EldoS | Feel safer!

Software components for data protection, secure storage and transfer


Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.
Posted: 05/12/2011 03:22:12
by Claudio Piffer (Standard support level)
Joined: 05/12/2011
Posts: 13


I just installing the VCL trial version of SBB (the PKI Package) for managed the Digital Signature.

I need to signed a file with CAdES, but I could not understand how.

I have defined this:

ElPKCS11CertStorage1: for interface with my USB device and Smart Card
ElMessageSigner1: I have set the CertStorage property to ElPKCS11CertStorage1.

Now digitally sign a file with this code:

ElMessageSigner1.HashAlgorithm := SB_ALGORITHM_DGST_SHA256;
ElMessageSigner1.Sign( s1, s2 );

s1 is the input stream and s2 is the output stream.

When I open the p7m file with Dike or DigitalSign I see that file signed in PKCS7. Now I need to sign the file in CAdES but how??

I suppose that I need to use a TElSignedCMSMessage class but I have not figured out how.

Thank you very much and best regards

Posted: 05/12/2011 03:29:26
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you for contacting us.

You can find a demo of CMS messages creation in \EldoS\SecureBlackbox\Samples\Delphi\PKIBlackbox\CMS folder.
Posted: 05/12/2011 03:58:06
by Claudio Piffer (Standard support level)
Joined: 05/12/2011
Posts: 13

HI Vsevolod

thank you for you fast answer.

hmm, sorry but I am bit confused.

I tried this code:

InBuffer, OutBuffer: ByteArray;
Stream: TFileStream;
s: TMemoryStream;
InSize, OutSize: integer;
res: integer;
CMSSigner: TElSignedCMSMessage;
i: integer;
Stream := TFileStream.Create( edtInput.Text, fmOpenRead or fmShareDenyWrite );
InSize := Stream.Size;
SetLength( InBuffer, InSize );
Stream.ReadBuffer( InBuffer[ 0 ], InSize );

OutSize := InSize + 16384;
SetLength( OutBuffer, OutSize );

CMSSigner := TElSignedCMSMessage.Create( nil );
CMSSigner.CreateNew( InBuffer, InSize );
i := CMSSigner.AddSignature;
CMSSigner.Signatures[ i ].UsePSS := False;

With this I add attributes for the CAdES. Right?

CMSSigner.Signatures[ i ].SigningOptions := [ csoInsertMessageDigests, csoInsertSigningTime, csoIncludeCertToMessage, csoInsertContentType, csoIncludeCertToAttributes, csoForceSigningCertificateV2Usage ];

CMSSigner.Signatures[ i ].SigningTime := Now;
CMSSigner.Signatures[ i ].DigestAlgorithm := SB_ALGORITHM_DGST_SHA256;
CMSSigner.Signatures[ i ].ContentType := 'pkcs7-data';
CMSSigner.Signatures[ i ].Sign( Storage.Certificates[ 1 ], ElMemoryCertStorage1 );

Now I have created the CMS Certificate and stored it in the ElMemoryCertStorage1. Right?

Now I need put all into an envelope (the document and the digital sign (CAdES)). But How?

// Signer.HashAlgorithm := SB_ALGORITHM_DGST_SHA256;
// res := Signer.Sign( InBuffer, InSize, OutBuffer, OutSize );


Thank you very much and best regards

Posted: 05/12/2011 04:06:37
by Vsevolod Ievgiienko (EldoS Corp.)

You should use TElSignedCMSMessage.Save(TStream) method to save a signed message.
Posted: 05/12/2011 04:30:48
by Claudio Piffer (Standard support level)
Joined: 05/12/2011
Posts: 13

Wow Great! Now I have the .p7m file.

Thank you very much!

The resulting file, however, is still wrapped in PKCS # 7 and not CAdES.

How can I get the enveloping CAdES?

Thank you for your invaluable help.

Posted: 05/12/2011 04:44:27
by Vsevolod Ievgiienko (EldoS Corp.)

I believe this thread will help you: http://eldos.com/forum/read.php?FID=7&TID=2937
Posted: 05/12/2011 04:52:58
by Claudio Piffer (Standard support level)
Joined: 05/12/2011
Posts: 13

Hi Vsevolod


Work all!

Thank you very much!

Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.



Topic viewed 3003 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!