EldoS | Feel safer!

Software components for data protection, secure storage and transfer


Posted: 04/16/2016 13:30:47
by Luis Pardo (Basic support level)
Joined: 03/23/2016
Posts: 17


I am testing eldos C++ library for Windows and Mac. I can get XadesSignature in windows Platform getting TelX509Certificate from TelWinCertStore and passing this certificate to Signer class. But If I test the same code getting the same certificate with TElAppleCertStore I get the following error:

EElXMLSecurityError(Message: 'RSA key data expected.', ErrorCode: 0x000b130d)

I couldn't find any sample in the mac library distribution to check if I am doing something wrong. Is there any difference in the TElAppleCertStore so I have to do something different from TELWinCertStore usage???

Posted: 04/16/2016 13:34:08
by Eugene Mayevski (Team)

Yes, TElAppleCertStore is a completely different class, specific to MacOS, so it's possible that something doesn't work out of the box.

First of all, please check whether PrivateKeyExists and PrivateKeyExtractable properties of the certificate, which you take from TElAppleCertStore, are true. PrivateKeyExists should be true, while PrivateKeyExtractable can be either true or false.

Sincerely yours
Eugene Mayevski
Posted: 04/16/2016 13:55:04
by Luis Pardo (Basic support level)
Joined: 03/23/2016
Posts: 17

OK. I have installed a pfx with cert and key, but get_PrivateKeyExists returns false. I don't have very much experience as mac user, but I think I have imported this pfx correctly. I can find the certificate entry in the keychain app, and this entry has its key installed.
Posted: 04/16/2016 14:07:14
by Luis Pardo (Basic support level)
Joined: 03/23/2016
Posts: 17

I have extracted this code from IOSKeyChain example and modify to try to sign with any certificate found with private key. All certificates in the keychain get false from get_PublicKeyAlgorithm (I have other IOS developer certificates and the installed pfx).
TElStringList *KeychainNames = new TElStringList();
(new TElAppleCertStorage(NULL))->GetOpenedKeychains(KeychainNames);

for (int i = 0; i < KeychainNames->get_Count(); i++) {
    TElAppleCertStorage *keychain = new TElAppleCertStorage(NULL);
    std::string kname;
    KeychainNames->get_Strings(i, kname);
    if (keychain->get_Count() > 0) {
        for (int j = 0; j < keychain->get_Count(); j++) {
            TElX509Certificate *cert = keychain->get_Certificates(j);
            if (cert->get_PrivateKeyExists()/* && (cert->get_PublicKeyAlgorithm()==SB_CERT_ALGORITHM_ID_RSA_ENCRYPTION)*/){

              TMemoryStream stream;
              //std::string utf8("utf8");
              FXMLDocument.SaveToStream(stream, xcmNone,"utf8");
              std::string s;
              StreamToStr(stream, s);

              args.GetReturnValue().Set(String::NewFromUtf8(isolate, s.c_str()));


        String::NewFromUtf8(isolate, "ERROR!!!!")));
Posted: 04/16/2016 14:14:30
by Eugene Mayevski (Team)

Thank you for the details.

I welcome you to continue the investigation in the Helpdesk ( https://www.eldos.com/helpdesk/ ).

Helpdesk is our easy-to-use individual support system that allows communicating and exchanging sample data with our support personnel privately. You will also get e-mail notifications about updates of your support request.

Sincerely yours
Eugene Mayevski



Topic viewed 2260 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!