Discuss this help topic in SecureBlackbox Forum

TElX509CertificateEx.Generate

TElX509CertificateEx     See also     


Filter: C#  VB.NET  Pascal  C++  PHP  Java  


Generates new certificate with defined algorithm and key length or new certificate on the basis of information contained in TElCertificateRequest class instance.

Declaration

[VB.NET]
    Sub Generate(ByVal Algorithm As Integer, ByVal DWordsInEncryptKey As Integer)
    Sub Generate(ByVal Request As TElCertificateRequest, ByVal Certificate As TElX509CertificateEx)
    Sub Generate(ByVal Request As TElCertificateRequest, ByVal Certificate As TElX509CertificateEx, ByVal SignatureAlgorithm As TElAlgorithmIdentifier)
    Sub Generate(ByVal Parent As TElX509Certificate, ByVal Algorithm As Integer, ByVal DWordsInEncryptKey As Integer)
    Sub Generate(ByVal KeyAlgorithm As TElAlgorithmIdentifier, ByVal SignatureAlgorithm As TElAlgorithmIdentifier, ByVal Bits As Integer)
    Sub Generate(ByVal Parent As TElX509Certificate, ByVal KeyAlgorithm As TElAlgorithmIdentifier, ByVal SignatureAlgorithm As TElAlgorithmIdentifier, ByVal Bits As Integer)

[Pascal]
    procedure Generate(Algorithm : integer; DwordsInEncryptKey : integer);
    procedure Generate(Request : TElCertificateRequest; Certificate : TElX509CertificateEx; CopySubjectFromRequest : boolean);
    procedure Generate(Request : TElCertificateRequest; Certificate : TElX509CertificateEx; SignatureAlgorithm : TElAlgorithmIdentifier; CopySubjectFromRequest : boolean);
    procedure Generate(Parent : TElX509CertificateEx; Algorithm: integer; DwordsInEncryptKey: integer);
    procedure Generate(KeyAlgorithm, SignatureAlgorithm : TElAlgorithmIdentifier; Bits : integer);
    procedure Generate(Parent : TElX509CertificateEx; KeyAlgorithm, SignatureAlgorithm : TElAlgorithmIdentifier; Bits : integer);

Parameters

  • Algorithm - specifies the type of the key to be generated. Possible values are listed below.
    When you generate a self-signed certificate, choose one of Signature Algorithms below, otherwise choose one of Public Key Algorithms below.
  • Bits - number of bits in the resulting key.
  • DWordsInEncryptKey - number of 32-bit words in resulting key. The length of the key in bits is calculated as 32 * DWordsInEncryptKey
  • Certificate - points to instance of TElX509Certificate where new certificate should be put to.
  • KeyAlgorithm - the object defining the key algorithm.
  • SignatureAlgorithm - the object defining the signature algorithm.
  • Parent - certificate to sign the newly created one
  • Request - should contain the object with valid Certificate Request information.
  • CopySubjectFromRequest - if true, the SubjectRDN of the certificate is initialized with the values taken from the request. If false, SubjectRDN is not changed (and you can set your own values before calling Generate method).

Values:

The following algorithms may be used as public key algorithms:


The following algorithms may be used as signature algorithms:

Description

    This method causes TElX509CertificateEx object to generate a new certificate based on specified security algorithm. Specify the length of the resulting key(s) using DwordsInEncryptKey parameter. All data of the generated certificate will be accessible via object properties an methods.
    Before calling Generate you need to set ValidFrom and ValidTo properties.
    Generate method can be used to generate self-signed certificates or certificates signed by Certificate Authority.
    If you generate certificate signed by Certificate Authority, you need to call SetCACertificate and SetCAPrivateKey methods to specify certificate and private key of the issuer (CA).

    If certificate by request is generated, this method causes TElX509CertificateEx object to generate a new certificate based on specified certificate request object and current certificate private key. Certificate request object contains subject information, such as Subject name and public key. The newly created certificate is signed by current TElX509CertificateEx private key and put to Certificate object.
    Certificate request doesn't contain validity period and extensions, so when you need generate new certificate by request before calling Generate you need to set ValidFrom, ValidTo and Extensions properties of Certificate as needed. Also, you can setup SubjectRDN of the certificate manually (possibly, by copying the values from the Request and altering SubjectRDN after that) and set CopySubjectFromRequest to false to preserve the contents of SubjectRDN that you have set.
    Note, that for self-signed certififcates an instance of TElX509CertificateEx class, whose Generate method is called, should have a Private Key. If the private key is absent, TElCertificateException is raised.

See also:     CertificateBinary    

Discuss this help topic in SecureBlackbox Forum