0

I'm using CAPICOM to load a certificate needed by a WebService client.

I need to have the certificate installed in Windows, and then open it from the certificate file itself, which I think is "kinda stupid".

Is there any way to either (in order of preference):

  • Save the PFX File contents to a memo field in the database, and load it from there, without installing it on Windows?

  • Load the PFX File from the file itself, without installing it on Windows

I'm using Delphi XE3, LibEay32 and Capicom 2.0

EMBarbosa
  • 1,473
  • 1
  • 22
  • 76
nunopicado
  • 307
  • 4
  • 17

1 Answers1

3

If you want to install the certificate in Windows you will ALWAYS get a popup asking the user for permission, unless the certificate comes from a root that is already trusted. If you don't want that the only option is to use the PFX contents from a memo field each time you need the certificate.

I have no experience with Capicom, but from what I read it is a Microsoft DLL that you use?

If you are having problems with Capicom and LibEay32 you might want to check out the Eldos Secure BlackBox components. I have very good experiences with those and their support is great.

Birger
  • 4,343
  • 21
  • 35
  • Capicom is obsolete, see [http://msdn.microsoft.com/en-us/library/cc778518.aspx](http://msdn.microsoft.com/en-us/library/cc778518.aspx). To use WebServices with PFX files, I've sligtly modified SoapHTTPTrans.pas unit to support Synapse (and OpenSSL) – pf1957 Jun 11 '13 at 17:01
  • I second using Eldos Secure BlackBox. No more messing around with OpenSSL, capicom, etc. It provides everything you need for crypto and then some, and their support is stellar (even if they may appear a little rough at the beginning!) – Leonardo Herrera Jun 11 '13 at 22:33
  • Thank you for the replys! Providing I'm using THTTPReqResp to establish comunications, how would I load the PFX from a TMemo? That would be ideal, since it would be interesting to save the pfx contents in my SQL database. – nunopicado Jun 23 '13 at 14:16
  • What I understand from looking at THTTPReqResp.ClientCertificate code is that it only allows you to select certificates that are installed in the store. It looks impossible to use another method to load a certificate. I think you should consider abandoning THTTPReqResp. – Birger Jun 24 '13 at 07:03
  • What would be the alternative? THTTPRIO? – nunopicado Jun 24 '13 at 17:17
  • It seems THTTPRIO has the same problem: it only works with certificates from the store. The only thing I can recommend then is the Eldos components I mentioned earlier. They are not free, but worth the investment if this is the kind of stuff you need! – Birger Jun 25 '13 at 07:34
  • If you are still looking for a solution based on OpenSSL, I can post you my SoapHTTPTrans modification from 2008 using [Synapse](http://ararat.cz/synapse/doku.php) as a secure communication library. – pf1957 Jun 27 '13 at 12:30
  • pf1957: That would be great. Someone else told me about Synapse and I began today looking into it, but couldn't yet find how to do it! Thank you – nunopicado Jun 29 '13 at 18:07
  • @nunopicado: if this the case than send me your email, pls (mine is in my SO's profile) – pf1957 Jun 30 '13 at 15:09