EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Custom conditions in chain verification process

Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages
#35768
Posted: 01/29/2016 09:36:13
by Marcin  (Standard support level)
Joined: 01/26/2016
Posts: 14

First of all.
1/ Is there any possibility that you fix any bug from my version of library - 10.0.230.0
2/ About algorithm you mentioned:
Is it possible to construct such an algorithm with my version of library ?
If so:
Step 1) How to build this chains ?
That way:
TElMemoryCertStorage.BuildChains(CRT);
If so how to get this chains ?
Only sensible method I can see is
int TElMemoryCertStorag.GetChain(int index)
But it returns integer..
If not should I build them on my own ?
#35769
Posted: 01/29/2016 09:52:30
by Eugene Mayevski (EldoS Corp.)

Unfortunately there's no technical possibility to change anything in older versions.

As for the custom code - we can write such function for you as a custom service (for a fee).

Have you solved your validation problems with the evaluation version of Secureblackbox 14?


Sincerely yours
Eugene Mayevski
#35770
Posted: 01/29/2016 10:16:41
by Marcin  (Standard support level)
Joined: 01/26/2016
Posts: 14

I am just testing..
I think if it is possible to write I will write it myself but I don't exactly understand algorithm yet and the most important thing if it is possible to achieve that with my version of library ?

I still don't know if I should find chains myself or with the library.. ?
#35771
Posted: 01/29/2016 10:47:22
by Eugene Mayevski (EldoS Corp.)

You would need to find the chains yourself by comparing IssuerRDN of the end-entity certificate with the SubjectRDN of each supposed CA certificate, then by comparing AuthorityKeyIdentifier extension of the end-entity certificate with SubjectKeyIdentifier extension of each supposed CA certificate. Also please note that there can be multiple correct CA certificates in the list.

The above can be done with help of SecureBlackbox functions, though some part of the code will need to be written.


Sincerely yours
Eugene Mayevski
#35796
Posted: 02/01/2016 15:14:55
by Marcin  (Standard support level)
Joined: 01/26/2016
Posts: 14

1/
Is in library any method that verifies certificate signature with CA public key ?

2/
Is it possible to know how method
TElX509CertificateValidator.Validate()
works ?
Does it implement functionality from point 1/ ?
What is the algorithm ?
#35797
Posted: 02/01/2016 15:34:00
by Eugene Mayevski (EldoS Corp.)

1) Yes, TElX509Certificate.ValidateWithCA() method.

2) The question is too broad to be answered in this form . In brief, the certificate validation is implemented according to the rules of RFC 5280 and also includes OCSP and CRL verifications. Of course, as a part of the validation process, the signatures are verified as well, but there's much more being done during the validation.


Sincerely yours
Eugene Mayevski
Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.

Reply

Statistics

Topic viewed 5547 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!