The ediSecurities object provides general security functionalities. The
ediSecurities object also maintains a collection of ediSecurity objects, which
act like security tokens for other entities.
Cryptographic Service Providers
For security services, Framework EDI (FREDI) uses the services provided by the
Cryptographic Service Providers (CSP) available in the Windows operating system
(after Windows 95). The Cryptographic Service Providers are third-party
libraries each having security services they are willing to support like
encryption and digital signatures, or other algorithms. The set of
security services they are willing to support puts a particular CSP into a
category of a provider
type.
In each CSP, there is a database that contain records of key containers; each
key container has a unique name to keep them distinct from each other. A
key container can have two public/private key pairs: the Key Exchange key pair
and the Signature key pair.
Default Cryptographic Service Provider
When an instance of FREDI is created, one of its initialization routines has to
determine a default CSP context, which is the default service provider and key
container it can use to provide security services. After having
determined the default service provider to use, FREDI checks to see if the key
container "FrameworkEDI_Secure_Context_00" already exists in that service
provider. If the key container exists then it will use that key container
as default, but if it does not, then the key container is added. The key
container then becomes the default CSP for FREDI, and all security services
requiring the use of the public and private key pair will use one of the key
pairs in the default key container. However, this default can be changed
using the SetDefaultCSP method,
or by individually setting the properties
DefaultKeyContainer, DefaultProviderName
and/or ServiceProviderType.
Methods
CreateKeyContainer
- Creates a new Cryptographic Service Provider (CSP) Key Container and
generates the public/private key pair.
CreateSecurity
- Creates and returns a new security object.
ExportExchangeKeyPair
- Exports the public/private key pair from Cryptographic Service Provider (CSP)
key container to a file.
ExportPublicKey
- Exports the public key of the Key Exchange key pair to a file.
GenerateSessionKey
- Generates a session key from the Cryptographic Service Provider (CSP) and
exports the session key BLOB to a file.
GetCertificate -
Gets the certificate object of an X.509 certificate from the certificate store.
GetCertificateBySubjectName
-
Gets the certificate object of an X.509 certificate from the default
certificate store
using the certificate's subject name only.
GetCertificateBySubjectName2
-
Gets the certificate object of an X.509 certificate from a specified
certificate store.
GetCertificateStoreLocations
- Gets the object containing a collection of all certificate system store
locations in the system.
GetServiceProviders
- Returns an object containing the collection of Cryptographic Service
Providers (CSP) available in the system.
ImportCertificatePfx
- Imports a certificate and its associated private key from a PFX file.
ImportExchangeKeyPair
- Imports a file containing the Public/Private key pair into a Cryptographic
Service Provider (CSP) key container.
ImportExtendedCertificate
-
Imports a certificate to the certificate store. An extended certificate
contains extended properties specific only to Windows Operating System.
IsCertificateExists
- Determines if an X.509 certificate exists in the default certificate store.
IsCertificateExists2
- Determines if an X.509 certificate exists in a specified certificate store.
