EldoS | Feel safer!

Software components for data protection, secure storage and transfer


Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.
Posted: 04/16/2016 13:30:47
by Luis Pardo (Basic support level)
Joined: 03/23/2016
Posts: 17


I am testing eldos C++ library for Windows and Mac. I can get XadesSignature in windows Platform getting TelX509Certificate from TelWinCertStore and passing this certificate to Signer class. But If I test the same code getting the same certificate with TElAppleCertStore I get the following error:

EElXMLSecurityError(Message: 'RSA key data expected.', ErrorCode: 0x000b130d)

I couldn't find any sample in the mac library distribution to check if I am doing something wrong. Is there any difference in the TElAppleCertStore so I have to do something different from TELWinCertStore usage???

Posted: 04/16/2016 13:34:08
by Eugene Mayevski (EldoS Corp.)

Yes, TElAppleCertStore is a completely different class, specific to MacOS, so it's possible that something doesn't work out of the box.

First of all, please check whether PrivateKeyExists and PrivateKeyExtractable properties of the certificate, which you take from TElAppleCertStore, are true. PrivateKeyExists should be true, while PrivateKeyExtractable can be either true or false.

Sincerely yours
Eugene Mayevski
Posted: 04/16/2016 13:55:04
by Luis Pardo (Basic support level)
Joined: 03/23/2016
Posts: 17

OK. I have installed a pfx with cert and key, but get_PrivateKeyExists returns false. I don't have very much experience as mac user, but I think I have imported this pfx correctly. I can find the certificate entry in the keychain app, and this entry has its key installed.
Posted: 04/16/2016 14:07:14
by Luis Pardo (Basic support level)
Joined: 03/23/2016
Posts: 17

I have extracted this code from IOSKeyChain example and modify to try to sign with any certificate found with private key. All certificates in the keychain get false from get_PublicKeyAlgorithm (I have other IOS developer certificates and the installed pfx).
TElStringList *KeychainNames = new TElStringList();
(new TElAppleCertStorage(NULL))->GetOpenedKeychains(KeychainNames);

for (int i = 0; i < KeychainNames->get_Count(); i++) {
    TElAppleCertStorage *keychain = new TElAppleCertStorage(NULL);
    std::string kname;
    KeychainNames->get_Strings(i, kname);
    if (keychain->get_Count() > 0) {
        for (int j = 0; j < keychain->get_Count(); j++) {
            TElX509Certificate *cert = keychain->get_Certificates(j);
            if (cert->get_PrivateKeyExists()/* && (cert->get_PublicKeyAlgorithm()==SB_CERT_ALGORITHM_ID_RSA_ENCRYPTION)*/){

              TMemoryStream stream;
              //std::string utf8("utf8");
              FXMLDocument.SaveToStream(stream, xcmNone,"utf8");
              std::string s;
              StreamToStr(stream, s);

              args.GetReturnValue().Set(String::NewFromUtf8(isolate, s.c_str()));


        String::NewFromUtf8(isolate, "ERROR!!!!")));
Posted: 04/16/2016 14:14:30
by Eugene Mayevski (EldoS Corp.)

Thank you for the details.

I welcome you to continue the investigation in the Helpdesk ( https://www.eldos.com/helpdesk/ ).

Helpdesk is our easy-to-use individual support system that allows communicating and exchanging sample data with our support personnel privately. You will also get e-mail notifications about updates of your support request.

Sincerely yours
Eugene Mayevski
Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.



Topic viewed 1973 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!