EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Signature with the method EMSA-PKCS1-V1_5

Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.
#11547
Posted: 11/04/2009 10:17:45
by David MICHEL (Standard support level)
Joined: 09/23/2009
Posts: 48

Hello,

I must sign data according to method EMSA-PKCS1-V1_5 (Ebics specification p.284 for Sign A005).

On the value to be signed, I must generate a digital signature (according to Ebics).
With property UsePSS := False ?

do I have to use the ElMessageSigner component allows to have this result ?


Sincerely yours,
David MICHEL.
#11548
Posted: 11/04/2009 10:46:16
by Ken Ivanov (EldoS Corp.)

EMSA-PKCS1-V1_5 is not a signature, but an encoding method. I.e. you cannot sign messages with EMSA-PKCS1-V1_5, but you can use it to encode the message before signing it.

I have taken a look into the EBICS specification. Its A005 mechanism utilizes low-level PKCS#1 RSA signing methods. Please use TElRSAPublicKeyCrypto and TElRSAKeyMaterial classes to create signatures according to this specification.
#11561
Posted: 11/05/2009 01:57:11
by David MICHEL (Standard support level)
Joined: 09/23/2009
Posts: 48

Thank you.

I will follow your instructions.


Sincerely yours,
David MICHEL.
#11572
Posted: 11/06/2009 02:28:57
by David MICHEL (Standard support level)
Joined: 09/23/2009
Posts: 48

Hello,

I modified my document by using method EMSA-PKCS1-V1_5.

With EBICS, I must use the signature A005 PKCS#1 RSA to sign my document.

When I use the Sign() method, it returns me a message:
“Only detached signatures are supported”.

The SignDetached() method functions but I do not think that I must use this method.

Code
var
  Signature  : TElRSAPublicKeyCrypto;
  ClePrivSig : TElRSAKeyMaterial;

  FichDest   : TFileName;

  fsFichCle  : TFileStream;
  fsSource   : TFileStream;
  fsDest     : TFileStream;
begin

  Signature  := TElRSAPublicKeyCrypto.Create(SB_CERT_ALGORITHM_SHA256_RSA_ENCRYPTION);
  ClePrivSig := TElRSAKeyMaterial.Create();
  try
    try

      //Chargement dans un fichier en mémoire de la clé privée de signature
      fsFichCle := TFileStream.Create(FichClePrivSign,fmOpenRead or fmShareDenyWrite);
      try
        try
          ClePrivSig.Passphrase := Trim(UFonctions.LectureFichierDonnees(FichPass));
          ClePrivSig.LoadSecret(fsFichCle);
        except
        end;
      finally
        FreeAndNil(fsFichCle);
      end;

      //Assigne la clé à la signature
      Signature.KeyMaterial := ClePrivSig;

      //Paramètres de la signature
      //Signature.HashAlgorithm  := SB_ALGORITHM_DGST_SHA256;
      //Signature.InputIsHash    := False;
      Signature.CryptoType     := rsapktPKCS1; //rsapktPKCS1 = PKCS#1 v1.5 private key //rsapktPSS = RSA PSS private key
      //Format fichier source et destination
      Signature.InputEncoding  := pkeBinary;
      Signature.OutputEncoding := pkeBase64;

      //Signature
      FichDest := 'D:\GestionEBICS\GestionEBICS\Temp\DigitalSign.sig';

      fsSource := TFileStream.Create(FichSource, fmOpenRead);
      try
        fsDest := TFileStream.Create(FichDest, fmCreate);
        try
          Signature.SignDetached(fsSource, fsDest);
          //Signature.Sign(fsSource,fsDest); //<= ?
        finally
          FreeAndNil(fsDest);
        end;
      finally
        FreeAndNil(fsSource);
      end;

    finally
      FreeAndNil(ClePrivSig);
      FreeAndNil(Signature);
    end;

    //MessageDlg('The file was signed successfully', mtInformation, [mbOk], 0);
    Result := FichDest;

  except
    on E : Exception do
    begin
      MessageDlg(E.Message, mtError, [mbOk], 0);
      Result := '';
    end;
  end;


Sincerely yours,
David MICHEL.
#11573
Posted: 11/06/2009 02:32:35
by Ken Ivanov (EldoS Corp.)

That's right -- the SignDetached() method is the one you need.
Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.

Reply

Statistics

Topic viewed 2353 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!