EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Custom conditions in chain verification process

Posted: 01/29/2016 09:36:13
by Marcin  (Standard support level)
Joined: 01/26/2016
Posts: 14

First of all.
1/ Is there any possibility that you fix any bug from my version of library -
2/ About algorithm you mentioned:
Is it possible to construct such an algorithm with my version of library ?
If so:
Step 1) How to build this chains ?
That way:
If so how to get this chains ?
Only sensible method I can see is
int TElMemoryCertStorag.GetChain(int index)
But it returns integer..
If not should I build them on my own ?
Posted: 01/29/2016 09:52:30
by Eugene Mayevski (Team)

Unfortunately there's no technical possibility to change anything in older versions.

As for the custom code - we can write such function for you as a custom service (for a fee).

Have you solved your validation problems with the evaluation version of Secureblackbox 14?

Sincerely yours
Eugene Mayevski
Posted: 01/29/2016 10:16:41
by Marcin  (Standard support level)
Joined: 01/26/2016
Posts: 14

I am just testing..
I think if it is possible to write I will write it myself but I don't exactly understand algorithm yet and the most important thing if it is possible to achieve that with my version of library ?

I still don't know if I should find chains myself or with the library.. ?
Posted: 01/29/2016 10:47:22
by Eugene Mayevski (Team)

You would need to find the chains yourself by comparing IssuerRDN of the end-entity certificate with the SubjectRDN of each supposed CA certificate, then by comparing AuthorityKeyIdentifier extension of the end-entity certificate with SubjectKeyIdentifier extension of each supposed CA certificate. Also please note that there can be multiple correct CA certificates in the list.

The above can be done with help of SecureBlackbox functions, though some part of the code will need to be written.

Sincerely yours
Eugene Mayevski
Posted: 02/01/2016 15:14:55
by Marcin  (Standard support level)
Joined: 01/26/2016
Posts: 14

Is in library any method that verifies certificate signature with CA public key ?

Is it possible to know how method
works ?
Does it implement functionality from point 1/ ?
What is the algorithm ?
Posted: 02/01/2016 15:34:00
by Eugene Mayevski (Team)

1) Yes, TElX509Certificate.ValidateWithCA() method.

2) The question is too broad to be answered in this form . In brief, the certificate validation is implemented according to the rules of RFC 5280 and also includes OCSP and CRL verifications. Of course, as a part of the validation process, the signatures are verified as well, but there's much more being done during the validation.

Sincerely yours
Eugene Mayevski



Topic viewed 7306 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!