Re: How do we get the private key to do digital signature?

On Apr 9, 3:07 pm, "antonyliu2...@xxxxxxxxx" <antonyliu2...@xxxxxxxxx>
wrote:
On Apr 9, 2:31 pm, "Mitch Gallant" <jensig...@xxxxxxxxxxxxxxxx> wrote:





<antonyliu2...@xxxxxxxxx> wrote in message

news:1176146635.496224.166280@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

On Apr 8, 2:24 pm, "Mitch Gallant" <jensig...@xxxxxxxxxxxxxxxx> wrote:
<antonyliu2...@xxxxxxxxx> wrote in message

news:1176007627.547728.127110@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

On Apr 2, 11:48 am, "Mitch Gallant" <jensig...@xxxxxxxxxxxxxxxx>
wrote:
<antonyliu2...@xxxxxxxxx> wrote in message

news:1175531495.829203.325530@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> On Apr
2,
2:13 am, Kalle Olavi Niemitalo <k...@xxxxxx> wrote:
"antonyliu2...@xxxxxxxxx" <antonyliu2...@xxxxxxxxx> writes:

= snip

Anyone has a hint about my 2nd question, repeated below?

Q2: In Signer.Certificate = MyStore.Certificates.Item(1), the
sample
code seems to be retrieving the first certificate in the keystore.
How do I retrieve from the keystore the certificate which the user
has
selected from the popup dialog box as shown below?

From CAPICOM, you can use:
MyStore.Certificates.Find(....)
http://msdn2.microsoft.com/en-us/library/aa376505.aspx
to return another Certificates object which matches the criterion you
specify.
e.g. with the FindType argument set at
CAPICOM_CERTIFICATE_FIND_SUBJECT_NAME,
you can enter the SubjectName string or a substring of it and the
Certificate object will turn one item.

- Mitch Gallant
MVP Security
www.jensign.com

Hi, Mitch,

Thank you. I have started to look into the CAPICOM services. The MSDN
CAPICOM reference says:

Function Find( _
ByVal FindType As CAPICOM_CERTIFICATE_FIND_TYPE, _
[ ByVal varCriteria As Variant ], _
[ ByVal bFindValidOnly As Boolean ] _
) As Certificates

And exactly like what you said, we can retrieve a cert by find_type
CAPICOM_CERTIFICATE_FIND_SUBJECT_NAME, and speicifying the
subject_name, for example, "John Doe".

But, in my situation, my web application requires client side
authentication through X.509 digital certificate. The web browswer
will popup a dialog box like the one below for the user to select his/
her cert and proceed.

http://farm1.static.flickr.com/167/442962234_ab4a756b8c_o.png

Suppose the user selects "Hillary Clinton", how do I know in my
VBScriptwhat has been selected? In other words, how do does the
VBScriptcode communicate with the IE popup dialog box?

I think you'd need to make the https (SSL) connection directly from
yourVBSCriptcode using something similar to HTTPWebRequest. I think I did
that
some time back .. can't remember. Search for that sort of COM object in
vbs.
Should be similar to this .NET approach:

http://groups.google.com/group/microsoft.public.dotnet.security/brows...
where you add client certificates to the request before it is actually
made.
- Mitch- Hide quoted text -

- Show quoted text -

OK, thanks for the hint. The .NET approach of yours handles cert
stuffs on the server side. I have done this in Java, like generating
x.509 certs, encrypting/decrypting withkeypairs. But I have no clue
how a token (for example a short string) can be signed on the client
side, using eithervbscriptor javascript.

That google link is .NET code for CLIENT selecting a cert to make https
client-auth connection ..
You can use CLINET vbs code with capicom (CAPICOM.SignedData object) to sign
anything you want to then POST to SSL server.
- Mitch- Hide quoted text -

- Show quoted text -

Thx.

My existing client side script in VBScript can already send the
selected cert successfully to my web application. I will post the
script when I have access to my work station later today, so that you
can see how the selected cert is sent.

Maybe it is possible to modify the existing script in such a way that
I can get to know which cert has been selected.

AL- Hide quoted text -

- Show quoted text -

For right now, my web application knows whose cert was submitted after
it parses the intercepted cert. I wish I could do this on the client
side.


.

Relevant Pages

  • Re: Radius Server
    ... > so I'm guessing the client needs the Server Certificate, ... > export it from the server and import it to the client. ... >> But if you deployed EAP-TLS, you need a server cert and a client ...
    (microsoft.public.windows.server.networking)
  • Re: OWA Form Resetting
    ... Depends on the client browsers... ... The reason why you are getting alerts regarding the certificate being ... both the ISA server computer as well as the external ... I can view the cert and the certs ...
    (microsoft.public.isa)
  • Re: Crypto iffpar
    ... I reconfigured my test client to be a "strict client" (to use your ... > and 0x1 (meaning trusted cert) on server cryptostats. ... | The certificate signature has been verified. ...
    (comp.protocols.time.ntp)
  • Re: Somewhat Urgent - Exchange 2007 Configuration Question
    ... public cert> ... to resolved the internal / external certificate issue. ... for "Exchange" so Outlook clients no longer get the certificate warning. ... The client computers having this issue are located across a security ...
    (microsoft.public.exchange.admin)
  • Re: Wireless WPA on SBS not authenticating
    ... Automatic certificate enrollment for local system failed to contact the ... Guess that means im not gettin anything so it must be my client or router. ... you could try updating the NIC drivers on the wireless ... I can see on a client machine that the cert is there and it is the ...
    (microsoft.public.windows.server.sbs)
Quantcast