Is EElSymmetricCryptoError ignorable?

#40107
Posted: 01/11/2018 19:32:38
by Roger Dunn (Standard support level)
Joined: 02/26/2016
Posts: 2

The entity I work for has a wildcard certificate issued by "RapidSSL SHA256 CA- G4". I know this because I installed it on my PC and this is the value of "Issued By" column in certmgr > Personal > Certificates. When I exported this certificate from IIS on our web server, I oped to export the private key and then I was asked to provide a password, so I chose one. The resulting file has a .pfx extension. This is what I had imported earlier into certmgr.

I am using SBB 15 for VCL in the Berlin version. When I try to load this file using ElX509Certificate1.LoadFromFileAuto, I get the expected exceptions that SecureBlackBox likes to throw (such as ElCertificateError and EElPEMError). But I also get two instances of EElSymmetricCryptoError thrown in a row which say, "Invalid symmetric cipher padding." However, I don't see this error when I run the executable outside of a Debug session. Does that mean this is one I can ignore? This wording worries me.

If I shouldn't ignore this error, then was there something I did wrong in exporting the certificate to .pfx. I'm sure I'm using the right password in LoadFromFileAuto.
#40108
Posted: 01/12/2018 09:39:05
by Vsevolod Ievgiienko (Team)

Thank you for contacting us.

Quote
However, I don't see this error when I run the executable outside of a Debug session. Does that mean this is one I can ignore?

Indeed you can ignore these exceptions as they are internal and handled by SecureBlackbox code.
#40109
Posted: 01/12/2018 13:26:51
by Eugene Mayevski (Team)

To add to Vsevolod's answer:

you are using LoadFromStreamAuto() method, which just tries all LoadFrom*() methods one by one and looks, which one works. Some of those methods throw an error when they get what-they-consider-garbage as an input. This is where these exceptions come from. LoadFromStreamAuto() handles them internally.

In your case, as you know the format, it is much more efficient to use TElX509Certificate.LoadFromStreamPFX() method, if you know that the file contains just one certificate, or use TElMemoryCertStorage.LoadFromStreamPFX() method, if you assume that the PFX can contain more than one certificate.


Sincerely yours
Eugene Mayevski

Reply

Statistics

Topic viewed 20 times

Number of guests: 1, registered members: 0, in total hidden: 0





Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!