[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: RE: 'EncodedParams' error in CreateDHCryptoKeys



Hello Robert
First, thanks for the quick answer.
Second, I do not use the 'certificate builder' as it is in the SFL, I wrote
my own code 
that build a cert' and it works fine
but...
IF I USE : 
(use the prepared dh_params.dat + BugsDhY.dat)
//
////////////////////////////////////////////////////////////////////////////
//////////////
    // subj_pubkey_alg_id
    cert.certificateToSign->subjectPublicKeyInfo = new SubjectPublicKeyInfo;
    cert.certificateToSign->subjectPublicKeyInfo->algorithm = new
AlgorithmIdentifier;
    cert.certificateToSign->subjectPublicKeyInfo->algorithm->algorithm = 
        CSM_OID("1.2.840.10046.2.1");
 
CSM_Alg::LoadNullParams(cert.certificateToSign->subjectPublicKeyInfo->algori
thm);

    // EncodedParams
    cert.certificateToSign->subjectPublicKeyInfo->algorithm->parameters =
new AsnAny;
    CSM_Buffer a(".\\smimeR1.5\\test\\certs\\config.d\\dh_params.dat");
    a.ConvertFileToMemory();
    SM_ASSIGN_ANYBUF(&a, 
 
cert.certificateToSign->subjectPublicKeyInfo->algorithm->parameters);

    // PublicKey Blob
    CSM_Buffer b(".\\smimeR1.5\\test\\certs\\config.d\\BugsDhY.dat");
    b.ConvertFileToMemory();
    cert.certificateToSign->subjectPublicKeyInfo->subjectPublicKey.Set(
              b.Access(), b.Length()*8);
//
////////////////////////////////////////////////////////////////////////////
//////////////
I get a WONDERFUL cert' that works fine with the
'./certs/private.d/BugsDsaX_8.dat'
but...
IF I USE :  
(trying to create the dh_params.dat + BugsDhY.dat + BugsDsaX_8.dat
dynamically)
//
////////////////////////////////////////////////////////////////////////////
//////////////
  pCryptoDH = SM_BuildCryptoKeysDH(NULL, password);
  if(pCryptoDH != NULL)
    stat = pCryptoDH->GenerateKeys( &XPriv, &YPub, P, G, Q, nKeyBits,
readParams , &params );    
  if(stat != SM_NO_ERROR)
    // handle the ERROR
  else
  {
    if(subPubKeyInfPtr == NULL)
      subPubKeyInfPtr = new SubjectPublicKeyInfo;

    cert.certificateToSign->subjectPublicKeyInfo =
pCryptoDH->LoadSNACCPublicKeyInfo( &params , &YPub );

    //encrypt private key
    CSM_Alg *alg = new CSM_Alg(*subPubKeyInfPtr->algorithm);
    encryptPrivPtr = pCryptoDH->WrapPrivateKey(XPriv,password,alg);

    // put the pub' key data in the cert'
    SM_ASSIGN_ANYBUF( &params, 
 
cert.certificateToSign->subjectPublicKeyInfo->algorithm->parameters);
    cert.certificateToSign->subjectPublicKeyInfo->subjectPublicKey.Set(
YPub.Access(), YPub.Length()*8);
  }
//
////////////////////////////////////////////////////////////////////////////
//////////////
so...
1) How can I create the 'BugsDhY.dat' + 'dh_params.dat' + 'BugsDhX_8.dat' ?
Even if they are created in an out-side tool, or an untested tool I would
like to test it.
Any help will be most most welcome.

2) I did not understand from your answer:
	Are the 'CSM_Buffer YPub' + 'CSM_Buffer params' above, are the
PublicKey+AlgParameters 
	needed to create and use the cert' ? (as in the second part of code
above)
	Why the code in the second part do not work ?


Thanks again 
Alon Barak
Vanguard Security Technologies Ltd.
Tel: 972-4-9891311 (Ext. 221); 
Fax: 972-4-9891322
mailto:Alon@xxxxxxxxxx


-----Original Message-----
From: Colestock, Robert [mailto:Robert.Colestock@xxxxxxxx]
Sent: Wednesday, June 28, 2000 7:57 PM
To: 'Alon Barak'
Subject: RE: 'EncodedParams' error in CreateDHCryptoKeys


Alon:

You are not going to like my answer.  We do not support certificate
construction; all of our certificate construction logic is undocumented and
in this case untested.  You are viewing a very early version of our
certificate builder; looking at this logic, it does nothing.  The public key
is not loaded into the certificate.  Our working test utilities for that
version are in sm_CfgCert.cpp where each Certificate component is loaded
explicitely by name (you can directly see the SNACC/ASN.1 spec name loaded
directly from a keyword in a config file).  The algorithm specific component
you refer to is handled in a different location (now in sm_Alg, since the
CTILs are referenced directly).  The DH public key and parameters are
generated separately and saved in files; the sm_CfgCert.cpp logic reads
these files with the config file specified OIDs (NO VALIDATION IS DONE) and
encoded into a certificate, then signed (if requested).

On the bright side, we have improved the CertificateBuilder logic (I have
not re-tested it recently) to properly build several versions of
certificates through the GUI.  This logic is more throroughly tested and
more readable.  It does validate the individual algorithm types (e.g. RSA,
DSA, DH) and properly encodes the parameters and public keys.  We are close
to delivering the newest release; I can send this to you; or you can
investigate the logic that processes the config files in
"./test/certs/config/ElmerDh.cfg" ("./testsrc/util/sm_CfgCert.cpp") and
"./test/sm_free/sm_fcerts.cfg" ("./testsrc/utilalgs/sm_CfgFree.cpp").  I
believe you will find these files more readable.

Bob Colestock
VDA.

-----Original Message-----
From: Alon Barak [mailto:alon@xxxxxxxxxx]
Sent: Wednesday, June 28, 2000 12:29 PM
To: 'imc-sfl@xxxxxxx'
Subject: 'EncodedParams' error in CreateDHCryptoKeys


Hello Robert
I'm working with the ('smimeR1.5' on a WinNT OS) and my goal is to create a
certificate and use it.
As far as I know, in order to create and use the cert' I need:
	PublicKey + AlgParameters (for creating the cert')
	PrivateKey.		     (for using the cert')
To generate DH PublicKey + AlgParameters + PrivateKey I used code that is
used in the 
'CertWindowDlg.cpp' in 'smimeR1.6', the 'CertificateBuilder.dsp'.
The code is:
//
////////////////////////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////////////////////
  pCryptoDH = SM_BuildCryptoKeysDH(NULL, password);
  if(pCryptoDH != NULL)
  {
    stat = pCryptoDH->GenerateKeys( &XPriv, &YPub, P, G, Q,
                                    nKeyBits, readParams , &params );    
  }
  if(stat != SM_NO_ERROR)
  {
    // handle the ERROR
  }
  else
  {
    if(subPubKeyInfPtr == NULL)
    {
      subPubKeyInfPtr = new SubjectPublicKeyInfo;
    }
    subPubKeyInfPtr = pCryptoDH->LoadSNACCPublicKeyInfo( &params , &YPub );

    //encrypt private key
    CSM_Alg *alg = new CSM_Alg(*subPubKeyInfPtr->algorithm);
    encryptPrivPtr = pCryptoDH->WrapPrivateKey(XPriv,password,alg);
  }
//
////////////////////////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////////////////////
so...
1) Are the 'CSM_Buffer YPub' + 'CSM_Buffer params' are the
PublicKey+AlgParameters needed to create and use the cert' ?
  When I used them as the 'PublicKey=...' and 'EncodedParams=...' in the
'xxDH.cfg'
  the output cert' of the 'auto_hid.exe' was corrupted and could not be
opened.

2)Is the  'CSM_Buffer* encryptPrivPtr' is the PrivateKey needed to
encrypt/decrypt using the cert' ?

3) Is the 'SubjectPublicKeyInfo* subPubKeyInfPtr' is the cert's
certificateToSign->subjectPublicKeyInfo ?

4) How the 'dh_params.dat' and 'BugsDhY.dat' were built ? 


My goal...
 is to create a cert' but when I use all the 'subPubKeyInfPtr' as the cert's
certificateToSign->subjectPublicKeyInfo I got a cert' the has a 'DH (0
Bits)' in the 'PublicKey' parameter in the Microsoft cert' viewer and my
application fails to use this Cert' + PrivateKey to encrypt/decrypt.


Thanks in advance
Alon Barak
Vanguard Security Technologies Ltd.
Tel: 972-4-9891311 (Ext. 221); 
Fax: 972-4-9891322
mailto:Alon@xxxxxxxxxx