EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Generate P7S with CRL

Posted: 02/20/2014 09:39:31
by Ranyele Amorim (Basic support level)
Joined: 02/14/2014
Posts: 10

Hello for all!

I'm trying create one P7S with CRL file included, but without success. Into TElCertificateRevocationList i'm loading the CRL file previously downloaded. And in TElMemoryCertStorage i'm linking the property CRL to the component. The p7s file is created but the CRL invisible or don't possible load into P7S file.

anybody can help me?

Thanx so much!

PS: Sorry the english, i'm a brazilian guy.
Posted: 02/20/2014 09:44:04
by Vsevolod Ievgiienko (Team)

Thank you for contacting us.

Could you clarify what SecureBlackbox edition (VCL, .NET, Java) and what classes do you use. Could you also post your code.
Posted: 02/20/2014 09:57:34
by Ranyele Amorim (Basic support level)
Joined: 02/14/2014
Posts: 10

Hi Vsevolod Ievgiienko!

Thank you for the answer! I'm using the version VCL.
The code for generate P7S is here: http://pastebin.com/FpaNCbvJ

Very thank you!
Posted: 02/20/2014 10:18:03
by Eugene Mayevski (Team)

Please clarify what you mean by "create P7S". P7S is not a format, it's file extension. Try to describe what you need to achieve.

Sincerely yours
Eugene Mayevski
Posted: 02/20/2014 10:31:09
by Ranyele Amorim (Basic support level)
Joined: 02/14/2014
Posts: 10

Hello Eugene Mayevski.

When i'm mean create P7S file, i'm mean the generate one file with contain the document to be signed plus the signer certificates. In this case, the public key. But besides the signer's certificate, I need to add the CRL P7S I'm generating. Unable to be clear on my problem? Anything can drill down further.

Very Thanks for all!
Posted: 02/20/2014 11:58:36
by Eugene Mayevski (Team)

1) PublicKeyHandler in your code is completely irrelevant to your task.

2) PKCS#7 format that TElMessageSigner creates doesn't support embedding of CRLs. Maybe you need signatures in CAdES format which includes revocation information. So it makes sense for you to check the requirements.

Sincerely yours
Eugene Mayevski
Posted: 02/20/2014 13:34:41
by Ranyele Amorim (Basic support level)
Joined: 02/14/2014
Posts: 10

Thank you for your attention. After reading and researching what they told me, I began to study the example of cades that comes with the tool at installation time. I noticed that when creating a signed file, I can add information to the file signatures. So, I added a CRL to the file and created the signature. After I try to validate the signature cades, using the same example that created the file, and CRLs are not loaded. In native tool windows, certmgr also can not view the CRLs.

I'm skipping some step? I can send the code to see what they say.

I thank you much attention.
Posted: 02/20/2014 14:23:35
by Ken Ivanov (Team)

Hello Ranyele,

First of all, please note that there are several totally different ways to put CRLs and certificates to a CMS/PKCS#7 compliant message. Which of them is applicable to your particular case depends on the requirements of your task.

A typical and most common way of adding CRLs to a signed message is to use the TElSignedCMSMessage.CRLs property. This could be done either before or after adding a signature to the message, but in any case before it is serialized to a stream or file.

As you gave us no idea which components you used and how exactly you were adding CRLs to a signature, we can't tell what is going wrong with your method.
Posted: 02/21/2014 13:10:47
by Ranyele Amorim (Basic support level)
Joined: 02/14/2014
Posts: 10

Hello! Been concentrated studying the examples available for study during installation and now I'm having a doubt about him. I create a new signature and add additional validation information, in my case only one CRL file, and create signature without any problems. I can see that the CRL file was uploaded because FCAdESProcessor.CustomRevocationInfo.CRLs.Count property returns me 1. Once the file is created, I attempt to validate the signature on the same demo created, and my indignation CRL is not loaded. And above property now returns 0. Theoretically'm hoping that my file has the infrastructure like the image below.


Any idea where I can be making mistake?

Thanks again for your attention.
Posted: 02/21/2014 15:28:18
by Ken Ivanov (Team)


TElCAdESSignatureProcessor is not the exactly right component for your task. The primary goal of this class is to construct and validate CAdES-compliant messages, and it is a bit too heavy instrument for creating just-a-CRL messages.

I suggest that you take the TElSignedCMSMessage component and go on with it. Please do the following:

1. Create an instance of TElSignedCMSMessage;
2. Call it's CreateNew() method;
3. Add your CRL to the CRLs property;
4. Save the message with the Save() method and check if that's what you needed to get.



Topic viewed 2554 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!