Discuss this help topic in SecureBlackbox Forum

Load CRL

There are two CRL-related components included in SecureBlackbox: TElCertificateRevocationList from the Base package and TElCertificateRevocationListEx from the PKI package. Depending on your needs you would choose one of the two components.

If you need a read-only access to CRLs (e.g., to check if the specific certificate is included), you'll be fine with the simpler TElCertificateRevocationList. If you want to edit your CRL, add certificates, and re-sign it, you should go for the extended component.

Loading a CRL into either component is simple:

1. Create your CRL component: TElCertificateRevocationList crl = new TElCertificateRevocationList();
2. Depending on the media where your CRL is stored choose between byte buffers-based and stream-based methods.
   • If your CRL is in a byte array r = crl.LoadFromBuffer(buf);
   • If your CRL is in a file

     
     FileStream f = new FileStream("cacert.crl", FileMode.Open);
     try
     {
       r = crl.LoadFromStream(f);
     }
     finally
     {
       f.Close();
     }
     

   Remember to check the return value to detect any load errors. If the CRL was successfully loaded, the above methods return 0.

Sometimes CRLs are stored in PEM format (base64-encoded data with headers). In these cases you need to use LoadFromBufferPEM() and LoadFromStreamPEM() methods. You can detect which format a particular CRL is stored in with the static TElCertificateRevocationList.DetectCRLFileFormat() method.

How To articles about certificate revocation lists (CRLs)

Discuss this help topic in SecureBlackbox Forum