EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Creating TElX509Certificate from a X509Certificate to sign with CAdES

Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.
Posted: 10/31/2013 08:59:19
by Mickaël Bénès (Standard support level)
Joined: 02/26/2013
Posts: 80


As we talked in another thread (https://www.eldos.com/forum/read.php?PAGEN_1=1&FID=7&TID=4578#nav_start), I'm using X509Certificate objects in my applets. So I need to create an TElX509Certificate from it.
You gave me a sample of code with which I made this method :

public static TElX509Certificate getTElX509CertificateFromX509Certificate(X509Certificate x509Certificate, PrivateKey x509CertPrivateKey) {
      TElJCECryptoProvider cp = (TElJCECryptoProvider) SBCryptoProvJCE.JCECryptoProvider();
      TElPublicKeyMaterial km = new TElRSAKeyMaterial(cp); // RSA an DSA are supported at the moment
      km.SetKeyPair(new KeyPair(x509Certificate.getPublicKey(), x509CertPrivateKey));
      TElX509Certificate telX509Certificate = new TElX509Certificate();
      telX509Certificate.FromX509Certificate(x509Certificate); // load public part of the certificate that is usually exportable
      telX509Certificate.SetKeyMaterial(km); // set key material that is initialized with non-exportable key
      return telX509Certificate;

But when I sign with it, the TElSignedCMSMessage verification returns that the signature is invalid. Since I didn't find a way to make it tell me why, I used TElMessageVerifier to check the signature. It says : "Signed message contains invalid digital signature. The high possibility that signature was corrupted." (error code 8204)

I had a similar problem with this method, and you told that the problem would be fixed in the next SBB build. Is the issue fixed or did I do something wrong ?

Here is my signing code, just in case :
TElX509Certificate signTelX509Certificate = Certificats.getTElX509CertificateFromX509Certificate(this._x509Certificate, this._x509CertPrivatekey);
         TElFileStream fs                  = null;
         TElCAdESSignatureProcessor processor   = new TElCAdESSignatureProcessor();
         TElSignedCMSMessage cms               = new TElSignedCMSMessage();
         try {
            fs = new TElFileStream(this._fileToSign.getAbsolutePath(), "r", true);
            cms.CreateNew(fs, 0, fs.GetLength());;
            int indexNewSign   = cms.AddSignature();
            TElCMSSignature sig   = cms.GetSignature(indexNewSign);
            File fileSig = new File(this._fileToSign.getAbsolutePath() + PKCS7.CADES_EXTENSIONS[0]);
            CAdES.saveCMS(cms, fileSig);
            System.out.println("Signature done !");
            if (this._verifSig) {
               CAdES cades = CAdES.getInstance();
               cades.verifSign(this.threadListener, this.appletListener, this.textListener, this._fileToSign, fileSig);
         catch (Exception e) {
            throw e;
         finally {
            if (fs != null) {

Thanks !
Posted: 10/31/2013 09:12:44
by Vsevolod Ievgiienko (Team)

Thank you for contacting us.

The problem is already fixed. Do I understand right that you get the problem with the latest 11.0.241 build? If yes then could you post your full project to Helpdesk, so we'll be able to reproduce the problem locally.
Posted: 10/31/2013 10:00:28
by Mickaël Bénès (Standard support level)
Joined: 02/26/2013
Posts: 80

Thank you for the quick answer !

No, I had the 11.0.240 build, but after downloading the 11.0.241 and running my applet with it, the issue still is here.

Unfortunately, I can't send you the whole project since it's my company's. But I still can show you the code parts that allow me to retrieve the X509Certificate and its PrivateKey from Windows' keystore. I do it in the HelpDesk.
Posted: 10/31/2013 10:33:37
by Mickaël Bénès (Standard support level)
Joined: 02/26/2013
Posts: 80

Sorry, I just used the preview before submitting to the HelpDesk and I accidently hit the "Submit" button. I remove the message.
Posted: 01/02/2014 07:54:16
by SNB (Basic support level)
Joined: 12/30/2013
Posts: 2

can I create X509Certificate from a TElX509Certificate ??
Posted: 01/02/2014 07:58:43
by Vsevolod Ievgiienko (Team)

can I create X509Certificate from a TElX509Certificate ??

Yes you can do this using TElX509Certificate.ToX509Certificate() method.
Posted: 01/02/2014 08:19:14
by SNB (Basic support level)
Joined: 12/30/2013
Posts: 2

hi actually I am asking for c# i.e. for Windows Phone.

There is no such method provided I guess
Posted: 01/02/2014 08:22:41
by Vsevolod Ievgiienko (Team)

hi actually I am asking for c# i.e. for Windows Phone.

Sorry, but it was not clear as original topic is about Java edition.

For .NET you can use TElX509Certificate.ToX509Certificate2 method.
Posted: 01/02/2014 08:29:28
by Eugene Mayevski (Team)

SNB: what the purpose of this operation would be? SecureBlackbox is self-containing and offers everything you can get with .NET Framework and more.

Sincerely yours
Eugene Mayevski
Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.



Topic viewed 3158 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!