SecureBlackbox 2020 Delphi Edition

Questions / Feedback?

Select Method

Allows the selection of certificates from the system store.

procedure Select(Filter: String; PrivateKeyNeeded: Boolean; MaxCount: Integer);


This function allows the user to select certificates from the system store by Filter and save them to SelectedCertificates. PrivateKeyNeeded specifies whether the method only should consider certificates having associated private keys. MaxCount limits the number of certificates selected.

The supported filters are listed below. Split the name and value of a specific filter with colon (:). Use | separator to pass more than one filter. During the search, the filters are joined using OR logic.

  • subjectkeyid: the subject key identifier, in hexadecimal format.
  • cakeyid: the key identifier of the issuing certificate, in hexadecimal format.
  • serialnumber: the serial number of the certificate, in hexadecimal format.
  • keyusage: certificate key usage flags. Use bitwise OR to specify several key usage flags using the values shown below.
  • fingerprint: certificate fingerprint in hexadecimal format. MD5, SHA1, SHA256, and SHA512 fingerprints are supported.
  • email: the e-mail parameter of the certificate subject.
  • subject: the subject of the certificate, either as an RDN, or as its common name parameter.
  • issuer: the issuer of the certificate, either as an RDN or a common name.
  • ui (Windows system stores only): whether to use UI dialog to select a certificate. Supported values: true, false, 1, 0. All other filters are ignored if this filter is specified.
  • * (asterisk): selects all certificates. This filter should always be used as a single character, not as a name:value pair.

Examples of filters

ui:1 - use Windows certificate selection dialog to let the user select a certificate visually.

* - select all certificates. - select all certificates with subject RDNs containing this e-mail address.

fingerprint:0a1b3c4d5e6f708192a3b4c5d6e7f8091a2b3c4d - select all certificates with this SHA1 fingerprint.

subject:/C=US/O=Big Company Inc/CN=Signing Certificate - select all certificates with the specified subject RDN.

keyusage:3| - select all certificates with key usages of Digital Signature or Non-Repudiation, or those having this e-mail address in their subject.

Key usage flags

ckuUnknown0x00000Unknown key usage

ckuDigitalSignature0x00001Digital signature


ckuKeyEncipherment0x00004Key encipherment

ckuDataEncipherment0x00008Data encipherment

ckuKeyAgreement0x00010Key agreement

ckuKeyCertSign0x00020Certificate signing

ckuCRLSign0x00040Revocation signing

ckuEncipherOnly0x00080Encipher only

ckuDecipherOnly0x00100Decipher only

ckuServerAuthentication0x00200Server authentication

ckuClientAuthentication0x00400Client authentication

ckuCodeSigning0x00800Code signing

ckuEmailProtection0x01000Email protection


ckuOCSPSigning0x04000OCSP signing

ckuSmartCardLogon0x08000Smartcard logon

ckuKeyPurposeClientAuth0x10000Kerberos - client authentication

ckuKeyPurposeKDC0x20000Kerberos - KDC

Copyright (c) 2022 /n software inc. - All rights reserved.
SecureBlackbox 2020 Delphi Edition - Version 20.0 [Build 8165]