EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Two questions.

Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.
#2922
Posted: 05/14/2007 12:46:54
by Stanko Milošev (Standard support level)
Joined: 10/08/2006
Posts: 37

Greetings!

I need help in solving two tasks.

1. When a company encrypt an XML document, we need serial number and common name of certificate which they used for signing, where exactly that information should be stored? My guess is that it should be in <ds:X509SerialNumber> and <ds:X509IssuerName> nodes, but I would like to check it am I right?

2. If a company encrypt an XML document, is it possible to decrypt it with two different keys or certificates?

Thank you in advance,
Stanko.
#2923
Posted: 05/14/2007 13:05:22
by Eugene Mayevski (EldoS Corp.)

Quote
Stanko Milošev wrote:
When a company encrypt an XML document, we need serial number and common name of certificate which they used for signing, where exactly that information should be stored? My guess is that it should be in <ds:X509SerialNumber> and <ds:X509IssuerName> nodes, but I would like to check it am I right?


This information is there, however the specification doesn't define the exact format of IssuerName so I doubt that it can be easily parsed and compared.

Quote
Stanko Milošev wrote:
2. If a company encrypt an XML document, is it possible to decrypt it with two different keys or certificates?


One can encrypt the data using one or more certificates (i.e. their public keys). If several certificates are used, the recipient can use *any* of the private keys, associated with these certificates, to decrypt the data. This lets you create one document for 2 different recipients, and both of them will be able to decrypt the document using *their* private key.


Sincerely yours
Eugene Mayevski
#2924
Posted: 05/14/2007 13:18:56
by Stanko Milošev (Standard support level)
Joined: 10/08/2006
Posts: 37

Quote

One can encrypt the data using one or more certificates (i.e. their public keys). If several certificates are used, the recipient can use *any* of the private keys, associated with these certificates, to decrypt the data. This lets you create one document for 2 different recipients, and both of them will be able to decrypt the document using *their* private key.


Ok, but if they are using only one specific certificate (public key), is it possible to have two different private keys for that one, specific, certificate?
#2925
Posted: 05/14/2007 13:33:54
by Eugene Mayevski (EldoS Corp.)

Quote
Stanko Milošev wrote:
Ok, but if they are using only one specific certificate (public key), is it possible to have two different private keys for that one, specific, certificate?


No. A public key and a private key make a pair. There's no room for extras.


Sincerely yours
Eugene Mayevski
#2928
Posted: 05/14/2007 14:33:57
by Dmytro Bogatskyy (EldoS Corp.)

Quote
1. When a company encrypt an XML document, we need serial number and common name of certificate which they used for signing, where exactly that information should be stored? My guess is that it should be in <ds:X509SerialNumber> and <ds:X509IssuerName> nodes, but I would like to check it am I right?


You can access this data as follows:
Code
  if (ElXMLVerifier.Signature.KeyInfo.Count > 0) and
     (ElXMLVerifier.Signature.KeyInfo.Items[0] is TElXMLKeyInfoX509Data) then
  begin
    var Key: TElXMLKeyInfoX509Data := TElXMLKeyInfoX509Data(ElXMLVerifier.Signature.KeyInfo.Items[0]);
    if Key.IssuerSerialCount > 0 then
    begin
      Key.SerialNumbers[0] ... // BufferType
      Key.IssuerRDNs[0] ... // has type TElRelativeDistinguishedName
    end;
  end;
Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.

Reply

Statistics

Topic viewed 2172 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!