Discuss this help topic in SecureBlackbox Forum

Decrypt data with X.509 certificates

To decrypt data encrypted in accordance with PKCS#7 standard, use TElMessageDecryptor class.

  1. Load the recipient's certificate (with its private key) to a TElMemoryCertStorage object as described here. Note, that you may include as many certificates as you wish, TElMessageDecryptor will find the appropriate one automatically.
  2. Create an instance of TElMessageDecryptor class: TElMessageDecryptor decryptor = new TElMessageDecryptor();
  3. Assign the certificate storage to decryptor: decryptor.CertStorage = storage;
  4. Pass the encrypted data to the Decrypt() method. Take care to use the overload which DOES NOT take the Key parameter. int res = decryptor.Decrypt(encryptedDataStream, plainDataStream); When the call succeeds, plainDataStream will contain the decrypted message. Check the res value returned by Decrypt() to ensure the decryption was successful. The value of 0 indicates success, any other value reports a SecureBlackbox error code described here.

After decryption completes, you can check the decryptor object's properties to find out the algorithm that was used to encrypt the data (Algorithm property) and the index of the exact certificate in the storage that was used to decrypt it (UsedCertificate). If decryption fails due to the absence of the certificate in the storage, you can check the CertIDs[] property to search for the required certificate locally.

How To articles about PKCS7 signing and encryption

Discuss this help topic in SecureBlackbox Forum