EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Retrieve email address from certificate

Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.
Posted: 08/09/2016 14:00:04
by Cilmar Thomé (Standard support level)
Joined: 05/19/2016
Posts: 7


I'm trying to display signer's information, in the visible signature of a PDF, in the same way Adobe Reader does: <name>:<id> <<email>>

I didn't find the email address in TElX509Certificate.SubjectName.EMailAddress property (empty), nor in SubjectRDN. I did find it in Extentions.SubjectAlternativeName.Content.Names[0].RFC822Name, but I'm not sure if that information should always be found in the same position.

How could I retrieve the email address in a more elegant way (in Delphi)?


Posted: 08/10/2016 01:10:45
by Ken Ivanov (EldoS Corp.)

Hello Cilmar,

There is no 'standard' location for e-mail addresses in a certificate. Different CAs use two different approaches (exactly the ones you've identified): either as a SB_CERT_OID_EMAIL entry in the 'main' SubjectRDN field (which maps to SubjectName.EMailAddress), or as a RFC822Name entry in SubjectAlternativeName extensions.

So the most elegant way I'm afraid would be checking both properties, starting with SubjectRDN and continuing to SubjectAlternativeName extension. Note that in general case certificates can contain more than one e-mail address, so the best idea would be to go through all entries in SubjectRDN and Extentions.SubjectAlternativeName.Content.Names lists.




Topic viewed 106 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!