EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Custom conditions in chain verification process

Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.
#35709
Posted: 01/27/2016 06:20:05
by Marcin  (Standard support level)
Joined: 01/26/2016
Posts: 14

Hi
I am using PKIBlackbox package of library version 10.0.230.0 for .NET
I have some problems \ questions:

1/ How to properly use library to validate certificate (lets name it CRT) against list of CA certificates (there may be more than one chains that validate CRT)
Here is code that I use:

Code
            TElX509Certificate primaryCert = new TElX509Certificate();
            primaryCert.LoadFromBuffer(primaryCertificate);
            int reason = -1;
         
            TElMemoryCertStorage storeTrusted = new TElMemoryCertStorage();
            TElMemoryCertStorage storeKnown   = new TElMemoryCertStorage();
            foreach (var additionalCertificate in additionalCertificates)
            {                
                TElX509Certificate cert = new TElX509Certificate();
                cert.LoadFromBuffer(additionalCertificate);
                if (cert.SelfSigned)
                {
                    storeTrusted.Add(cert, true);    
                }
                else
                {
                    storeKnown.Add(cert, true);
                }
            }
         
            TElX509CertificateValidator certificateValidator = new TElX509CertificateValidator();
            certificateValidator.OfflineMode                 = true;
            certificateValidator.MandatoryCRLCheck           = false;
            certificateValidator.MandatoryRevocationCheck    = false;
            certificateValidator.MandatoryOCSPCheck          = false;
            certificateValidator.CheckCRL                    = false;
            certificateValidator.CheckOCSP                   = false;
            certificateValidator.IgnoreCAKeyUsage            = false;
            certificateValidator.ValidateInvalidCertificates = false;
            certificateValidator.UseSystemStorages = false;

            certificateValidator.AddKnownCertificates(storeKnown);
            certificateValidator.AddTrustedCertificates(storeTrusted);

            TSBCertificateValidity validity = TSBCertificateValidity.cvChainUnvalidated;
            certificateValidator.Validate(primaryCert, ref validity, ref reason);


Is it correct ?

2/ Can I specify conditions to build chain and if so how to do that ?

Additionally:
3/
I ask because when I use X509Chain class from .NET on the same list of CA certs and intermidiate certs I receive correct chain (if I remove found chain certs, I receive one more valid chain) that validates my CRT but with SecureBlackBox I also receive one more CA (so this is also chain) that verifies my CRT.
Furtermore when I add some certs that are not validating my CRT but also can occur on production, the validation method returns "Invalid" status and I expect that validation process should omit this cert if it is not issuer of CRT and search proper chain which is present on mentioned CA list.
Here is the reason that method returns:
Quote
Certificate contains invalid digital signature, it could be corrupted


So can I force the engine to serach valid chain until it finds one ?

Thanks for any help
#35711
Posted: 01/27/2016 06:27:24
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you for contacting us.

Technical Support is provided to customers with the linked Support Access Ticket. You will find your Support Access Ticket together with all the details about how to use it in the registration e-mail that we’ve sent to you upon the purchase. The procedure of linking the Support Access Ticket is described in the registration e-mail as well.

I am afraid that without the Support Access Ticket linked we won't be able to assist you. Thank you for understanding.
#35712
Posted: 01/27/2016 06:36:13
by Marcin  (Standard support level)
Joined: 01/26/2016
Posts: 14

I have a trial version now but also purchased version but I dont have an access to registration email of last one.
Can I simply create ticket from my "trial account" ?
#35714
Posted: 01/27/2016 06:57:36
by Ken Ivanov (EldoS Corp.)

Marcin,

May I please ask you to create a support ticket in our Helpdesk system and provide some details of the license you have there (such as your license key, the licensee name or an e-mail address that was used to purchase the license - simply anything that might help to establish your licensing circumstances)?

Please do not post this information here - this is a public forum and you don't want your private details to be available for third parties.

Thanks in advance.

Ken
#35715
Posted: 01/27/2016 07:04:17
by Marcin  (Standard support level)
Joined: 01/26/2016
Posts: 14

Yes of course.
Which category to choose ?
#35716
Posted: 01/27/2016 07:22:35
by Ken Ivanov (EldoS Corp.)

Thank you - I believe 'Sales: ordered license has not been received' will do.
#35717
Posted: 01/27/2016 07:35:05
by Marcin  (Standard support level)
Joined: 01/26/2016
Posts: 14

Ok. Done.
#35718
Posted: 01/27/2016 07:53:23
by Marcin  (Standard support level)
Joined: 01/26/2016
Posts: 14

Should I also create ticked for this topic ?
#35719
Posted: 01/27/2016 08:00:47
by Ken Ivanov (EldoS Corp.)

Not yet - someone will answer you here, shortly after your license question is clarified. You don't need to take any further actions for now. Sorry for making you wait.
#35740
Posted: 01/28/2016 04:53:38
by Marcin  (Standard support level)
Joined: 01/26/2016
Posts: 14

Ok Done.
Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.

Reply

Statistics

Topic viewed 5563 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!