Re: How do we get the private key to do digital signature?



<antonyliu2002@xxxxxxxxx> wrote in message
news:1176162759.810886.45140@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On Apr 9, 3:48 pm, "Mitch Gallant" <jensig...@xxxxxxxxxxxxxxxx> wrote:
My existing client side script inVBScriptcan already send the
selected cert successfully to my web application. I will post the
script when I have access to my work station later today, so that you
can see how the selected cert is sent.

Maybe it is possible to modify the existing script in such a way that
I can get to know which cert has been selected.

AL- Hide quoted text -

- Show quoted text -

For right now, my web application knows whose cert was submitted after
it parses the intercepted cert. I wish I could do this on the client
side.

I don't think you can intercept the IE cert-selection dialog if IE
initiates
the SSL session with the server and invokes the client-authorization
cert-selection process. As I said earlier, you'd have to invoke the SSL
session from vbs itself and then select the cert and pass to SSL
negotiatio
that way.

- Mitch- Hide quoted text -

- Show quoted text -

Hmm, it looks like you are right.

I just checked the source code of the Login HTML page and there is
nothing special there!

Look, this is the source code screen snapshot:

http://farm1.static.flickr.com/248/453147844_430f70367a_o.png

And this is how this web form appears in IE:

http://farm1.static.flickr.com/192/453147858_57d693694d_o.png

And the the source code in plain text (nothing special!)

<form action="https://www.myhost.com:8443/mybank/LoginServlet";
method="post" name="bankloginform" id="bankloginform" onSubmit="return
emailCheck(bankloginform.email.value) &&

passwordCheck()">
<p>Please login using your email address and the password you
supplied the time
you signed up with the bank.
</p>
<p>Please note that you need a valid certificate to login. If you do
not have
a certificate yet, you can apply one for free right now.
</p>
<p>Your browser never knows if your certificate is revoked, but we
do know.
So, if your certificate has been revoked, you won't be able to
login.</p>
<table width="39%" border="0">
<tr>
<td width="21%" height="26"> <p align="right">e-mail:</td>
<td width="79%"><input name="email" type="text" id="email"
size="48"></td>
</tr>
<tr>
<td rowspan="2" valign="top"><div align="right">Password:</div></
td>
<td><input name="password" type="password" id="password"
size="48" maxlength="48"></td>
</tr>
<tr>
<td><input name=login type=submit id="login2" value="Login"></
td>
</tr>
</table>
</form>

OK, let's turn back to your suggestion: you'd have to invoke the SSL
session from vbs itself and then select the cert and pass to SSL
negotiation that way.

How do we invoke SSL from vbs? I have never done this.

AL

OK first of all, I'll reiterate that I have been able to do this from a
standalone .NET 1.1 client using basic code like this:
--------- .NET 1.1 snippet to connect to SSL server requiring
client-certificate authentication -----
X509Certificate jscert = X509Certificate.CreateFromCertFile(certfile);
HttpWebRequest req = (HttpWebRequest)WebRequest.Create(url);
req.ClientCertificates.Add(jscert);
HttpWebResponse resp = (HttpWebResponse)req.GetResponse();
------------------------
and with .NET 2, you can use all the support for searching and finding
certificates (so you wouldn't need to use CAPICOM from .NET).

I think that you could use the WinHttpRequest COM object like so:

--- VBScript sample to connect to SSL server requiring client-cert
authentication --------
......
Dim HttpReq As Object
' Instantiate the WinHTTPRequest ActiveX Object.
Set HttpReq = New WinHttpRequest

' Open an HTTP connection.
HttpReq.Open "GET", "https://somesecureurl/";, False

'Select a client certificate.
HttpReq.SetClientCertificate "LOCAL_MACHINE\Personal\My Middle-Tier
Certificate"

' Send the HTTP Request.
HttpReq.Send
-----------------------

check out MSDN docs on WinHttpRequest COM object (part of Windows HTTP
Services) at:
http://msdn2.microsoft.com/en-us/library/aa384106.aspx

- Mitch



.