EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Extract Exponent , Modulus and public key from a pfx file

Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.
#26419
Posted: 09/13/2013 02:18:01
by Eugene Mayevski (EldoS Corp.)

Did you set filestream position to 0 before passing it to the method? If you did, then please re-check that you are passing valid PKCS#12 to the method.


Sincerely yours
Eugene Mayevski
#26420
Posted: 09/13/2013 04:06:23
by Jacob jvandiermen (Standard support level)
Joined: 08/09/2013
Posts: 55

Hello Eugene Mayevski,

Thnx, I had to reallign the file stream to position 0. Totally forget that. Now I can read the certificate into the TElX509Certificagte object. The ByteArray rsaExponent, rsaModulus and blobBufferType are now filled with data from the pfx file. But now I want to convert the BufferArray to a string value. I used the SBUtils.BinaryToString but this only covert the bytearray value to a string value with hex numbers.

For intance the bytearray blobBufferType returns:

DCA6...0FC0

But what i want is a string value like this:

MIICQTCCAaqgAwIBAgIRAKu2xRMF3GBIj6M1g0Wn5qYwDQYJKoZIhvcNAQEFBQAw KTELMAkGA1UEBhMCR0IxGjAYBgNVBAMTEUVsZG9TIENvcnBvcmF0aW9uMB4XDTA5 MDcwNDAwMDAwMFoXDTEyMDcwMzIzNTk1OVowKTELMAkGA1UEBhMCR0IxGjAYBgNV BAMTEUVsZG9TIENvcnBvcmF0aW9uMIGeMA0GCSqGSIb3DQEBAQUAA4GMADCBiAKB gFntGVuSnEPYOtxhYIGTvFUAclzg8zo+zQYqjEzcxb+3nPhkTWJ5VtmIPRbzpEmE 2FfM6ubCH38ctMjDTSBpZmNO62duRwLLpB4UZMAwf0JK+SQOa4wQxU3GqHxBr8Z5 htfH2fqzqQBh30AmcWq/O+nbktnxSiB3hxhIPa9FXFlRAgMBAAGjajBoMCIGA1Ud IwEBAAQYMBaAFHYrz+SZqoxubEAmn8djKbcqHpQZMCAGA1UdDgEBAAQWBBR2K8/k maqMbmxAJp/HYym3Kh6UGTAPBgNVHRMBAf8EBTADAQH/MA8GA1UdDwEB/wQFAwMA vgAwDQYJKoZIhvcNAQEFBQADgYEAVRjYQOZcenPv+x4qiqxBDa57TYMdIELuNSGu Uv+zoEqQn/E7nfCwbCB6TYFLYxfyDThZ9kao9qdQod9DEHrYrLiZWTWgak8TjtWl 8J8gqkG8uyZHuunHJEnLUVyA+qFPOM71sUw6UiSzwBKNuVHJbzj1gkPBPN+rEtRc Goa49jg=

How can i do that

Regards,

Jacob
#26421
Posted: 09/13/2013 04:09:56
by Eugene Mayevski (EldoS Corp.)

What you quoted is base64 encoding. You can use SBEncoding.Unit.Base64Encode method to encode the binary data to base64.


Sincerely yours
Eugene Mayevski
#26422
Posted: 09/13/2013 04:10:17
by Vsevolod Ievgiienko (EldoS Corp.)

What you need is called Base64 encoding. Please use SBEncoding.Base64Encode function.
#26423
Posted: 09/13/2013 06:48:06
by Jacob jvandiermen (Standard support level)
Joined: 08/09/2013
Posts: 55

Hello Eldos,

How do I use SBEncoding.Base64Encode.
I tried the following to extract the public key from the pfx file.

blobBufferType:= '';
try
hashFunction:= TElHashFunction.Create(SB_ALGORITHM_DGST_SHA1);
try
blobSize:= 0;
x509Certificate.GetPublicKeyBlob(nil , blobSize);
SetLength(blobBufferType, blobSize);
x509Certificate.GetPublicKeyBlob(@blobBufferType[1] , blobSize);
hashFunction.Update(@blobBufferType[1] , blobSize);
blobBufferType := hashFunction.Finish();
SBEncoding.Base64Encode(@blobBufferType[1],blobSize,@encoded64Buffer[1],blobSize,True);
SetLength(encoded64Buffer, blobSize);
privateKeyAsString:= SBUtils.BinaryToString(@encoded64Buffer[1], blobSize);
finally
FreeAndNil(hashFunction);
end;
except
;
end;

But this doesn't work.

Regards,

Jacob
#26425
Posted: 09/13/2013 08:05:57
by Vsevolod Ievgiienko (EldoS Corp.)

Base64Encode must be called twice as its done with GetPublicKeyBlob. Also you pass invalid second parameter. It must be equal to blobBufferType length.
#26450
Posted: 09/16/2013 10:01:23
by Jacob jvandiermen (Standard support level)
Joined: 08/09/2013
Posts: 55

Hello Vsevolod Ievgiienko,

I managed to retieve the modulus, exponent and public key from the pfx certificate by doing the following:

Code
try
  certificateFileStream:= TFileStream.Create(fileNameCertificate, fmOPENREAD  
                                             or  fmShareDenyWrite );  
  certificateFileStream.Position:= 0;
  x509Certificate:=  TElX509Certificate.Create(nil);
  if x509Certificate.LoadFromStreamPFX(certificateFileStream, pwd,
                                            certificateFileStream.Size) = 0 then
    begin
       x509Certificate.GetRSAParams(nil, modulusSize, nil, exponentSize);
       SetLength(rsaExponent, exponentSize);
       SetLength(rsaModulus, modulusSize);
       if x509Certificate.GetRSAParams(@rsaModulus[0], modulusSize,
                                             @rsaExponent[0], exponentSize) then
        begin
          modulusStringValue:= Base64EncodeArray(rsaModulus,false);
          exponentStringValue:= Base64EncodeArray(rsaExponent,false);
        end;
       publicKeyStringValue:=
                  Base64EncodeArray(x509Certificate.GetFullPublicKeyInfo,false);
    end;
except
end;


Regards,

Jacob
#26498
Posted: 09/17/2013 09:10:01
by Jacob jvandiermen (Standard support level)
Joined: 08/09/2013
Posts: 55

Hello Vsevolod Ievgiienko,

I want to extract the certificate from a pfx file like the value you get for the <ds:X509Certificate> tag when you use the SimpleSigner for signing a xml.

<ds:X509Certificate>
MIICQTCCAaqgAwIBAgIRAKu2xRMF3GBIj6M1g0Wn5qYwDQYJKoZIhvcNAQEFBQAw KTELMAkGA1UEBhMCR0IxGjAYBgNVBAMTEUVsZG9TIENvcnBvcmF0aW9uMB4XDTA5 Uv+zoEqQn/E7nfCwbCB6TYFLYxfyDThZ9kao9qdQod9DEHrYrLiZWTWgak8TjtWl 8J8gqkG8uyZHuunHJEnLUVyA+qFPOM71sUw6UiSzwBKNuVHJbzj1gkPBPN+rEtRc Goa49jg=
<ds:X509Certificate>

I think I've to convert the x509Certificate.CertificateBinary, which is of type PByteArray to a string value. How can I do that?

Further more you reffered in your previous answer:
Base64Encode must be called twice as its done with GetPublicKeyBlob. Also you pass invalid second parameter. It must be equal to blobBufferType length.
Can you eleberate your answer? Because when I use
Code
publicKeyStringValue:= Base64EncodeArray(x509Certificate.GetFullPublicKeyInfo,false)

I Think I get more data than only the public key, that is irrelevant. I just want the PublicKey in string representation.


Regards,

Jacob
#26504
Posted: 09/18/2013 01:13:48
by Vsevolod Ievgiienko (EldoS Corp.)

If you need only a public key then you can save it to a buffer using TElX509Certificate.KeyMaterial.SavePublic method. After that you may convert it to a string using Base64EncodeArray.

Quote
Can you eleberate your answer?

I meant that you should call Base64Encode once to retrieve its output size, allocate a buffer of that size and call it again to retrieve the data into allocated buffer. However when you use Base64EncodeArray its not needed - you should call this function only once.
Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages

Reply

Statistics

Topic viewed 4825 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!