EldoS | Feel safer!

Software components for data protection, secure storage and transfer

PKI Certiciate - Loading private Key in PEM format

Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages
Posted: 08/01/2014 04:28:45
by Dennis Ratzek (Standard support level)
Joined: 07/28/2014
Posts: 9


I recently upgraded the Secureblackbox from Version 9.1.210 to 12.0.256.
Now i got a Problem with loading the private key in PEM Format at two sections and i just can't fix it. Im using Delphi XE2.

1. Problem with a CertificateRequest and TElRSAKeyMaterial.LoadSecret
When i use the Filestream i get an error "ivalid pem data". When i cast the Filestream to ByteArray(streamread) i get an error "ivalid secret key". When i use the DER-Keyfile (Cert.SaveKeyToStream(tempStream)) i can complete this Task, but i don't know if the following Tasks are completed correctly, because i can't really check the results, These are just numbers :). I try to create a Fingerprint with a specific Offset. But i don't get any Errors so i think i could use the DER-Key here.
    Cert := TElCertificateRequest.Create(Nil);
    Cert.Subject.Count := 5;
    //For i := 0 To 4 Do
    //  Cert.Subject.Tags[i] := SB_ASN1_PRINTABLESTRING;
    Cert.Subject.OIDs[0] := SB_CERT_OID_COUNTRY;
    Cert.Subject.Values[0] := BytesOfString(CrReqI_CountryName_Klar);
    Cert.Subject.OIDs[1] := SB_CERT_OID_ORGANIZATION;
    Cert.Subject.Values[1] := BytesOfString(CrReqI_OrganName_Klar);
    Cert.Subject.Values[2] := BytesOfString(CrReqI_Antragssteller_Klar);
    Cert.Subject.Values[3] := BytesOfString('BN' + CrReqI_Betriebsnummer_Klar);
    Cert.Subject.OIDs[4] := SB_CERT_OID_COMMON_NAME;
    Cert.Subject.Values[4] := BytesOfString(CrReqI_Ansprechpartner_Klar);

tempStream := TFileStream.Create(FRequestPrivatePEMFile, fmCreate Or fmShareDenyWrite);
    Cert.SaveKeyToStreamPEM(tempStream, CrReqI_Passwort_nonencrypted);
    ErrorFunction(3203, '..');

StreamRead := TFileStream.Create(FRequestPrivatePEMFile, fmOpenRead Or fmShareDenyWrite);
  keymat := TElRSAKeyMaterial.Create;
  keymat.PEMEncode := true;
  keymat.Passphrase := CrReqI_Passwort_nonencrypted;
  keymat.SaltSize := 0;
  keymat.StrLabel := '';
    keymat.LoadSecret(StreamRead, StreamRead.Size);
    ErrorFunction(3205, '..'); //  LoadSecret fails

  keymat.PEMEncode := false;

  streamWrite := TFileStream.Create(FRequestPublicFile, fmCreate Or fmShareDenyWrite);
  hashFunction := TElHashFunction.Create(SB_ALGORITHM_DGST_SHA256);
  hashFunction.Update(@outbuf[0], bufsize - 24);
  hashResult := hashFunction.Finish;

  hashStr := '';
  For i := 1 To length(hashResult) Do
    hashStr := hashStr + IntToHex((ord(hashResult[i])), 2) + ':';
  If length(hashStr) <> 95 Then //3*32-1

2. I try to load our existing and valid Certificate to sign and encrypt Data. I can Load the Certificate without error. But when i try to load the PEM private key i get error Code 7425. I tried to load the Stream with various different functions, for example "tempStream.WriteBuffer(ag_key[i], SizeOf(Char));" It doesn't matter, i always get the same error code.

  retWert := FAGCertStorage.LoadFromStreamPKCS7(tempStream, tempStream.Size);
//retWert = 0 OK
  ag_key := utl_fromOneLine(FAG_PrivateKey);
  ag_kennwort := FAG_PrivateKeyPassword;

  tempStream := TMemoryStream.Create;

  tempStream.Position := 0;
  For i := 1 To Length(ag_key) Do
    tempStream.WriteBuffer(ag_key[i], 1);
  tempStream.Position := 0;

  retWert := FAGCertStorage.Certificates[0].LoadKeyFromStreamPEM(tempStream, ag_kennwort);
  If Not FAGCertStorage.Certificates[0].PrivateKeyExists Then
    ErrorFunction(1105, retWert); // <-- retWert = Code 7425

The PEM-Files i try to load are always this Format:
Proc-Type: 4,ENCRYPTED


Can you help me somehow?
Posted: 08/01/2014 05:49:37
by Eugene Mayevski (EldoS Corp.)

Let's continue in HelpDesk ( https://www.eldos.com/helpdesk/ ) please. I have created a new support ticket based on your above message. You will see your (and only your) support tickets by following this URL. You will also get e-mail notifications about updates related to your support ticket.

Sincerely yours
Eugene Mayevski



Topic viewed 636 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!