EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Retrieve email address from certificate

Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.
#37412
Posted: 08/09/2016 14:00:04
by Cilmar Thomé (Standard support level)
Joined: 05/19/2016
Posts: 7

Hi!

I'm trying to display signer's information, in the visible signature of a PDF, in the same way Adobe Reader does: <name>:<id> <<email>>

I didn't find the email address in TElX509Certificate.SubjectName.EMailAddress property (empty), nor in SubjectRDN. I did find it in Extentions.SubjectAlternativeName.Content.Names[0].RFC822Name, but I'm not sure if that information should always be found in the same position.

How could I retrieve the email address in a more elegant way (in Delphi)?

Thanks!

Cilmar.
#37417
Posted: 08/10/2016 01:10:45
by Ken Ivanov (EldoS Corp.)

Hello Cilmar,

There is no 'standard' location for e-mail addresses in a certificate. Different CAs use two different approaches (exactly the ones you've identified): either as a SB_CERT_OID_EMAIL entry in the 'main' SubjectRDN field (which maps to SubjectName.EMailAddress), or as a RFC822Name entry in SubjectAlternativeName extensions.

So the most elegant way I'm afraid would be checking both properties, starting with SubjectRDN and continuing to SubjectAlternativeName extension. Note that in general case certificates can contain more than one e-mail address, so the best idea would be to go through all entries in SubjectRDN and Extentions.SubjectAlternativeName.Content.Names lists.

Ken

Reply

Statistics

Topic viewed 169 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!