EldoS | Feel safer!

Software components for data protection, secure storage and transfer

TElCertificateRequest question

Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.
Posted: 02/11/2016 15:31:32
by Daniel Schaer (Standard support level)
Joined: 02/16/2012
Posts: 44


I have to build a .CSR with some needed parameters; using openssl, the command is:

openssl req -new -key privada -subj "/C=AR/O=subj_o/CN=subj_cn/serialNumber=CUIT subj_cuit" -out pedido

How do I emulate this parateter structure with TElCertificateRequest? I tried this way (but it is not accepted):

Request.Subject.Count := 4;

Request.Subject.Values[0] := BytesOfString('AR');
Request.Subject.OIDs[0] := BytesOfString('C');

Request.Subject.Values[1] := BytesOfString(sEMIS));
Request.Subject.OIDs[1] := BytesOfString('O');

Request.Subject.Values[2] := BytesOfString(sNomb);
Request.Subject.OIDs[2] := BytesOfString('CN');

Request.Subject.Values[3] := BytesOfString('CUIT ' + sCUIT);
Request.Subject.OIDs[3] := BytesOfString('serialNumber');

Thank you very much!
Posted: 02/11/2016 15:50:55
by Eugene Mayevski (Team)

1) You need to first set an OID, then the value
2) OIDs are literally OIDs (binary constants), not strings in any form. OIDs you need are SB_CERT_OID_* and they are defined in SBConstants.pas.

Please refer to SecureBlackbox\Samples\PKIBlackbox\CertificatesWithGenerator sample for an example of setting OIDs properly.

Sincerely yours
Eugene Mayevski
Posted: 02/12/2016 07:04:37
by Daniel Schaer (Standard support level)
Joined: 02/16/2012
Posts: 44

Thank you, but the point is, I don´t understand what do I have to do to convert this openssl command, specially this:

-subj "/C=AR/O=subj_o/CN=subj_cn/serialNumber=CUIT subj_cuit"

I don´t know if I have to move this all to one OID (and in this case which one), or if I have to pass this values in any other way.
Posted: 02/12/2016 07:28:51
by Ken Ivanov (Team)

Hi Daniel,

What you have in the -subj parameter is a string representation of an RDN structure. Each /XXX=YYY entry corresponds to a single RDN value, which should be stored in a separate RDN key. In your case the code will looks like the following:

Request.Subject.Count := 4;

Request.Subject.OIDs[0] := SB_CERT_OID_COUNTRY;
Request.Subject.Values[0] := StrToUTF8('AR');
Request.Subject.Tags[0] := SB_ASN1_PRINTABLESTRING;

Request.Subject.OIDs[1] := SB_CERT_OID_ORGANIZATION;
Request.Subject.Values[1] := StrToUTF8('subj_o');
Request.Subject.Tags[1] := SB_ASN1_PRINTABLESTRING;

Request.Subject.OIDs[2] := SB_CERT_OID_COMMON_NAME;
Request.Subject.Values[2] := StrToUTF8('subj_cn');
Request.Subject.Tags[2] := SB_ASN1_PRINTABLESTRING;

Request.Subject.OIDs[3] := SB_CERT_OID_SERIAL_NUMBER;
Request.Subject.Values[3] := StrToUTF8('CUIT ' + sCUIT);
Request.Subject.Tags[3] := SB_ASN1_PRINTABLESTRING;

Posted: 02/12/2016 12:34:33
by Daniel Schaer (Standard support level)
Joined: 02/16/2012
Posts: 44

Hi Ken;

Your code works very well, thank you very much!.

Best regards.
Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages



Topic viewed 2295 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!