EldoS | Feel safer!

Software components for data protection, secure storage and transfer

"Secret key nor found"

Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages
#12805
Posted: 03/16/2010 12:55:23
by Ken Ivanov (EldoS Corp.)

First of all, can you please clarify, do you need to encrypt a string or to sign it?

Besides, in what format is the key stored?
#17691
Posted: 09/30/2011 04:17:16
by Bruno Penguilly (Standard support level)
Joined: 09/30/2011
Posts: 12

hello all

I need your help

I want to sign a file with a certificat of 3skey


and with my code i've got a error message "exception classe EElPublickeyCryptorError whith message 'Secret Key Not Found'"

here my code

function called by a click button

var
fichier : TFileName;
begin

LoadCertificat(0);
fichier := SignaturePersonnelle('remise.txt');

procedure TForm1.LoadCertificat(NumSlot: Integer);
var
fnDest : TFileName;
begin

//Création du composant
CertStorage := TElMemoryCertStorage.Create(nil);
try
//On charge le certificat dans Cert
Cert := Storage.Certificates[NumSlot];
finally
//Cert.Free; //Libération plus loin
end;

end;



function TForm1.SignaturePersonnelle(fnSourceSigner: TFileName): TFileName;
var
InBuffer : ByteArray;
OutBuffer : ByteArray;
Stream : TFileStream;
FichDest : TFileName;
InSize : Integer;
OutSize : Integer;
Res : Integer;

Signature : TElRSAPublicKeyCrypto;
fsSource : TFileStream;
fsDest : TFileStream;

begin

//Fichier de sortie de la Signature
FichDest := 'DigitalSign.sig';

Signature := TElRSAPublicKeyCrypto.Create(SB_CERT_ALGORITHM_SHA256_RSA_ENCRYPTION);
try
try

//Paramètres de la signature
Signature.KeyMaterial := Cert.KeyMaterial; //Cert => Voir fonction LoadCertificat(NumSlot: Integer);
Signature.CryptoType := rsapktPKCS1;
//signature.KeyMaterial.
Signature.UseAlgorithmPrefix := True;

//Format fichier source et destination
Signature.InputEncoding := pkeBinary; //Fichier de destination => Format binaire
Signature.OutputEncoding := pkeBase64; //Fichier source => Format B64

//fnSourceSigner = Fichier source à signer
//On aura traité le fichier en ôtant les caractères hexa 0A/0a = CR, 0D/0d = LF et 1A/1a = Ctrl-Z
fsSource := TFileStream.Create(fnSourceSigner, fmOpenRead);
try//fsSource
fsDest := TFileStream.Create(FichDest, fmCreate);
try//fsDest
//Signature du document

Signature.SignDetached(fsSource, fsDest);
finally
FreeAndNil(fsDest);
end;//fsDest
finally
FreeAndNil(fsSource);
end;//fsSource

except
Result := '';
exit;
end;

Result := FichDest;

finally
FreeAndNil(Signature);
end;

end;

can you help me ?


thank you for your help
#17693
Posted: 09/30/2011 04:26:27
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you for contacting us.

The problem is that your certificate doesn't contain a secret key. Or it is not loaded correctly. You code for certificates loading is incomplete.

Please refer to our sample that is located in \EldoS\SecureBlackbox\Samples\Delphi\PKIBlackbox\Primitives\SignDetached folder.
#17694
Posted: 09/30/2011 04:47:27
by Bruno Penguilly (Standard support level)
Joined: 09/30/2011
Posts: 12

the example you mention does not match my expectations.
the certificate is on a 3dskey, and is not accessible.
Is there an example of a signature with 3skey(hardware) in your sdk?

Thank for your help
#17695
Posted: 09/30/2011 04:53:47
by Vsevolod Ievgiienko (EldoS Corp.)

If it is PKCS11 compatible then you can use a sample from \EldoS\SecureBlackbox\Samples\Delphi\PKIBlackbox\PKCS11\CertStorage folder. It illustrates how to work with PKCS11 compatible certificate storages.
#17697
Posted: 09/30/2011 05:02:21
by Bruno Penguilly (Standard support level)
Joined: 09/30/2011
Posts: 12

yes I tried this example(Cryptotoken) and I have an error message
error 8194 when signing the file.
#17699
Posted: 09/30/2011 05:23:56
by Vsevolod Ievgiienko (EldoS Corp.)

This error means "Certificate storage is empty" or "Certificate storage doesn't contain any certificate with corresponding private key" (see http://www.eldos.com/documentation/sb...odes.html).

It seems that the corresponding secret key is not loaded for some reason.

Most of cryptographic devices map certificates stored on them to the 'MY' system certificate store. You can try to access your certificate and key using TElWinCertStorage with SystemStores property set to 'MY' value (see \EldoS\SecureBlackbox\Samples\Delphi\PKIBlackbox\Certificates sample).
Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.

Reply

Statistics

Topic viewed 6408 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!