EldoS | Feel safer!

Software components for data protection, secure storage and transfer

X509SubjectName

Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages
#4991
Posted: 02/14/2008 06:36:42
by Haris Zujo (Standard support level)
Joined: 05/12/2006
Posts: 33

Hi

I'm wondering if there is something wrong with "X509SubjectName" tag creation? This is what I get when I sign the document.
Quote
...><X509SubjectName>C=si, O=state-institutions, OU=web-certificates, OU=Government, CN=Curs-ep, Curs-ep1235197018012</X509SubjectName><...

There is a picture of the certificate zhat I use attached and as you can see the tag SerialNumber is missing from <X509SubjectName>.

Any suggestions?

Regard Haris



#4992
Posted: 02/14/2008 07:03:06
by Nuno Guedes (Basic support level)
Joined: 08/13/2007
Posts: 87

SerialNumber it´s not an element of <X509SubjectName>.

SerialNumber is an element of <X509IssuerSerial> as the IssuerName.

see the example:

Code
<X509IssuerSerial>
  <X509IssuerName>CN=CertificateAuthority</X509IssuerName>
  <X509SerialNumber>16711743602112003984931672015136132502</X509SerialNumber>
  </X509IssuerSerial>
  <X509SubjectName>C=ES, ST=Madrid, L=Madrid, O=Storage Company, OU=Bank Storage, CN=AS400</X509SubjectName>


Wait for confirmation, or not, by the support.
#4996
Posted: 02/14/2008 08:38:58
by Haris Zujo (Standard support level)
Joined: 05/12/2006
Posts: 33

Yes you are rught, but this is not that serial number! This is maybe some custom serial number in the subject field. Please look the attached picture of the certificate!

Quote
...<X509SerialNumber>979178581</X509SerialNumber>
</X509IssuerSerial>
<X509SubjectName>C=si, O=state-institutions, OU=web-certificates, OU=Government, CN=Curs-ep, Curs-ep1235197018012</X509SubjectName>


<X509IssuerSerial> is OK.
#4999
Posted: 02/14/2008 11:45:47
by Eugene Mayevski (EldoS Corp.)

Quote
Haris Zujo wrote:
I'm wondering if there is something wrong with "X509SubjectName" tag creation? This is what I get when I sign the document.


Unfortunately your message gives no information.

Please specify the exact version number and edition of SecureBlackbox, and also check
a) whether the problem happens with one particular certificate or with any certificate (for example, whether it happens with the sample certificate located in <SecureBlackbox>\Certificates folder);
b) does the sample application expose the same problem or this is a problem of your code only

Also please post complete <X509IssuerSerial> tag.


Sincerely yours
Eugene Mayevski
#5008
Posted: 02/15/2008 02:22:42
by Haris Zujo (Standard support level)
Joined: 05/12/2006
Posts: 33

OK Eugene, first I'll answer your questions.

I'm using "XMLBlackBox - version 5.2.124 - Released October 9, 2007"
a) Yes it happens with every certificate with this custom attributes in X509 subject field. (In my case "SerialNumber=12345678".
b) Yes all the samples are exposed with sample application "SimpleSigner.exe"

And more.

I will give you sample of the same document signed with previous version of "XMLBlackBox - version 5.0.104 - Released December 25, 2006" and the "<X509SubjectName>" tag is OK. Both examples are made with SimpleSigner that came with belonging version.

In the attached zip are whole files. Here I'll quote ony the difference between the X509SubjectName.

Quote
XMLBlackBox - version 5.0.104 - Released December 25, 2006

<X509SubjectName>C=si, O=state-institutions, OU=web-certificates, OU=Government, CN=Curs-ep, CN=1235197018012</X509SubjectName>

Quote
XMLBlackBox - version 5.2.124 - Released October 9, 2007

<X509SubjectName>C=si, O=state-institutions, OU=web-certificates, OU=Government, CN=Curs-ep, Curs-ep1235197018012</X509SubjectName>


regards Haris


[ Download ]
#5011
Posted: 02/15/2008 02:28:17
by Haris Zujo (Standard support level)
Joined: 05/12/2006
Posts: 33

And the public part of the certificate!


[ Download ]
#5012
Posted: 02/15/2008 02:41:42
by Eugene Mayevski (EldoS Corp.)

Thank you for detailed information. Dmytro will check the issue. Meanwhile you can try SBB 6 Release Candidate 1, which is available for download. It's possible that the problem has been solved there already.


Sincerely yours
Eugene Mayevski
#5015
Posted: 02/15/2008 05:47:25
by Dmytro Bogatskyy (EldoS Corp.)

Quote
And the public part of the certificate!

Thank you, the problem really exists. The correct, is to write oid value for unknown attribute types. I'm fixing it.

P.S. Interesting, why the serial number of certificate not equal to the one included in Subject RDN.
#5017
Posted: 02/15/2008 07:47:47
by Haris Zujo (Standard support level)
Joined: 05/12/2006
Posts: 33

While I'm waiting for update I fix the problem adding 2 lines of code in file "SBXMLSec.pas - function FormatRDN(const RDN: TElRelativeDistinguishedName): XMLString;"

Code
...for i := 0 to RDN.Count - 1 do
  begin
    if CompareContent(RDN.OIDs[i], SB_CERT_OID_COMMON_NAME) then
      s := 'CN='
    else if CompareContent(RDN.OIDs[i], SB_CERT_OID_COUNTRY) then
      s := 'C='
    else if CompareContent(RDN.OIDs[i], SB_CERT_OID_ORGANIZATION) then
      s := 'O='
    else if CompareContent(RDN.OIDs[i], SB_CERT_OID_ORGANIZATION_UNIT) then
      s := 'OU='
    else if CompareContent(RDN.OIDs[i], SB_CERT_OID_EMAIL) then
      s := 'E='
    else if CompareContent(RDN.OIDs[i], SB_CERT_OID_LOCALITY) then
      s := 'L='
    else if CompareContent(RDN.OIDs[i], SB_CERT_OID_STATE_OR_PROVINCE) then
      s := 'ST='
    else if CompareContent(RDN.OIDs[i], SB_CERT_OID_STREET_ADDRESS) then
      s := 'STREET='
    else
      s := 'CN=';

    if Length(s) > 0 then.....


This will add "CN=" before every unknown attribut.

regard Haris
#5018
Posted: 02/15/2008 07:59:24
by Dmytro Bogatskyy (EldoS Corp.)

Quote
else
s := 'CN=';

This is not correct. If simplified it should be:
Code
else
  s := OIDToStr(RDN.OIDs[i]) + '=';
Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.

Reply

Statistics

Topic viewed 6166 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!