EldoS | Feel safer!

Software components for data protection, secure storage and transfer

TElX509Certificate.ToX509Certificate2 Method

Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.
Posted: 06/01/2016 14:06:08
by Paolo  (Standard support level)
Joined: 12/15/2015
Posts: 30

Hi everyone,

I have some issues on webServices request and attach on some webService's property the autentication certificate previously retrived with TElPKCS11CryptoProvider from user's token USB.

I have succeffully retrive the 2 certificates on board of the Token with (as I say) TElPKCS11CryptoProvider, TElPKCS11CertStorage and TElPKCS11SessionInfo objects(actually I can already sign some documents, so this let me think that the retrive's certificate procedure is going well).

Anyway, the webservice's property ask me to attach a x509Certificate2 certificate, so I think to use TElX509Certificate.ToX509Certificate2 method passing the value set on True on CopyPrivateKey. Anything seems going good (at least on transform) but if I "watch" the result on the x509Certificate2's Properties, the one that state "PrivateKey" say me "Nothing".

Obviusly all of these procedure are called after I already set :
1) TElPKCS11CertStorage.Open
2) a check (result TRUE) on TElPKCS11SlotInfo.LoggedIn
3)a TElPKCS11SessionInfo.Login(SBPKCS11Base.Unit.utUser, pincode)

I know that the PrivateKey is stored inside the token, so there is a direct method with SecureBlackBox, after all the operation that I do, to retrive this with the x509Certificate2?

Posted: 06/02/2016 02:48:33
by Eugene Mayevski (Team)

You don't need x509Certificate2 at all.

The requirement you are quoting is not exactly correct. x509Certificate2 is just a .NET class, which is an interface to X.509 certificates. The webservice can ask you to include the X.509 certificate with the data. But in any case you should not include a private key. The private key must remain private and not be transferred anywhere.

On a side note, most hardware devices won't let you extract the private key anyway for security reasons.

Sincerely yours
Eugene Mayevski
Posted: 06/03/2016 03:10:33
by Paolo  (Standard support level)
Joined: 12/15/2015
Posts: 30

Hi Eugene,

what you wrote is in part what I initially think about, but the webService return "Private key not present in the X509 certificate" a NotSupportedException, so I have checked those properties and wrote my post above.

I will contact webservice's productor and ask them about it.

Thank you for your reply, I'll let you know about it.




Topic viewed 1716 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!