EldoS | Feel safer!

Software components for data protection, secure storage and transfer


Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.
Posted: 05/12/2011 03:22:12
by Claudio Piffer (Standard support level)
Joined: 05/12/2011
Posts: 13


I just installing the VCL trial version of SBB (the PKI Package) for managed the Digital Signature.

I need to signed a file with CAdES, but I could not understand how.

I have defined this:

ElPKCS11CertStorage1: for interface with my USB device and Smart Card
ElMessageSigner1: I have set the CertStorage property to ElPKCS11CertStorage1.

Now digitally sign a file with this code:

ElMessageSigner1.HashAlgorithm := SB_ALGORITHM_DGST_SHA256;
ElMessageSigner1.Sign( s1, s2 );

s1 is the input stream and s2 is the output stream.

When I open the p7m file with Dike or DigitalSign I see that file signed in PKCS7. Now I need to sign the file in CAdES but how??

I suppose that I need to use a TElSignedCMSMessage class but I have not figured out how.

Thank you very much and best regards

Posted: 05/12/2011 03:29:26
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you for contacting us.

You can find a demo of CMS messages creation in \EldoS\SecureBlackbox\Samples\Delphi\PKIBlackbox\CMS folder.
Posted: 05/12/2011 03:58:06
by Claudio Piffer (Standard support level)
Joined: 05/12/2011
Posts: 13

HI Vsevolod

thank you for you fast answer.

hmm, sorry but I am bit confused.

I tried this code:

InBuffer, OutBuffer: ByteArray;
Stream: TFileStream;
s: TMemoryStream;
InSize, OutSize: integer;
res: integer;
CMSSigner: TElSignedCMSMessage;
i: integer;
Stream := TFileStream.Create( edtInput.Text, fmOpenRead or fmShareDenyWrite );
InSize := Stream.Size;
SetLength( InBuffer, InSize );
Stream.ReadBuffer( InBuffer[ 0 ], InSize );

OutSize := InSize + 16384;
SetLength( OutBuffer, OutSize );

CMSSigner := TElSignedCMSMessage.Create( nil );
CMSSigner.CreateNew( InBuffer, InSize );
i := CMSSigner.AddSignature;
CMSSigner.Signatures[ i ].UsePSS := False;

With this I add attributes for the CAdES. Right?

CMSSigner.Signatures[ i ].SigningOptions := [ csoInsertMessageDigests, csoInsertSigningTime, csoIncludeCertToMessage, csoInsertContentType, csoIncludeCertToAttributes, csoForceSigningCertificateV2Usage ];

CMSSigner.Signatures[ i ].SigningTime := Now;
CMSSigner.Signatures[ i ].DigestAlgorithm := SB_ALGORITHM_DGST_SHA256;
CMSSigner.Signatures[ i ].ContentType := 'pkcs7-data';
CMSSigner.Signatures[ i ].Sign( Storage.Certificates[ 1 ], ElMemoryCertStorage1 );

Now I have created the CMS Certificate and stored it in the ElMemoryCertStorage1. Right?

Now I need put all into an envelope (the document and the digital sign (CAdES)). But How?

// Signer.HashAlgorithm := SB_ALGORITHM_DGST_SHA256;
// res := Signer.Sign( InBuffer, InSize, OutBuffer, OutSize );


Thank you very much and best regards

Posted: 05/12/2011 04:06:37
by Vsevolod Ievgiienko (EldoS Corp.)

You should use TElSignedCMSMessage.Save(TStream) method to save a signed message.
Posted: 05/12/2011 04:30:48
by Claudio Piffer (Standard support level)
Joined: 05/12/2011
Posts: 13

Wow Great! Now I have the .p7m file.

Thank you very much!

The resulting file, however, is still wrapped in PKCS # 7 and not CAdES.

How can I get the enveloping CAdES?

Thank you for your invaluable help.

Posted: 05/12/2011 04:44:27
by Vsevolod Ievgiienko (EldoS Corp.)

I believe this thread will help you: http://eldos.com/forum/read.php?FID=7&TID=2937
Posted: 05/12/2011 04:52:58
by Claudio Piffer (Standard support level)
Joined: 05/12/2011
Posts: 13

Hi Vsevolod


Work all!

Thank you very much!

Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages



Topic viewed 3011 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!