Website Download Support
 

Discuss this help topic in SecureBlackbox Forum

TElX509CertificateEx.Generate

TElX509CertificateEx     See also     

Filter: C#  VB.NET  Pascal  C++  PHP  Java  

Generates new certificate with defined algorithm and key length or new certificate on the basis of information contained in TElCertificateRequest class instance.

Declaration

[C#]
    void Generate(int Algorithm, int DWordsInEncryptKey);
    void Generate(TElCertificateRequest Request, TElX509CertificateEx Certificate);
    void Generate(TElCertificateRequest Request, TElX509CertificateEx Certificate, TElAlgorithmIdentifier SignatureAlgorithm);
    void Generate(TElX509Certificate Parent, int Algorithm, int DWordsInEncryptKey);
    void Generate(TElAlgorithmIdentifier KeyAlgorithm, TElAlgorithmIdentifier SignatureAlgorithm, int Bits);
    void Generate(TElX509Certificate Parent, TElAlgorithmIdentifier KeyAlgorithm, TElAlgorithmIdentifier SignatureAlgorithm, int Bits);

[VB.NET]
    Sub Generate(ByVal Algorithm As Integer, ByVal DWordsInEncryptKey As Integer)
    Sub Generate(ByVal Request As TElCertificateRequest, ByVal Certificate As TElX509CertificateEx)
    Sub Generate(ByVal Request As TElCertificateRequest, ByVal Certificate As TElX509CertificateEx, ByVal SignatureAlgorithm As TElAlgorithmIdentifier)
    Sub Generate(ByVal Parent As TElX509Certificate, ByVal Algorithm As Integer, ByVal DWordsInEncryptKey As Integer)
    Sub Generate(ByVal KeyAlgorithm As TElAlgorithmIdentifier, ByVal SignatureAlgorithm As TElAlgorithmIdentifier, ByVal Bits As Integer)
    Sub Generate(ByVal Parent As TElX509Certificate, ByVal KeyAlgorithm As TElAlgorithmIdentifier, ByVal SignatureAlgorithm As TElAlgorithmIdentifier, ByVal Bits As Integer)

[Pascal]
    procedure Generate(Algorithm : integer; DwordsInEncryptKey : integer);
    procedure Generate(Request : TElCertificateRequest; Certificate : TElX509CertificateEx; CopySubjectFromRequest : boolean);
    procedure Generate(Request : TElCertificateRequest; Certificate : TElX509CertificateEx; SignatureAlgorithm : TElAlgorithmIdentifier; CopySubjectFromRequest : boolean);
    procedure Generate(Parent : TElX509CertificateEx; Algorithm: integer; DwordsInEncryptKey: integer);
    procedure Generate(KeyAlgorithm, SignatureAlgorithm : TElAlgorithmIdentifier; Bits : integer);
    procedure Generate(Parent : TElX509CertificateEx; KeyAlgorithm, SignatureAlgorithm : TElAlgorithmIdentifier; Bits : integer);

[C++]
    void Generate(int32_t Algorithm, int32_t DWordsInEncryptKey);
    void Generate(TElCertificateRequest &Request, TElX509CertificateEx &Certificate);
    void Generate(TElCertificateRequest *Request, TElX509CertificateEx *Certificate);
    void Generate(TElCertificateRequest &Request, TElX509CertificateEx &Certificate, TElAlgorithmIdentifier &SignatureAlgorithm);
    void Generate(TElCertificateRequest *Request, TElX509CertificateEx *Certificate, TElAlgorithmIdentifier *SignatureAlgorithm);
    void Generate(TElX509Certificate &Parent, int32_t Algorithm, int32_t DWordsInEncryptKey);
    void Generate(TElX509Certificate *Parent, int32_t Algorithm, int32_t DWordsInEncryptKey);
    void Generate(TElAlgorithmIdentifier &KeyAlgorithm, TElAlgorithmIdentifier &SignatureAlgorithm, int32_t Bits);
    void Generate(TElAlgorithmIdentifier *KeyAlgorithm, TElAlgorithmIdentifier *SignatureAlgorithm, int32_t Bits);
    void Generate(TElX509Certificate &Parent, TElAlgorithmIdentifier &KeyAlgorithm, TElAlgorithmIdentifier &SignatureAlgorithm, int32_t Bits);
    void Generate(TElX509Certificate *Parent, TElAlgorithmIdentifier *KeyAlgorithm, TElAlgorithmIdentifier *SignatureAlgorithm, int32_t Bits);

[PHP]
    void Generate(integer $Algorithm, integer $DWordsInEncryptKey)
    void Generate(TElCertificateRequest $Request, TElX509CertificateEx $Certificate)
    void Generate(TElCertificateRequest $Request, TElX509CertificateEx $Certificate, TElAlgorithmIdentifier $SignatureAlgorithm)
    void Generate(TElX509Certificate $Parent, integer $Algorithm, integer $DWordsInEncryptKey)
    void Generate(TElAlgorithmIdentifier $KeyAlgorithm, TElAlgorithmIdentifier $SignatureAlgorithm, integer $Bits)
    void Generate(TElX509Certificate $Parent, TElAlgorithmIdentifier $KeyAlgorithm, TElAlgorithmIdentifier $SignatureAlgorithm, integer $Bits)

[Java]
    void generate(TElX509Certificate Parent, TElAlgorithmIdentifier KeyAlgorithm, TElAlgorithmIdentifier SignatureAlgorithm, int Bits);
    void generate(TElCertificateRequest Request, TElX509CertificateEx Certificate, TElAlgorithmIdentifier SignatureAlgorithm);
    void generate(TElCertificateRequest Request, TElX509CertificateEx Certificate);
    void generate(TElAlgorithmIdentifier KeyAlgorithm, TElAlgorithmIdentifier SignatureAlgorithm, int Bits);
    void generate(TElX509Certificate Parent, int Algorithm, int DWordsInEncryptKey);
    void generate(int Algorithm, int DWordsInEncryptKey);

Parameters

  • Algorithm - specifies the type of the key to be generated. Possible values are listed below.
    When you generate a self-signed certificate, choose one of Signature Algorithms below, otherwise choose one of Public Key Algorithms below.
  • Bits - number of bits in the resulting key.
  • DWordsInEncryptKey - number of 32-bit words in resulting key. The length of the key in bits is calculated as 32 * DWordsInEncryptKey
  • Certificate - points to instance of TElX509Certificate where new certificate should be put to.
  • KeyAlgorithm - the object defining the key algorithm.
  • SignatureAlgorithm - the object defining the signature algorithm.
  • Parent - certificate to sign the newly created one
  • Request - should contain the object with valid Certificate Request information.
  • CopySubjectFromRequest - if true, the SubjectRDN of the certificate is initialized with the values taken from the request. If false, SubjectRDN is not changed (and you can set your own values before calling Generate method).

Values:

The following algorithms may be used as public key algorithms:

Definition Value Description
SB_CERT_ALGORITHM_ID_RSA_ENCRYPTION 0 (0x00) RSA
SB_CERT_ALGORITHM_ID_DSA 4 (0x04) DSA
SB_CERT_ALGORITHM_DH_PUBLIC 6 (0x06) Diffie-Hellman
SB_CERT_ALGORITHM_ID_RSAPSS 11 (0x0B) RSA key, which can be used only in RSA-PSS signature scheme
SB_CERT_ALGORITHM_ID_RSAOAEP 12 (0x0C) RSA key, which can be used only for RSA-OAEP encryption
SB_CERT_ALGORITHM_UNKNOWN 65535 (0xFFFF) the algorithm is unknown

The following algorithms may be used as signature algorithms:
Definition Value Description
SB_CERT_ALGORITHM_MD2_RSA_ENCRYPTION 1 (0x01) RSA digital signature with MD2 digest
SB_CERT_ALGORITHM_MD5_RSA_ENCRYPTION 2 (0x02) RSA digital signature with MD5 digest
SB_CERT_ALGORITHM_SHA1_RSA_ENCRYPTION 3 (0x03) RSA digital signature with SHA1 digest
SB_CERT_ALGORITHM_ID_DSA_SHA1 5 (0x05) DSA digital signature with SHA1 digest
SB_CERT_ALGORITHM_SHA224_RSA_ENCRYPTION 7 (0x07) RSA digital signature with SHA-224 digest
SB_CERT_ALGORITHM_SHA256_RSA_ENCRYPTION 8 (0x08) RSA digital signature with SHA-256 digest
SB_CERT_ALGORITHM_SHA384_RSA_ENCRYPTION 9 (0x09) RSA digital signature with SHA-384 digest
SB_CERT_ALGORITHM_SHA512_RSA_ENCRYPTION 10 (0x0A) RSA digital signature with SHA-512 digest
SB_CERT_ALGORITHM_ID_RSAPSS 11 (0x0B) DSA digital signature with SHA1 digest
SB_CERT_ALGORITHM_RSASIGNATURE_RIPEMD160 13 (0x0D) RSA-PSS digital signature
SB_CERT_ALGORITHM_UNKNOWN 65535 (0xFFFF) the algorithm is unknown

Description

    This method causes TElX509CertificateEx object to generate a new certificate based on specified security algorithm. Specify the length of the resulting key(s) using DwordsInEncryptKey parameter. All data of the generated certificate will be accessible via object properties an methods.
    Before calling Generate you need to set ValidFrom and ValidTo properties.
    Generate method can be used to generate self-signed certificates or certificates signed by Certificate Authority.
    If you generate certificate signed by Certificate Authority, you need to call SetCACertificate and SetCAPrivateKey methods to specify certificate and private key of the issuer (CA).

    If certificate by request is generated, this method causes TElX509CertificateEx object to generate a new certificate based on specified certificate request object and current certificate private key. Certificate request object contains subject information, such as Subject name and public key. The newly created certificate is signed by current TElX509CertificateEx private key and put to Certificate object.
    Certificate request doesn't contain validity period and extensions, so when you need generate new certificate by request before calling Generate you need to set ValidFrom, ValidTo and Extensions properties of Certificate as needed. Also, you can setup SubjectRDN of the certificate manually (possibly, by copying the values from the Request and altering SubjectRDN after that) and set CopySubjectFromRequest to false to preserve the contents of SubjectRDN that you have set.
    Note, that for self-signed certififcates an instance of TElX509CertificateEx class, whose Generate method is called, should have a Private Key. If the private key is absent, TElCertificateException is raised.

See also:     CertificateBinary    

Discuss this help topic in SecureBlackbox Forum

Copyright (c) 2018, /n software, inc.