posts - 234, comments - 480, trackbacks - 56

My Links

News




I am born in Bangladesh and currently live in Melbourne, Australia. I am a co-founder and core developer of Pageflakes www.pageflakes.com and CEO at Simplexhub, a highly experienced software development company based in Melbourne Australia and Dhaka, Bangladesh. Simplexhub, is on its mission to build a smart virtual community in Bangladesh and recently launched beta realestatebazaar.com.bd an ASP.NET MVC application written in C#.NET.

I also created SmartCodeGenerator

Some of my articles
Flexible and Plugin based .Net Application..
Mass Emailing Functionality with C#, .NET 2.0, and Microsoft® SQL Server 2005 Service Broker'
Write your own Code Generator or Template Engine in .NET
Smart Code Generator .NET: Usage Overview
Smart Code Generator .NET: Architectural Overview
Smart Code Generator .NET: using with NAnt and Cassini

Archives

Free Programming Language Training
<< Check out this Article for Xml based codegeneration with SCG | Home | ASP.NET MembershipApi Cannot resolve collation conflict for equal to operation >>

ASP.NET, Javascript tips: Encrypt /Sign /Verify signed message using Capicom ActiveX

This demonstrates possibilities on encrypting, signing, verifying message using the Capicom ActiveX and javascript in a webbrowser. An ASP.NET developers can take note of this technique when you want to invoke to capicom dll to implement PKI infastructure using a browser. I know .NET SmartClient would have been another option where you can use the .NET Framework Libraries to deal with X509Certificates, but you might want to know this technique too:

Source Blog: http://www.feed-squirrel.com/index.cfm?evt=viewItem&ID=36269

  • Use a Memory store and in a web page signs and verifies the sign
  • Create an VB ActiveX with the following code and register it. Also, the CAPICOM dll must be registered. Both activeX could be downloaded from a web site)
  • This code imports a PKCS#12 issued by a subordinader CA. If you want to get it contact me.

Function sign(text As String, P12Path As String, P12Password As String) As String

   ' This function imports a PKCS#12 container (private key and certificate to a
   ' memory store

    Dim store As store
    Dim signedData As signedData
    Dim signer As signer

    Set signer = New signer
    Set signedData = New signedData
    Set store = New store

    store.Open CAPICOM_MEMORY_STORE, "My", CAPICOM_STORE_OPEN_READ_WRITE
    store.Load P12Path, P12Password, CAPICOM_KEY_STORAGE_DEFAULT

    signedData.Content = text
    signer.Certificate = store.Certificates.Item(1)

    szSignedData = signedData.sign(signer, True, CAPICOM_ENCODE_BASE64)
    sign = szSignedData
End Function

  • Create a Web Page with the following javascript functions, invoking those from buttons

function btnSignedData_OnClick()
  {
    var SignedData = new ActiveXObject("AutomaticSign.ASign");

  try
  {
   txtSignedData.value = SignedData.Sign(txtPlainText.value,"c:\\c.p12","1111");
  }
  catch (e)
  {
   alert("An error occurred when attempting to sign the content);
   return false;
  }
  }
  function btnVerifyData_OnClick()
   {
    var CAPICOM_CERT_INFO_SUBJECT_SIMPLE_NAME = 0;
    var CAPICOM_CERT_INFO_ISSUER_SIMPLE_NAME = 1; 
    var CAPICOM_VERIFY_SIGNATURE_ONLY = 0;
   // instantiate the CAPICOM objects
   var certificate = new ActiveXObject('CAPICOM.Certificate');
   var SignedData = new ActiveXObject('CAPICOM.SignedData');
   try
   {
    SignedData.Content=txtPlainText.value;
   SignedData.Verify(txtSignedData.value, true, CAPICOM_VERIFY_SIGNATURE_ONLY);
   certificate=SignedData.Certificates(2);
    txtSignerData.value="Certificate :" + certificate.GetInfo(CAPICOM_CERT_INFO_SUBJECT_SIMPLE_NAME) + "\n";
    txtSignerData.value+= "Issuer     :" + certificate.GetInfo(CAPICOM_CERT_INFO_ISSUER_SIMPLE_NAME);
   }
   catch (e)
   {
    alert(e.description);
    return false;
   }
  alert("Signature verified");
 }

Print | posted on Thursday, May 03, 2007 2:09 PM |

Feedback

Gravatar

# re: ASP.NET, Javascript tips: Encrypt /Sign /Verify signed message using Capicom ActiveX

Please help: Is it possible to use CAPICOM ActiveX control to import a client certificate to solve man in the middle attacks by enabling mutual authentication?
2/24/2009 4:55 AM | gsogo
Gravatar

# re: ASP.NET, Javascript tips: Encrypt /Sign /Verify signed message using Capicom ActiveX

Hi,

Do u know using CAPICOM how to encrypt some string with public key and during decrypt how we can allow users to select certificate from select certificate dialog box and how we can use that Private key of the selected certificate for decrypt? If u know to do asymmetric encryption with CAPICOM, please help me.

By
Anita
5/25/2009 7:49 PM | Anita
Post A Comment
Title:
Name:
Email:
Website:
Comment:
Verification:
 
 

Powered by:

Copyright © Shahed Khan