EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Replacement of Capicom

Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.
#31226
Posted: 10/31/2014 12:17:59
by Ghislain Lafortune (Standard support level)
Joined: 10/31/2014
Posts: 3

Hi,

I was using Capicom to sign (PKCS7) some message in delphi 7. Now i have to do an XML Signature. Many post i've read suggest your library. I'm almost done evaluating your lib but i need one more thing that i can't find. In my case the certificate come from an usb device that the user have to plug. One computer can be used by many user so each user have a different usb device.
With Capicom, to know wich certificate can be use, I used the fonction certificate.privateKey.IsAccessible. With your lib I can find something similar that doesn't pop the message "please insert your card reader".

Do you have an idea of what should i use to accomplish the same thing?

Thanks
#31227
Posted: 10/31/2014 12:22:13
by Eugene Mayevski (EldoS Corp.)

In Windows you can work with certificates stored on hardware devices in two ways - Windows Certificate Storage and PKCS#11. SecureBlackbox uses these mechanisms in TElWinCertStorage and TElPKCS11CertStorage classes respectively.

Capicom works via Windows Certificate Storage.

Hardware vendors provide drivers for one or both of the mentioned mechanisms. It's up to the driver to show the prompt you mentioned.

With PKCS#11 you have some flexibility - you can enumerate (in code) device slots and see what slots are active. Then you can enumerate certificates in those slots. With Windows Certificate Storage this is not possible.

You choose what mechanism to use and depending on this you can have (or not have) control over the hardware.


Sincerely yours
Eugene Mayevski
#31228
Posted: 10/31/2014 12:26:42
by Ghislain Lafortune (Standard support level)
Joined: 10/31/2014
Posts: 3

So if capicom works on Windows certificates Storage and TElWinCertStorage do too, does TElWinCertStorage have an function simimlar to certificate.privateKey.IsAccessible ?
#31229
Posted: 10/31/2014 12:35:39
by Eugene Mayevski (EldoS Corp.)

Yes, TElX509Certificate.PrivateKeyExists property.


Sincerely yours
Eugene Mayevski
#31230
Posted: 10/31/2014 12:56:39
by Ghislain Lafortune (Standard support level)
Joined: 10/31/2014
Posts: 3

Hi, i have tried this function but it always return true event if my usb drive is not plug in. Do you have any other suggestion?
#31231
Posted: 10/31/2014 13:05:59
by Eugene Mayevski (EldoS Corp.)

The message is shown by the hardware driver. We have no control over it and no way to force it to do anything. PrivateKeyExists property contains whatever information WinAPI provides. I assume that Windows does know that the key exists and for you it shouldn't matter if the message appears or not - you should perform the action (in our case sign the data) and *then* the driver will ask the user to insert the device.


Sincerely yours
Eugene Mayevski
Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.

Reply

Statistics

Topic viewed 751 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!