EldoS | Feel safer!

Software components for data protection, secure storage and transfer

TElX509Certificate.ToX509Certificate2 Method

Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.
Posted: 06/01/2016 14:06:08
by Paolo  (Standard support level)
Joined: 12/15/2015
Posts: 30

Hi everyone,

I have some issues on webServices request and attach on some webService's property the autentication certificate previously retrived with TElPKCS11CryptoProvider from user's token USB.

I have succeffully retrive the 2 certificates on board of the Token with (as I say) TElPKCS11CryptoProvider, TElPKCS11CertStorage and TElPKCS11SessionInfo objects(actually I can already sign some documents, so this let me think that the retrive's certificate procedure is going well).

Anyway, the webservice's property ask me to attach a x509Certificate2 certificate, so I think to use TElX509Certificate.ToX509Certificate2 method passing the value set on True on CopyPrivateKey. Anything seems going good (at least on transform) but if I "watch" the result on the x509Certificate2's Properties, the one that state "PrivateKey" say me "Nothing".

Obviusly all of these procedure are called after I already set :
1) TElPKCS11CertStorage.Open
2) a check (result TRUE) on TElPKCS11SlotInfo.LoggedIn
3)a TElPKCS11SessionInfo.Login(SBPKCS11Base.Unit.utUser, pincode)

I know that the PrivateKey is stored inside the token, so there is a direct method with SecureBlackBox, after all the operation that I do, to retrive this with the x509Certificate2?

Posted: 06/02/2016 02:48:33
by Eugene Mayevski (EldoS Corp.)

You don't need x509Certificate2 at all.

The requirement you are quoting is not exactly correct. x509Certificate2 is just a .NET class, which is an interface to X.509 certificates. The webservice can ask you to include the X.509 certificate with the data. But in any case you should not include a private key. The private key must remain private and not be transferred anywhere.

On a side note, most hardware devices won't let you extract the private key anyway for security reasons.

Sincerely yours
Eugene Mayevski
Posted: 06/03/2016 03:10:33
by Paolo  (Standard support level)
Joined: 12/15/2015
Posts: 30

Hi Eugene,

what you wrote is in part what I initially think about, but the webService return "Private key not present in the X509 certificate" a NotSupportedException, so I have checked those properties and wrote my post above.

I will contact webservice's productor and ask them about it.

Thank you for your reply, I'll let you know about it.




Topic viewed 1341 times



Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!