Home Forums ActiveX components Xceed Encryption for ActiveX Sign file using PFX file

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • User (Old forums)
    Member
    Post count: 23064
    #42953 |

    May 25, 2007

    Is there any way to sign a TXT or any other file using a private key in PFX file. The same asks for .key file. Is there any way to convert .pfx file into .key file.

    Rishi

    Imported from legacy forums. Posted by rishikesh (had 9078 views)

    User (Old forums)
    Member
    Post count: 23064

    Here are some articles from our Knowledge Base that will help you with your issue. However, these articles are not available online right now, because they have not been integrated into our new website (hopefully this will done soon!). So I’m pasting the content of those article right here :

    Article number 326

    Brief description Writing public/private/secret keys to text files.

    Long description
    I want to preserve my public/private/secret key in a text file and use it later, however whenever I read my file and assign the PublicKey, PrivateKey or SecretKey properties, I get an error stating that The secret/private/public key is invalid or uninitialized (eerInvalidSecretKey or eerInvalidKeyPair).

    Is this normal? Can I reuse the keys I created with the Xceed Encryption Library?

    Solution
    The public/private/secret keys created by the Xceed Encryption Library via the SetSecretKeyFromPassPhrase, SetRandomSecretKey or SetRandomKeyPair methods are not strings. The generated keys (which can be retrieved via the SecretKey, PrivateKey and PublicKey properties) must be encoded (using the Xceed Binary Encoding Library for example) BEFORE they can be written to a text file (as text).

    For example:

    ‘ generate the keys
    rsa.SetRandomKeyPair( 1024, null )

    Dim encoder as XceedBinaryEncoding
    Call encoder.License( “your license key” )

    Dim encodedKey As Variant
    encodedKey = encoder.Encode( rsa.PublicKey, true )

    ‘ Because the encoded key is returned as a variant
    ‘ we need to convert it to a string using the ToString
    ‘ method
    Dim writableKey As String
    writableKey = encoder.ToString( encodedKey )

    ‘ write the writable key to the text file.

    To decode the key, you would need to do the opposite:

    1- Read the writable key from the text file
    2- Use the FromString method to convert the key back to a variant
    3- Decode the key using the Xceed Binary Encoding’s Decode method
    4- Assign the key to the appropriate property (PublicKey, PrivateKey or SecretKey).

    Article number 206

    Brief description Can I use my own public and private keys?

    Long description
    I already have a private/public key. Can I use it with your library?

    Solution
    The only asymmetrical encryption algorithm supported by Xceed Encryption Library is RSA-OAEP which is part of the latest PKCS#1 document. If you have in your possession a RSA private or a public key that have not been created by Xceed Encryption Library it may or may not be compatible with the library, depending if it conforms to the OAEP standard or not.

    The key blob uses the ASN.1 notation with DER encoding, as described in the RSA PKCS #1 standard : ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf

    A good way to know if the key is compatible is to try it! Assign the PrivateKey property or the PublicKey property to a XceedRSAEncryptionMethod object and try to, respectively, Decrypt or Encrypt a bunch of data. If the key is invalid you will have a eerInvalidKeyPair (0x8004500E) error code.

    A more user-friendly way to guess if a key is OAEP is by checking the first byte of either the Private or Public key. If it’s ASCII 30 (in hexadecimal) there’s a chance that the key will be accepted by Xceed Encryption Library. This is due to the DER encoding that we are using. If it’s not “30” then you can be sure that the key is not according to the OAEP format and will be rejected.

    Article number 447

    Brief description Can I use the RSA public key generated by Xceed in .NET ?

    Long description
    How do I use the public key generated
    by XceedRSAEncryption in the .NET Framework?

    Solution
    We expose the Private/Public keys as a chunk of data and the .NET framework exposes the keys as their components.

    The problem is that neither of us (Xceed and Microsoft) exposes the other way to express RSA keys.

    Microsoft uses a simple structure to store the keys. Xceed Encryption Library, on the other hand, uses the ASN.1 and DER encoding in accordance with the RSA PKCS #1 Standard. This is neither available in the .NET Framework nor in Xceed Encryption. The DER specification can be found here.

    If you want to use .NET’s Public/Private keys with Xceed Encryption Library, you will need to implement the PKCS #1 specification yourself.

    However, the inverse process is simpler. The following C# sample demonstrate how to extract the various key components from Xceed’s Key chunks so they can be use with the .NET framework’s encryption classes.

    Refer to the sample’s comments for more information.

    Keep in mind that this sample will only work with Windows XP and above.

    Article number 284

    Brief description Can I create and read certificates with your library?

    Long description
    Can I create and read certificates with the Xceed Encryption Library?

    Solution
    There are many certificate formats (or standards) among which the more popular is X.509. They are often emitted by an authority (VeriSign, Thawte, …).

    We do not directly support the certificates. You can use our library to sign (create) or verify (read) the information in the certificates but you have to handle the certificate structure yourself. For example, reading a certificate will imply that you’ll have to interpret the headers and the fields of the certificate, extract the signature part and check the signature against the fields. Only the last part is performed by the library (you feed the signature to the Signature property and the fields to the Verify method).

    Furthermore, only the certificates using RSA-OAEP and SHA-1 (160 bits) can be created and verified using Xceed Encryption Library. We do not offer MD5 hashing, elliptic-curve keys or RSA v1.5 keys.

    Imported from legacy forums. Posted by André (had 466 views)

    User (Old forums)
    Member
    Post count: 23064

    Hi there

    In the above reply you mentioned that it is not too difficult to extract the various key components from XCeed’s key chunks.

    I have 162 bytes of data that is meant to contain an Xceed public key and i need to extract the modulus and exponent from this byte array.

    Can you please tell me how to do this, or ideally provide a short code sample.

    Many thanks

    Imported from legacy forums. Posted by pauljanes1979 (had 481 views)

    User (Old forums)
    Member
    Post count: 23064

    If the key is generated by our library, or you are using a key which is PKCS#1 compliant, you can use the following code to extract the modulus and exponent parts. You can read more on this <a href=”ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf”>here</a&gt; (particularly the ASN.1 format in section “A”) and <a href=”http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf”>here</a&gt;.

    <code>
    private bool FillRSAPublicKeyParameters( byte [] key, ref RSAParameters param )
    {
    bool valid = false;

    // We skip the Sequence OID tag
    if( key[ 0 ] == 48 )
    {
    int index = 1;
    int contentLength = 0;

    this.GetContentLength( key, ref index );

    // We skip the RSA OID sequence
    if( key[ index ] == 48 )
    {
    index++;
    contentLength = this.GetContentLength( key, ref index );
    index += contentLength;

    // We skip the Bit String OID tag
    if( key[ index ] == 3 )
    {
    index++;
    this.GetContentLength( key, ref index );

    // We skip an unused byte
    index++;

    // We skip the Sequence OID tag
    if( key[ index ] == 48 )
    {
    index++;
    this.GetContentLength( key, ref index );

    // This is “n”, the Modulus
    if( key[ index ] == 2 )
    {
    index++;
    this.CopyContent( key, ref index, ref param.Modulus );

    // This is “e”, the Exponent
    if( key[ index ] == 2 )
    {
    index++;
    this.CopyContent( key, ref index, ref param.Exponent );
    }
    }
    }
    }
    }
    }

    return valid;
    }

    private int GetContentLength( byte[] key, ref int lengthStartIndex )
    {
    int length = 0;

    // Xceed Encryption does not use the indefinite form of length encoding (== 128)
    System.Diagnostics.Debug.Assert( key[ lengthStartIndex ] != 128,
    “Indefinite length encoding not supported.” );

    if( key[ lengthStartIndex ] > 128 )
    {
    int lengthBytes = key[ lengthStartIndex ] – 128;

    lengthStartIndex++;
    while( lengthBytes > 0 )
    {
    length += key[ lengthStartIndex ] << ( 8 * ( lengthBytes – 1 ) );
    lengthStartIndex++;
    lengthBytes–;
    }
    }
    else
    {
    length = key[ lengthStartIndex ];
    lengthStartIndex++;
    }

    return length;
    }

    private void CopyContent( byte[] source, ref int startIndex, ref byte[] destination )
    {
    int length = this.GetContentLength( source, ref startIndex );

    if( source[ startIndex ] == 0 )
    {
    startIndex++;
    length–;
    }

    destination = new Byte[ length ];
    Array.Copy( source, startIndex , destination, 0, length );
    startIndex += length;
    }
    </code>

    Imported from legacy forums. Posted by André (had 9385 views)

Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.