EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Signature with the method EMSA-PKCS1-V1_5

Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.
#11547
Posted: 11/04/2009 10:17:45
by David MICHEL (Standard support level)
Joined: 09/23/2009
Posts: 48

Hello,

I must sign data according to method EMSA-PKCS1-V1_5 (Ebics specification p.284 for Sign A005).

On the value to be signed, I must generate a digital signature (according to Ebics).
With property UsePSS := False ?

do I have to use the ElMessageSigner component allows to have this result ?


Sincerely yours,
David MICHEL.
#11548
Posted: 11/04/2009 10:46:16
by Ken Ivanov (EldoS Corp.)

EMSA-PKCS1-V1_5 is not a signature, but an encoding method. I.e. you cannot sign messages with EMSA-PKCS1-V1_5, but you can use it to encode the message before signing it.

I have taken a look into the EBICS specification. Its A005 mechanism utilizes low-level PKCS#1 RSA signing methods. Please use TElRSAPublicKeyCrypto and TElRSAKeyMaterial classes to create signatures according to this specification.
#11561
Posted: 11/05/2009 01:57:11
by David MICHEL (Standard support level)
Joined: 09/23/2009
Posts: 48

Thank you.

I will follow your instructions.


Sincerely yours,
David MICHEL.
#11572
Posted: 11/06/2009 02:28:57
by David MICHEL (Standard support level)
Joined: 09/23/2009
Posts: 48

Hello,

I modified my document by using method EMSA-PKCS1-V1_5.

With EBICS, I must use the signature A005 PKCS#1 RSA to sign my document.

When I use the Sign() method, it returns me a message:
“Only detached signatures are supported”.

The SignDetached() method functions but I do not think that I must use this method.

Code
var
  Signature  : TElRSAPublicKeyCrypto;
  ClePrivSig : TElRSAKeyMaterial;

  FichDest   : TFileName;

  fsFichCle  : TFileStream;
  fsSource   : TFileStream;
  fsDest     : TFileStream;
begin

  Signature  := TElRSAPublicKeyCrypto.Create(SB_CERT_ALGORITHM_SHA256_RSA_ENCRYPTION);
  ClePrivSig := TElRSAKeyMaterial.Create();
  try
    try

      //Chargement dans un fichier en mémoire de la clé privée de signature
      fsFichCle := TFileStream.Create(FichClePrivSign,fmOpenRead or fmShareDenyWrite);
      try
        try
          ClePrivSig.Passphrase := Trim(UFonctions.LectureFichierDonnees(FichPass));
          ClePrivSig.LoadSecret(fsFichCle);
        except
        end;
      finally
        FreeAndNil(fsFichCle);
      end;

      //Assigne la clé à la signature
      Signature.KeyMaterial := ClePrivSig;

      //Paramètres de la signature
      //Signature.HashAlgorithm  := SB_ALGORITHM_DGST_SHA256;
      //Signature.InputIsHash    := False;
      Signature.CryptoType     := rsapktPKCS1; //rsapktPKCS1 = PKCS#1 v1.5 private key //rsapktPSS = RSA PSS private key
      //Format fichier source et destination
      Signature.InputEncoding  := pkeBinary;
      Signature.OutputEncoding := pkeBase64;

      //Signature
      FichDest := 'D:\GestionEBICS\GestionEBICS\Temp\DigitalSign.sig';

      fsSource := TFileStream.Create(FichSource, fmOpenRead);
      try
        fsDest := TFileStream.Create(FichDest, fmCreate);
        try
          Signature.SignDetached(fsSource, fsDest);
          //Signature.Sign(fsSource,fsDest); //<= ?
        finally
          FreeAndNil(fsDest);
        end;
      finally
        FreeAndNil(fsSource);
      end;

    finally
      FreeAndNil(ClePrivSig);
      FreeAndNil(Signature);
    end;

    //MessageDlg('The file was signed successfully', mtInformation, [mbOk], 0);
    Result := FichDest;

  except
    on E : Exception do
    begin
      MessageDlg(E.Message, mtError, [mbOk], 0);
      Result := '';
    end;
  end;


Sincerely yours,
David MICHEL.
#11573
Posted: 11/06/2009 02:32:35
by Ken Ivanov (EldoS Corp.)

That's right -- the SignDetached() method is the one you need.
Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.

Reply

Statistics

Topic viewed 2351 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!