Is EElSymmetricCryptoError ignorable?

Posted: 01/11/2018 10:32:38
by Roger Dunn (Standard support level)
Joined: 02/26/2016
Posts: 2

The entity I work for has a wildcard certificate issued by "RapidSSL SHA256 CA- G4". I know this because I installed it on my PC and this is the value of "Issued By" column in certmgr > Personal > Certificates. When I exported this certificate from IIS on our web server, I oped to export the private key and then I was asked to provide a password, so I chose one. The resulting file has a .pfx extension. This is what I had imported earlier into certmgr.

I am using SBB 15 for VCL in the Berlin version. When I try to load this file using ElX509Certificate1.LoadFromFileAuto, I get the expected exceptions that SecureBlackBox likes to throw (such as ElCertificateError and EElPEMError). But I also get two instances of EElSymmetricCryptoError thrown in a row which say, "Invalid symmetric cipher padding." However, I don't see this error when I run the executable outside of a Debug session. Does that mean this is one I can ignore? This wording worries me.

If I shouldn't ignore this error, then was there something I did wrong in exporting the certificate to .pfx. I'm sure I'm using the right password in LoadFromFileAuto.
Posted: 01/12/2018 00:39:05
by Vsevolod Ievgiienko (Team)

Thank you for contacting us.

However, I don't see this error when I run the executable outside of a Debug session. Does that mean this is one I can ignore?

Indeed you can ignore these exceptions as they are internal and handled by SecureBlackbox code.
Posted: 01/12/2018 04:26:51
by Eugene Mayevski (Team)

To add to Vsevolod's answer:

you are using LoadFromStreamAuto() method, which just tries all LoadFrom*() methods one by one and looks, which one works. Some of those methods throw an error when they get what-they-consider-garbage as an input. This is where these exceptions come from. LoadFromStreamAuto() handles them internally.

In your case, as you know the format, it is much more efficient to use TElX509Certificate.LoadFromStreamPFX() method, if you know that the file contains just one certificate, or use TElMemoryCertStorage.LoadFromStreamPFX() method, if you assume that the PFX can contain more than one certificate.

Sincerely yours
Eugene Mayevski



Topic viewed 511 times


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!