Solved

How do I obtain "PKI serial identifier" from certificate using Delphi, Indy, OpenSSL?

Posted on 2010-08-15
3
1,106 Views
Last Modified: 2013-11-23
Hi all,

Thanks for looking. Please excuse newbie mistakes and inelegance.

I have a specification for an internet service that verifies documents that I need to fulfill.  I have been given what I understand to be an X509 certificate (comprised of two sections marked CERTIFICATE and PRIVATE KEY) for development purposes.

Using Delphi 2005, Indy 10.2.3, the OpenSSL dlls (10.0.0a), and an import of libeay32 by Eric Young, I have (I believe) loaded the private key and certificate elements correctly.  Later, I use the private key to create an MD5 hash that I convert to base-64 as a signature.

In order to interpret this signature, the specification has a record that it described as the Certificate Identifier.  It contains information such as the distinguished names, hash algorithm etc.  

I also need one of two kinds of identifier - and this is the crux of my question - how do I obtain either or (ideally) both of these values (which I am told can be extracted from the certificate)?

Option1 : 17 character numeric field, described as a Verisign certificate identifier.

Option2: A hex string (the spec allows for up to 200 characters).

My understanding is that Option2 is a replacement/newer version of Option 1 from the certification agencies, so if it is an either/or thing, Option 2 is preferred.

Below is my code loading the key and certificate and obtaining a value.  Any of these steps may be suspect.  The value I get at the end is 224 characters long, which is too long - the server rejects it on that basis.

Code examples much appreciated.  Thanks in advance,

lordirish

Code extract:



const
    CERTFILE = 'Test';

var
    KeyFile : pBIO;
    TheKey : pEVP_PKEY;
    TheCert : pX509;
    TheValue   : string;

procedure LoadTheCertAndKeyAndGetValue;

    function CallBackFn(buffer: PChar; blength: integer; verify: integer; data: pointer): integer; cdecl;
    var
        Passphrase: String;
    begin
        Result := 0;
        StrPCopy(buffer, CERTFILE);
        Result := Length(CERTFILE);
    end;

var
    TempASN  : pASN1_Integer;
    TempPAC  : PAnsiChar;
    //
    iLoop    : integer;
    x1         : pEVP_PKEY;
    x2         : pX509;
begin
    KeyFile := BIO_new(BIO_s_file());
    BIO_read_filename(KeyFile, PAnsiChar(ExtractFilePath(ParamStr(0)) + CERTFILE + '.key'));
    x1 := nil;
    TheKey  := PEM_read_bio_PrivateKey(KeyFile, x1, @CallBackFn, self);
    //
    KeyFile := BIO_new(BIO_s_file());
    BIO_read_filename(KeyFile, PAnsiChar(ExtractFilePath(ParamStr(0)) + CERTFILE + '.key'));
    x2 := nil;
    TheCert :=  PEM_read_bio_X509(KeyFile, x2, @CallBackFn, self);
    //
    TempASN := X509_get_serialNumber(TheCert);
    TempPAC := TempASN.data;
    TheValue := '';
    for iLoop := 1 to Length(TempPAC) do
        TheValue := TheValue + IntToHex(Ord(TempPAC[iLoop]), 2);
end;

Open in new window

0
Comment
Question by:lordirish
3 Comments
 
LVL 8

Accepted Solution

by:
GeneralTackett earned 500 total points
ID: 33468531
There is a good section about this at the atozed/ intraweb site.  I also believe you can find it at the indy site just look for ssh and such it is in there it leads to a few tools where you can self publish.  it is rather lengthy to post here.  If you cant find it I will look and post a link.
0
 

Author Closing Comment

by:lordirish
ID: 33508122
Thanks, GeneralTackett.  Apologies for slow response, fell quite ill a couple of days after posting.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Creating an auto free TStringList The TStringList is a basic and frequently used object in Delphi. On many occasions, you may want to create a temporary list, process some items in the list and be done with the list. In such cases, you have to…
Introduction Raise your hands if you were as upset with FireMonkey as I was when I discovered that there was no TListview.  I use TListView in almost all of my applications I've written, and I was not going to compromise by resorting to TStringGrid…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question