EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Extract Exponent , Modulus and public key from a pfx file

Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.
#26419
Posted: 09/13/2013 02:18:01
by Eugene Mayevski (EldoS Corp.)

Did you set filestream position to 0 before passing it to the method? If you did, then please re-check that you are passing valid PKCS#12 to the method.


Sincerely yours
Eugene Mayevski
#26420
Posted: 09/13/2013 04:06:23
by Jacob jvandiermen (Standard support level)
Joined: 08/09/2013
Posts: 55

Hello Eugene Mayevski,

Thnx, I had to reallign the file stream to position 0. Totally forget that. Now I can read the certificate into the TElX509Certificagte object. The ByteArray rsaExponent, rsaModulus and blobBufferType are now filled with data from the pfx file. But now I want to convert the BufferArray to a string value. I used the SBUtils.BinaryToString but this only covert the bytearray value to a string value with hex numbers.

For intance the bytearray blobBufferType returns:

DCA6...0FC0

But what i want is a string value like this:

MIICQTCCAaqgAwIBAgIRAKu2xRMF3GBIj6M1g0Wn5qYwDQYJKoZIhvcNAQEFBQAw KTELMAkGA1UEBhMCR0IxGjAYBgNVBAMTEUVsZG9TIENvcnBvcmF0aW9uMB4XDTA5 MDcwNDAwMDAwMFoXDTEyMDcwMzIzNTk1OVowKTELMAkGA1UEBhMCR0IxGjAYBgNV BAMTEUVsZG9TIENvcnBvcmF0aW9uMIGeMA0GCSqGSIb3DQEBAQUAA4GMADCBiAKB gFntGVuSnEPYOtxhYIGTvFUAclzg8zo+zQYqjEzcxb+3nPhkTWJ5VtmIPRbzpEmE 2FfM6ubCH38ctMjDTSBpZmNO62duRwLLpB4UZMAwf0JK+SQOa4wQxU3GqHxBr8Z5 htfH2fqzqQBh30AmcWq/O+nbktnxSiB3hxhIPa9FXFlRAgMBAAGjajBoMCIGA1Ud IwEBAAQYMBaAFHYrz+SZqoxubEAmn8djKbcqHpQZMCAGA1UdDgEBAAQWBBR2K8/k maqMbmxAJp/HYym3Kh6UGTAPBgNVHRMBAf8EBTADAQH/MA8GA1UdDwEB/wQFAwMA vgAwDQYJKoZIhvcNAQEFBQADgYEAVRjYQOZcenPv+x4qiqxBDa57TYMdIELuNSGu Uv+zoEqQn/E7nfCwbCB6TYFLYxfyDThZ9kao9qdQod9DEHrYrLiZWTWgak8TjtWl 8J8gqkG8uyZHuunHJEnLUVyA+qFPOM71sUw6UiSzwBKNuVHJbzj1gkPBPN+rEtRc Goa49jg=

How can i do that

Regards,

Jacob
#26421
Posted: 09/13/2013 04:09:56
by Eugene Mayevski (EldoS Corp.)

What you quoted is base64 encoding. You can use SBEncoding.Unit.Base64Encode method to encode the binary data to base64.


Sincerely yours
Eugene Mayevski
#26422
Posted: 09/13/2013 04:10:17
by Vsevolod Ievgiienko (EldoS Corp.)

What you need is called Base64 encoding. Please use SBEncoding.Base64Encode function.
#26423
Posted: 09/13/2013 06:48:06
by Jacob jvandiermen (Standard support level)
Joined: 08/09/2013
Posts: 55

Hello Eldos,

How do I use SBEncoding.Base64Encode.
I tried the following to extract the public key from the pfx file.

blobBufferType:= '';
try
hashFunction:= TElHashFunction.Create(SB_ALGORITHM_DGST_SHA1);
try
blobSize:= 0;
x509Certificate.GetPublicKeyBlob(nil , blobSize);
SetLength(blobBufferType, blobSize);
x509Certificate.GetPublicKeyBlob(@blobBufferType[1] , blobSize);
hashFunction.Update(@blobBufferType[1] , blobSize);
blobBufferType := hashFunction.Finish();
SBEncoding.Base64Encode(@blobBufferType[1],blobSize,@encoded64Buffer[1],blobSize,True);
SetLength(encoded64Buffer, blobSize);
privateKeyAsString:= SBUtils.BinaryToString(@encoded64Buffer[1], blobSize);
finally
FreeAndNil(hashFunction);
end;
except
;
end;

But this doesn't work.

Regards,

Jacob
#26425
Posted: 09/13/2013 08:05:57
by Vsevolod Ievgiienko (EldoS Corp.)

Base64Encode must be called twice as its done with GetPublicKeyBlob. Also you pass invalid second parameter. It must be equal to blobBufferType length.
#26450
Posted: 09/16/2013 10:01:23
by Jacob jvandiermen (Standard support level)
Joined: 08/09/2013
Posts: 55

Hello Vsevolod Ievgiienko,

I managed to retieve the modulus, exponent and public key from the pfx certificate by doing the following:

Code
try
  certificateFileStream:= TFileStream.Create(fileNameCertificate, fmOPENREAD  
                                             or  fmShareDenyWrite );  
  certificateFileStream.Position:= 0;
  x509Certificate:=  TElX509Certificate.Create(nil);
  if x509Certificate.LoadFromStreamPFX(certificateFileStream, pwd,
                                            certificateFileStream.Size) = 0 then
    begin
       x509Certificate.GetRSAParams(nil, modulusSize, nil, exponentSize);
       SetLength(rsaExponent, exponentSize);
       SetLength(rsaModulus, modulusSize);
       if x509Certificate.GetRSAParams(@rsaModulus[0], modulusSize,
                                             @rsaExponent[0], exponentSize) then
        begin
          modulusStringValue:= Base64EncodeArray(rsaModulus,false);
          exponentStringValue:= Base64EncodeArray(rsaExponent,false);
        end;
       publicKeyStringValue:=
                  Base64EncodeArray(x509Certificate.GetFullPublicKeyInfo,false);
    end;
except
end;


Regards,

Jacob
#26498
Posted: 09/17/2013 09:10:01
by Jacob jvandiermen (Standard support level)
Joined: 08/09/2013
Posts: 55

Hello Vsevolod Ievgiienko,

I want to extract the certificate from a pfx file like the value you get for the <ds:X509Certificate> tag when you use the SimpleSigner for signing a xml.

<ds:X509Certificate>
MIICQTCCAaqgAwIBAgIRAKu2xRMF3GBIj6M1g0Wn5qYwDQYJKoZIhvcNAQEFBQAw KTELMAkGA1UEBhMCR0IxGjAYBgNVBAMTEUVsZG9TIENvcnBvcmF0aW9uMB4XDTA5 Uv+zoEqQn/E7nfCwbCB6TYFLYxfyDThZ9kao9qdQod9DEHrYrLiZWTWgak8TjtWl 8J8gqkG8uyZHuunHJEnLUVyA+qFPOM71sUw6UiSzwBKNuVHJbzj1gkPBPN+rEtRc Goa49jg=
<ds:X509Certificate>

I think I've to convert the x509Certificate.CertificateBinary, which is of type PByteArray to a string value. How can I do that?

Further more you reffered in your previous answer:
Base64Encode must be called twice as its done with GetPublicKeyBlob. Also you pass invalid second parameter. It must be equal to blobBufferType length.
Can you eleberate your answer? Because when I use
Code
publicKeyStringValue:= Base64EncodeArray(x509Certificate.GetFullPublicKeyInfo,false)

I Think I get more data than only the public key, that is irrelevant. I just want the PublicKey in string representation.


Regards,

Jacob
#26504
Posted: 09/18/2013 01:13:48
by Vsevolod Ievgiienko (EldoS Corp.)

If you need only a public key then you can save it to a buffer using TElX509Certificate.KeyMaterial.SavePublic method. After that you may convert it to a string using Base64EncodeArray.

Quote
Can you eleberate your answer?

I meant that you should call Base64Encode once to retrieve its output size, allocate a buffer of that size and call it again to retrieve the data into allocated buffer. However when you use Base64EncodeArray its not needed - you should call this function only once.
Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.

Reply

Statistics

Topic viewed 4820 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!