EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Distributed signature

Posted: 03/19/2010 09:42:21
by donato de philippis (Basic support level)
Joined: 03/19/2010
Posts: 2

I have many large files on a webserver which I need to sign using a private key in a smart card on a client pc. Is there a way to calculate the hash on the server, send only the hash data to the client, sign it locally, send it back to the server, "recombine" the signature wiht the original file to get a the signed file? Does SecureBlackBox support such a process?
Posted: 03/19/2010 09:56:56
by Eugene Mayevski (Team)

This is a possible, but very non-trivial task.

You would need to create custom CryptoProvider component which will perform Sign operation by sending the request to the client in some way.

We have a plan to offer a specialized client-server solution for this task, but this is a work that is currently in progress and the overall task itself is quite complicated (we would need to provide more functionality than you need in your particular scenario, so it will take us much more time than you would spend).

Sincerely yours
Eugene Mayevski
Posted: 03/23/2010 05:10:38
by irsantonio (Basic support level)
Joined: 02/15/2010
Posts: 8

We are also interested in that solution. Is it possible to inherit the builtin cryptoprovider and only modify hash signing?
Posted: 03/23/2010 06:39:46
by Ken Ivanov (Team)

Yes, that's how it is expected to be done. As a matter of fact, there is nothing complex in implementing it for a particular task (e.g., yours). However, as Eugene said, we have plans of implementing this functionality as an universal solution, and this, in turn, requires quite a bit of time.
Posted: 03/23/2010 06:49:55
by Eugene Mayevski (Team)

Yes, this is how it's done. You just override Sign method (signing is always done over some small data block such as hash).

Sincerely yours
Eugene Mayevski
Posted: 06/22/2010 06:16:12
by SmartAccess  (Standard support level)
Joined: 04/13/2010
Posts: 2

We have already implemented distributed signature between a .NET Web Service based on SecureBlackBox and a Java Applet in our digital signature services if you are interested.

The client applet only sign (RSA encrypt) the digest with the private key and the rest of the process is done in the server application.
Posted: 07/16/2010 06:34:52
by QualiSign Infom├ítica S/A (Standard support level)
Joined: 03/13/2007
Posts: 55

Eugene i am interested in this new feature (Distributed signature). There are any release date (plan) for this new feature?

Can i override Sign method with .NET and make the modifications? or i need the Delphi (with source) version of SBB?

I can´r contact SmartAccess because the email link shows error: Access denied. The file /forum/send_message.php cannot be viewed

luis ricardo



Topic viewed 1773 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!