EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Creating TElX509Certificate from a X509Certificate to sign with CAdES

Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.
#27045
Posted: 10/31/2013 08:59:19
by Mickaël Bénès (Standard support level)
Joined: 02/26/2013
Posts: 74

Hi.

As we talked in another thread (https://www.eldos.com/forum/read.php?PAGEN_1=1&FID=7&TID=4578#nav_start), I'm using X509Certificate objects in my applets. So I need to create an TElX509Certificate from it.
You gave me a sample of code with which I made this method :

Code
public static TElX509Certificate getTElX509CertificateFromX509Certificate(X509Certificate x509Certificate, PrivateKey x509CertPrivateKey) {
      TElJCECryptoProvider cp = (TElJCECryptoProvider) SBCryptoProvJCE.JCECryptoProvider();
      
      TElPublicKeyMaterial km = new TElRSAKeyMaterial(cp); // RSA an DSA are supported at the moment
      km.SetKeyPair(new KeyPair(x509Certificate.getPublicKey(), x509CertPrivateKey));
      
      TElX509Certificate telX509Certificate = new TElX509Certificate();
      telX509Certificate.FromX509Certificate(x509Certificate); // load public part of the certificate that is usually exportable
      telX509Certificate.SetKeyMaterial(km); // set key material that is initialized with non-exportable key
      
      return telX509Certificate;
   }


But when I sign with it, the TElSignedCMSMessage verification returns that the signature is invalid. Since I didn't find a way to make it tell me why, I used TElMessageVerifier to check the signature. It says : "Signed message contains invalid digital signature. The high possibility that signature was corrupted." (error code 8204)

I had a similar problem with this method, and you told that the problem would be fixed in the next SBB build. Is the issue fixed or did I do something wrong ?

Here is my signing code, just in case :
Code
TElX509Certificate signTelX509Certificate = Certificats.getTElX509CertificateFromX509Certificate(this._x509Certificate, this._x509CertPrivatekey);
         
         TElFileStream fs                  = null;
         TElCAdESSignatureProcessor processor   = new TElCAdESSignatureProcessor();
         TElSignedCMSMessage cms               = new TElSignedCMSMessage();
         
         try {
            fs = new TElFileStream(this._fileToSign.getAbsolutePath(), "r", true);
            cms.CreateNew(fs, 0, fs.GetLength());;
            
            int indexNewSign   = cms.AddSignature();
            TElCMSSignature sig   = cms.GetSignature(indexNewSign);
            
            processor.SetSignature(sig);
            processor.CreateBES(signTelX509Certificate);
            
            File fileSig = new File(this._fileToSign.getAbsolutePath() + PKCS7.CADES_EXTENSIONS[0]);
            CAdES.saveCMS(cms, fileSig);
            signature.setFile(fileSig);
            signature.setType(Signature.TYPE_CAdES_BES);
            
            System.out.println("Signature done !");
            
            if (this._verifSig) {
               CAdES cades = CAdES.getInstance();
               cades.verifSign(this.threadListener, this.appletListener, this.textListener, this._fileToSign, fileSig);
            }
         }
         catch (Exception e) {
            throw e;
         }
         finally {
            if (fs != null) {
               fs.Free();
               fs.Destroy();
            }
            
            cms.Destroy();
            processor.Destroy();
         }


Thanks !
#27046
Posted: 10/31/2013 09:12:44
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you for contacting us.

The problem is already fixed. Do I understand right that you get the problem with the latest 11.0.241 build? If yes then could you post your full project to Helpdesk, so we'll be able to reproduce the problem locally.
#27053
Posted: 10/31/2013 10:00:28
by Mickaël Bénès (Standard support level)
Joined: 02/26/2013
Posts: 74

Thank you for the quick answer !

No, I had the 11.0.240 build, but after downloading the 11.0.241 and running my applet with it, the issue still is here.

Unfortunately, I can't send you the whole project since it's my company's. But I still can show you the code parts that allow me to retrieve the X509Certificate and its PrivateKey from Windows' keystore. I do it in the HelpDesk.
#27059
Posted: 10/31/2013 10:33:37
by Mickaël Bénès (Standard support level)
Joined: 02/26/2013
Posts: 74

Sorry, I just used the preview before submitting to the HelpDesk and I accidently hit the "Submit" button. I remove the message.
#27812
Posted: 01/02/2014 07:54:16
by SNB (Basic support level)
Joined: 12/30/2013
Posts: 2

hi
can I create X509Certificate from a TElX509Certificate ??
#27813
Posted: 01/02/2014 07:58:43
by Vsevolod Ievgiienko (EldoS Corp.)

Quote
can I create X509Certificate from a TElX509Certificate ??

Yes you can do this using TElX509Certificate.ToX509Certificate() method.
#27814
Posted: 01/02/2014 08:19:14
by SNB (Basic support level)
Joined: 12/30/2013
Posts: 2

hi actually I am asking for c# i.e. for Windows Phone.

There is no such method provided I guess
#27815
Posted: 01/02/2014 08:22:41
by Vsevolod Ievgiienko (EldoS Corp.)

Quote
hi actually I am asking for c# i.e. for Windows Phone.

Sorry, but it was not clear as original topic is about Java edition.

For .NET you can use TElX509Certificate.ToX509Certificate2 method.
#27816
Posted: 01/02/2014 08:29:28
by Eugene Mayevski (EldoS Corp.)

SNB: what the purpose of this operation would be? SecureBlackbox is self-containing and offers everything you can get with .NET Framework and more.


Sincerely yours
Eugene Mayevski
Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.

Reply

Statistics

Topic viewed 2982 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!