How to Use AspEncrypt as a Client-site ActiveX Control Part 2
What is AspEncrypt?
AspEncrypt is an Active Server component that brings security to your applications through encryption. With AspEncrypt, you can encrypt data, send S/MIME-based secure mail, compute one-way hash values, generate and verify digital signatures, issue and manage X.509 digital certificates, and more. This component can be used in an ASP/ASP.NET or VB environment on Windows 2000/XP/2003/2008/Vista/7.
In this article we will tell you about “How to Use AspEncrypt as a Client-site ActiveX Control”. We divide this discussion into two different articles. You can find the previous article in here.
Working with User Certificates
The main reason why XEncrypt was introduced is to provide easy and safe access to the user’s private keys residing on the client machine. XEncrypt enables the user to generate digital signatures and decrypt data with her private key using the IE browser. The private key never has to leave the user’s machine, so its security is not jeopardized.
The best way to work with private keys is to obtain a digital certificate (digital ID). Every time you enroll for a certificate, a key pair (comprised of a public and private keys) is created on your local machine. The public key wrapped in a “certificate request file” is sent to a certification authority (CA) which issues the certificate and sends it back to you. Finally, the newly issued certificate is installed on your machine pointing to its original private key.
Once a certificate has been obtained, you can start using its private key to perform digital signing or data decryption. The code sample http://localhost/aspencrypt/client_side/sign.asp demonstrates how you can use XEncrypt to compute a digital signature on a text string using your certificate’s private key.
' Open "MY" certificate store which contains client certs
Set Store = XEncrypt.OpenStore("MY", False )
' Does the store contain certificates?
Count = Store.Certificates.Count
If Count = 0 Then
MsgBox "You have no certificates."
' If store contains more than one, enable user to pick one
If Count > 1 Then
Set Cert = XEncrypt.PickCertificate(Store, 4+8+16,_
"Select Certificate Please",_
"Select the one you want to be used for signing")
If Cert Is Nothing Then Exit Sub
' otherwise just pick that only one cert
Set Cert = Store.Certificates(1)
' Make sure the cert has a private key associated with it
If Cert.PrivateKeyExists = False Then
MsgBox "This certificate has no private key associated with it."
' obtain private key context for this cert
Set Context = Cert.PrivateKeyContext
' create empty hash object associated with this context
Set Hash = Context.CreateHash
Set Blob = Hash.Sign(Context.KeySpec)
document.frmSign.txtSignature.value = Blob.Base64
<FORM NAME="frmSign" ACTION="verify.asp">
Text to sign:<BR>
<TEXTAREA NAME="txtToSign" COLS="80" ROWS="3">Hello World!</TEXTAREA><BR>
<INPUT TYPE="BUTTON" OnClick="Sign" VALUE="Sign">
<TEXTAREA NAME="txtSignature" COLS="80" ROWS="3"></TEXTAREA>
<INPUT TYPE="SUBMIT" VALUE="Submit for verification">
This code snipped uses the previously unseen method PickCertificate exposed by XEncrypt. This method uses the undocumented CryptoAPI method CryptUIDlgSelectCertificateW which displays a list of certificates from a given certificate store.
PickCertificate’s second argument is a combination of flags that hide certain columns in the certificate list. In our case we hide all columns except “Issued To”, “Issued By” and “Expiration Date.” The third and fourth arguments are optional. They specify captions displayed by the title and body of the certificate list dialog.
The file sign.asp invokes the script verify.asp which verifies the signature against a certificate’s public key. For this script to work, you must export your signer certificate to a .cer file. To do that, bring up the certificate list, double-click on the certificate you want to export, open the Details tab and click the button “Copy to file.” When asked whether you want to export the private key, say “No.” Place the resultant .cer file on the web server for the script verify.asp to use. Below is the signature verification code:
' Verify digital signature using certificate's public key
Set CM = Server.CreateObject("Persits.CryptoManager")
Set Context = CM.OpenContext("mycontainer", True)
Set Hash = Context.CreateHash
' add the same text to hash
' obtain certificate we will use for verification
Set Cert = CM.ImportCertFromFile("d:\mycert.cer")
Set Key = Context.ImportKeyFromCert( Cert )
' Put signature to be verified in a Blob object
Set Blob = CM.CreateBlob
Blob.Base64 = Request("txtSignature")
Verified = Hash.VerifySignature(Blob, Key)
If Verified Then
Response.Write "Signature is verified."
Response.Write "Signature is NOT verified."
ASPHostPortal.com was founded in 2008. It has been topping the list of almost all the web hosting review sites so far. Still have websites running on ASP 3.0 or Classic ASP? Don’t worry; they still support legacy technology like Classic ASP Hosting. You can also mix and match Classic ASP and ASP.NET code in one single web site. They will make sure that Classic ASP runs smoothly on their servers and that your website is safer, faster and better supported than anywhere else! Their best and cheap Classic ASP hosting plan is starting at $5.00/mo. ASPHostPortal.com is now providing free domain and double SQL server space for new clients to enjoy the company’s outstanding web hosting service.