EldoS | Feel safer!

Software components for data protection, secure storage and transfer


Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.
Posted: 05/12/2011 03:22:12
by Claudio Piffer (Standard support level)
Joined: 05/12/2011
Posts: 13


I just installing the VCL trial version of SBB (the PKI Package) for managed the Digital Signature.

I need to signed a file with CAdES, but I could not understand how.

I have defined this:

ElPKCS11CertStorage1: for interface with my USB device and Smart Card
ElMessageSigner1: I have set the CertStorage property to ElPKCS11CertStorage1.

Now digitally sign a file with this code:

ElMessageSigner1.HashAlgorithm := SB_ALGORITHM_DGST_SHA256;
ElMessageSigner1.Sign( s1, s2 );

s1 is the input stream and s2 is the output stream.

When I open the p7m file with Dike or DigitalSign I see that file signed in PKCS7. Now I need to sign the file in CAdES but how??

I suppose that I need to use a TElSignedCMSMessage class but I have not figured out how.

Thank you very much and best regards

Posted: 05/12/2011 03:29:26
by Vsevolod Ievgiienko (Team)

Thank you for contacting us.

You can find a demo of CMS messages creation in \EldoS\SecureBlackbox\Samples\Delphi\PKIBlackbox\CMS folder.
Posted: 05/12/2011 03:58:06
by Claudio Piffer (Standard support level)
Joined: 05/12/2011
Posts: 13

HI Vsevolod

thank you for you fast answer.

hmm, sorry but I am bit confused.

I tried this code:

InBuffer, OutBuffer: ByteArray;
Stream: TFileStream;
s: TMemoryStream;
InSize, OutSize: integer;
res: integer;
CMSSigner: TElSignedCMSMessage;
i: integer;
Stream := TFileStream.Create( edtInput.Text, fmOpenRead or fmShareDenyWrite );
InSize := Stream.Size;
SetLength( InBuffer, InSize );
Stream.ReadBuffer( InBuffer[ 0 ], InSize );

OutSize := InSize + 16384;
SetLength( OutBuffer, OutSize );

CMSSigner := TElSignedCMSMessage.Create( nil );
CMSSigner.CreateNew( InBuffer, InSize );
i := CMSSigner.AddSignature;
CMSSigner.Signatures[ i ].UsePSS := False;

With this I add attributes for the CAdES. Right?

CMSSigner.Signatures[ i ].SigningOptions := [ csoInsertMessageDigests, csoInsertSigningTime, csoIncludeCertToMessage, csoInsertContentType, csoIncludeCertToAttributes, csoForceSigningCertificateV2Usage ];

CMSSigner.Signatures[ i ].SigningTime := Now;
CMSSigner.Signatures[ i ].DigestAlgorithm := SB_ALGORITHM_DGST_SHA256;
CMSSigner.Signatures[ i ].ContentType := 'pkcs7-data';
CMSSigner.Signatures[ i ].Sign( Storage.Certificates[ 1 ], ElMemoryCertStorage1 );

Now I have created the CMS Certificate and stored it in the ElMemoryCertStorage1. Right?

Now I need put all into an envelope (the document and the digital sign (CAdES)). But How?

// Signer.HashAlgorithm := SB_ALGORITHM_DGST_SHA256;
// res := Signer.Sign( InBuffer, InSize, OutBuffer, OutSize );


Thank you very much and best regards

Posted: 05/12/2011 04:06:37
by Vsevolod Ievgiienko (Team)

You should use TElSignedCMSMessage.Save(TStream) method to save a signed message.
Posted: 05/12/2011 04:30:48
by Claudio Piffer (Standard support level)
Joined: 05/12/2011
Posts: 13

Wow Great! Now I have the .p7m file.

Thank you very much!

The resulting file, however, is still wrapped in PKCS # 7 and not CAdES.

How can I get the enveloping CAdES?

Thank you for your invaluable help.

Posted: 05/12/2011 04:44:27
by Vsevolod Ievgiienko (Team)

I believe this thread will help you: http://eldos.com/forum/read.php?FID=7&TID=2937
Posted: 05/12/2011 04:52:58
by Claudio Piffer (Standard support level)
Joined: 05/12/2011
Posts: 13

Hi Vsevolod


Work all!

Thank you very much!

Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.



Topic viewed 3158 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!