dev-crypto-csharp mail archive
SV: [dev-crypto-csharp] VS: BC .NET SSL verification
- To: <dev-crypto-csharp@bouncycastle.org>
- Subject: SV: [dev-crypto-csharp] VS: BC .NET SSL verification
- From: <Ulrich.baech-laursen@tietoenator.com>
- Date: Wed, 28 Jun 2006 10:58:08 +0200
- Thread-index: AcaC+BR2XjlsgyoWRcKKDk6JT2vTAQAARDewADUjMMAABLREMAAAITcABavZ9PA=
- Thread-topic: [dev-crypto-csharp] VS: BC .NET SSL verification
|
Any thoughts on the problem
stated below yet? Med venlig hilsen / Best
regards
Direct:
+45 7230 6444 TietoEnator Phone: +45 7230 6400 Fax: +45 7230 6440 Ved Lunden 12 Fra:
Ulrich.baech-laursen@tietoenator.com
[mailto:Ulrich.baech-laursen@tietoenator.com] Hi I’m pretty new to BC so please excuse any
newbie questions and mistakes. We’re trying to
authenticate an SSL certificate in a web request WITHOUT using the windows
keystore. Before getting too tangled up in the .net ssl authentication
mechanism, I ran into some problems with verifying my SSL certificate against a
PKCS12 keystore. The used certificates, keys and keystores are used in
a test environment and are working atm. When verifying the SSL certificate using ..verify()
against the issuing certificate there is no problem: Bool defaultValidate = false; // X509 SSL certificate string file_name =
"c:\\x509test\\ssl.cer"; Stream s = new
FileStream(file_name, System.IO.FileMode.Open); X509Certificate x1 = new
X509Certificate(s); s.Close(); // X509 CA certificate string file_name2 =
"c:\\x509test\\ca.crt"; Stream s2 = new
FileStream(file_name2, System.IO.FileMode.Open); X509Certificate x2 = new
X509Certificate(s2); s2.Close(); defaultValidate =
x1.Verify(x2.GetPublicKey()); // ß returns true When trying to do the same verification against the
keystore containing the same certificate as above I’ve encountered a few
problems: bool defaultValidate = false; // PKCS12 CA keystore
containing 2 certificates – CA root – and CA admin (issuing)
certificate FileStream open1 = new
FileStream("c:\\x509test\\ca.ks", FileMode.Open,
FileAccess.ReadWrite, FileShare.None); string pass =
"password"; Pkcs12Store caKeystore =
new Pkcs12Store(open1, pass.ToCharArray()); open1.Close();
string file_name =
"c:\\x509test\\ssl.cer"; Stream s = new
FileStream(file_name, System.IO.FileMode.Open); X509Certificate x1 = new
X509Certificate(s); this.textBox1.Text =
this.textBox1.Text + x1.IssuerDN.ToString() + "\r\n"; s.Close(); IEnumerator aliases =
caKeystore.Aliases(); aliases.Reset(); while
(aliases.MoveNext()){
string certAlias = aliases.Current.ToString();
AsymmetricKeyParameter publicKey1 = null;
publicKey1 =
(AsymmetricKeyParameter)caKeystore.GetCertificate(certAlias).GetCertificate().GetPublicKey();
defaultValidate = x1.Verify(publicKey1); // ß Exception } Exception: An unhandled exception of type
'Org.BouncyCastle.Crypto.DataLengthException' occurred in
bccrypto-csharp-b02.dll Additional information: input too large for RSA
cipher. - I’ve tried just about every single
method in this API to make this work - without luck I might add L Any and all help on the above topic would be greatly
appreciated. Best regards
Direct: +45 7230 6444 TietoEnator Phone: +45 7230 6400 Fax: +45 7230 6440 Ved Lunden 12 |