx file with password en keyname = Stewart Muir.




<?xml version="1.0" encoding="utf-8"?><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#id-419889687">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>C+VEluYRIWUSjxyEs/KDdkvRp0E=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
Cb1nrnRTbXICeNJrfAclgS9pAMqBkv60nVtluF2nrWXKNkbtpfiHYh5x6+EcmVsp
2BaB84DLC7LnL/UzVG4GAgO8/BzUYZFNbV7w2/2JpqM7uFYE1Yw82s/Y0VvOVm6D
oKj+7DkjbhYEuwxQQmDhdFESEWVOsXQU+BErsvxx3J6CGGNuFPHntHFGFpp5gdsT
yTMZj7WgjT2+mWPfvphKjxRaa5+Ym6uvMaPWe0DLJrE+Dx4syk+sFVMfdMhJmpV2
/E0oP1HGNlg3AT6Bm6sLhzWQq+e+QYYc7pNdw3q4tSEakVz/3cflT6wgHixoU7bY
JELdyAgUzMCxfzr5btZusw==
</ds:SignatureValue>
<ds:KeyInfo>
<ds:KeyName>Stewart Muir</ds:KeyName>
<ds:KeyValue>
<ds:RSAKeyValue>
<ds:Modulus>
oe2p1JT7zKf4bdlbed/eG0MCOaSQO9+YcTPdDQkjb/GBA8X5ANbStWHsab7pqJIp
PhaKmKAqMX/eCiF2SSl8z6rThKYAnwRZEwU95HlWiw1i7GlBjgXlteG8kV8l9FEc
NrwfsFr3ikYRP4eyLtdqCz9QD07qp1GEquwcYDMTNkBXCIYHz+4gNuzN6r4st1qS
DPtarxk5batW8SUY+4jECf2p2/0jMdK08/dB5SjS+AQR9ykG3YI0b0st2GqPAmhl
J74za7Y5aRU4TR68F7TxwbUKtmhzKZ8TuGimbtiQ892/rDgcynq7oOqXpW0PKilV
qooqLdH9jftvkZP0G7umfw==
</ds:Modulus>
<ds:Exponent>AQAB</ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
<ds:X509Data>
<ds:X509IssuerSerial>
<ds:X509IssuerName>CN=Digi-Sign CA Digi-ID Xp, OU=Terms and Conditions of use: http://www.digi-sign.com/repository, O=Digi-Sign Limited, L=Dublin, ST=Dublin, C=IE</ds:X509IssuerName>
<ds:X509SerialNumber>273910499053014046973888067609747870155</ds:X509SerialNumber>
</ds:X509IssuerSerial>
<ds:X509SubjectName>E=stewart.muir@mmc.com, CN=Stewart Muir, OU=validated by Marsh & Mc Lennan Group, OU=issued by Digi-Sign Limited, OU=FIS, O=Marsh, L=Witham, C=GB, 2.5.4.20=0044 1376 506955</ds:X509SubjectName>
<ds:X509Certificate>
MIIFdzCCBF+gAwIBAgIRAM4RPkO4UaqOWgJt+/1hUcswDQYJKoZIhvcNAQEFBQAw
gbgxCzAJBgNVBAYTAklFMQ8wDQYDVQQIEwZEdWJsaW4xDzANBgNVBAcTBkR1Ymxp
bjEaMBgGA1UEChMRRGlnaS1TaWduIExpbWl0ZWQxSTBHBgNVBAsTQFRlcm1zIGFu
ZCBDb25kaXRpb25zIG9mIHVzZTogaHR0cDovL3d3dy5kaWdpLXNpZ24uY29tL3Jl
cG9zaXRvcnkxIDAeBgNVBAMTF0RpZ2ktU2lnbiBDQSBEaWdpLUlEIFhwMB4XDTEz
MDgwNzAwMDAwMFoXDTE0MDgwNzIzNTk1OVowgegxGTAXBgNVBBQTEDAwNDQgMTM3
NiA1MDY5NTUxCzAJBgNVBAYTAkdCMQ8wDQYDVQQHEwZXaXRoYW0xDjAMBgNVBAoT
BU1hcnNoMQwwCgYDVQQLEwNGSVMxJDAiBgNVBAsTG2lzc3VlZCBieSBEaWdpLVNp
Z24gTGltaXRlZDEtMCsGA1UECxQkdmFsaWRhdGVkIGJ5IE1hcnNoICYgTWMgTGVu
bmFuIEdyb3VwMRUwEwYDVQQDEwxTdGV3YXJ0IE11aXIxIzAhBgkqhkiG9w0BCQEW
FHN0ZXdhcnQubXVpckBtbWMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAoe2p1JT7zKf4bdlbed/eG0MCOaSQO9+YcTPdDQkjb/GBA8X5ANbStWHs
ab7pqJIpPhaKmKAqMX/eCiF2SSl8z6rThKYAnwRZEwU95HlWiw1i7GlBjgXlteG8
kV8l9FEcNrwfsFr3ikYRP4eyLtdqCz9QD07qp1GEquwcYDMTNkBXCIYHz+4gNuzN
6r4st1qSDPtarxk5batW8SUY+4jECf2p2/0jMdK08/dB5SjS+AQR9ykG3YI0b0st
2GqPAmhlJ74za7Y5aRU4TR68F7TxwbUKtmhzKZ8TuGimbtiQ892/rDgcynq7oOqX
pW0PKilVqooqLdH9jftvkZP0G7umfwIDAQABo4IBSDCCAUQwHwYDVR0jBBgwFoAU
kbOK6H4Wb/kSHD8ppFAQRAvZd3YwHQYDVR0OBBYEFLy2/FGntP6AruKLHHRDV5qn
UUgyMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsG
AQUFBwMEBggrBgEFBQcDAjBLBgNVHSAERDBCMEAGCysGAQQBsjEBAgIJMDEwLwYI
KwYBBQUHAgEWI2h0dHA6Ly93d3cuZGlnaS1zaWduLmNvbS9yZXBvc2l0b3J5MHgG
A1UdHwRxMG8wNaAzoDGGL2h0dHA6Ly9jcmwuZGlnaS1zaWduLmNvbS9EaWdpU2ln
bkNBRGlnaUlEWHAuY3JsMDagNKAyhjBodHRwOi8vY3JsMi5kaWdpLXNpZ24uY29t
L0RpZ2lTaWduQ0FEaWdpSURYcC5jcmwwDQYJKoZIhvcNAQEFBQADggEBAIlETTNG
445hvQVCLuropy8f5xYqJWV+S14sTDrSwMCMIG9xDiOOLIW1WUNTH8S3FfmwK2I2
ABnnc4I/IbEF6H83gn/349doIZ0aiTHZbCWgkUs04q5aGkpK8lh93hjcTWGyGT8e
J1Ilc2HWp2Y+87pPE1ltOfwaYd38Y/tm1uTEEqRBr9pyuHqKR778/5eipG5nGOHA
YbvTtuTHcZdYJdkIX/DAqVLi+W97492uxsM0YpW2YQDeKlTFY3cb3LYMF+Jj+uc+
DtBdRQFkR7KecafLPvwp7KNUD1HYvuzjKDyiFwVEGdVZC03ZwkynV4bTErKQBdCv
9dja6gp+RtjTNt4=
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>

Regards,

Jacob
#26415
Posted: 09/12/2013 08:55:11
by Eugene Mayevski (EldoS Corp.)

There's LoadFromBuffer* and LoadFromStream*. LoadFromStream is for streams, LoadFromBuffer is for buffers. Does this makes more sense?


Sincerely yours
Eugene Mayevski
#26418
Posted: 09/13/2013 02:16:37
by Jacob jvandiermen (Standard support level)
Joined: 08/09/2013
Posts: 55

Hallo Eugene Mayevski,

You're right , it make sense! The input is a file stream!!!!
I tried LoadFromStreamPFX but now I get a 7938 return value form the LoadFromStreamPFX function.
When I use LoadFromStreamAuto I get an exception class EElPKCS12Error with message no data.


Regards

Jacob
Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.

Reply

Statistics

Topic viewed 4830 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!