EldoS | Feel safer!

Software components for data protection, secure storage and transfer

PKI and CAdES

Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.
#16438
Posted: 05/12/2011 03:22:12
by Claudio Piffer (Standard support level)
Joined: 05/12/2011
Posts: 13

Hi,

I just installing the VCL trial version of SBB (the PKI Package) for managed the Digital Signature.

I need to signed a file with CAdES, but I could not understand how.

I have defined this:

ElPKCS11CertStorage1: for interface with my USB device and Smart Card
ElMessageSigner1: I have set the CertStorage property to ElPKCS11CertStorage1.

Now digitally sign a file with this code:

ElMessageSigner1.HashAlgorithm := SB_ALGORITHM_DGST_SHA256;
ElMessageSigner1.Sign( s1, s2 );

s1 is the input stream and s2 is the output stream.

When I open the p7m file with Dike or DigitalSign I see that file signed in PKCS7. Now I need to sign the file in CAdES but how??

I suppose that I need to use a TElSignedCMSMessage class but I have not figured out how.

Thank you very much and best regards

Claudio
#16439
Posted: 05/12/2011 03:29:26
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you for contacting us.

You can find a demo of CMS messages creation in \EldoS\SecureBlackbox\Samples\Delphi\PKIBlackbox\CMS folder.
#16440
Posted: 05/12/2011 03:58:06
by Claudio Piffer (Standard support level)
Joined: 05/12/2011
Posts: 13

HI Vsevolod

thank you for you fast answer.

hmm, sorry but I am bit confused.

I tried this code:

var
InBuffer, OutBuffer: ByteArray;
Stream: TFileStream;
s: TMemoryStream;
InSize, OutSize: integer;
res: integer;
CMSSigner: TElSignedCMSMessage;
i: integer;
begin
Stream := TFileStream.Create( edtInput.Text, fmOpenRead or fmShareDenyWrite );
try
InSize := Stream.Size;
SetLength( InBuffer, InSize );
Stream.ReadBuffer( InBuffer[ 0 ], InSize );
finally
Stream.Free;
end;

OutSize := InSize + 16384;
SetLength( OutBuffer, OutSize );

CMSSigner := TElSignedCMSMessage.Create( nil );
try
CMSSigner.CreateNew( InBuffer, InSize );
i := CMSSigner.AddSignature;
CMSSigner.Signatures[ i ].UsePSS := False;

With this I add attributes for the CAdES. Right?

CMSSigner.Signatures[ i ].SigningOptions := [ csoInsertMessageDigests, csoInsertSigningTime, csoIncludeCertToMessage, csoInsertContentType, csoIncludeCertToAttributes, csoForceSigningCertificateV2Usage ];


CMSSigner.Signatures[ i ].SigningTime := Now;
CMSSigner.Signatures[ i ].DigestAlgorithm := SB_ALGORITHM_DGST_SHA256;
CMSSigner.Signatures[ i ].ContentType := 'pkcs7-data';
CMSSigner.Signatures[ i ].Sign( Storage.Certificates[ 1 ], ElMemoryCertStorage1 );

Now I have created the CMS Certificate and stored it in the ElMemoryCertStorage1. Right?

Now I need put all into an envelope (the document and the digital sign (CAdES)). But How?



// Signer.HashAlgorithm := SB_ALGORITHM_DGST_SHA256;
// res := Signer.Sign( InBuffer, InSize, OutBuffer, OutSize );

finally
CMSSigner.Free;
end;

Thank you very much and best regards

Claudio
#16441
Posted: 05/12/2011 04:06:37
by Vsevolod Ievgiienko (EldoS Corp.)

You should use TElSignedCMSMessage.Save(TStream) method to save a signed message.
#16442
Posted: 05/12/2011 04:30:48
by Claudio Piffer (Standard support level)
Joined: 05/12/2011
Posts: 13

Wow Great! Now I have the .p7m file.

Thank you very much!

The resulting file, however, is still wrapped in PKCS # 7 and not CAdES.

How can I get the enveloping CAdES?

Thank you for your invaluable help.

Claudio
#16443
Posted: 05/12/2011 04:44:27
by Vsevolod Ievgiienko (EldoS Corp.)

I believe this thread will help you: http://eldos.com/forum/read.php?FID=7&TID=2937
#16444
Posted: 05/12/2011 04:52:58
by Claudio Piffer (Standard support level)
Joined: 05/12/2011
Posts: 13

Hi Vsevolod

GREAT!

Work all!

Thank you very much!

Claudio
Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.

Reply

Statistics

Topic viewed 3019 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!