EldoS | Feel safer!

Software components for data protection, secure storage and transfer

sign file

Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.
#16714
Posted: 06/20/2011 12:54:43
by Sorin Meleanca (Standard support level)
Joined: 03/02/2007
Posts: 5

Hi,

I your How to ... Sign and counter-sign the data (embedded and detached signatures) you say: First of all, you need to specify the certificate(s), which will be used for signing. When you sign the data, you need to have the certificates with corresponding private keys.

How to do this?
I have an USB token (PKCS#11 device) that after is properly installed on windows XP can be read using Windows Certificates Stores (Microsoft Crypto API) using CertStore = MY and CertType = CurrentUser. If in the CertStore are more than 1 certificate I identify the certificate using email address.

I tested many way to sign the file but no one with success. The last version of the code trial is:
var
Signer : TElMessageSigner;
CertStorage : TElMemoryCertStorage;
InBuf, OutBuf : array of byte;
F : file;
Sz : integer;
I : integer;
begin
Signer := TElMessageSigner.Create(nil);
CertStorage := TElMemoryCertStorage.Create(nil);
try
//how to really load the certificate?
winstorage.ExportTo(CertStorage); {winstorage was droped on the form and kept the CertStore definitions}
AssignFile(F, SourceFileName);
Reset(F, 1);
SetLength(InBuf, FileSize(F));
BlockRead(F, InBuf[0], Length(InBuf));
System.CloseFile(F);
Sz := 0;
Signer.Sign(@InBuf[0], Length(InBuf), nil, Sz);
SetLength(OutBuf, Sz);
I := Signer.Sign(@InBuf[0], Length(InBuf), @OutBuf[0], Sz);
if I = 0 then
begin
SetLength(OutBuf, Sz);
AssignFile(F, DestFileName);
Rewrite(F, 1);
BlockWrite(F, OutBuf[0], Sz);
System.CloseFile(F);
end
else
ShowMessage('Error #' + IntToHex(I, 4) + ' occured while signing');
finally
FreeAndNil(Signer);
FreeAndNil(CertStorage);
end;
end;

The error is 2002 that probable mean: Signing - Certificate storage doesn't contain any certificate with corresponding private key.
When I used FindFirst function I founded my certificate on the winstorage.

Can anyone help me to understood how work those components?

Regards,
Sorin
#16716
Posted: 06/20/2011 13:15:25
by Eugene Mayevski (EldoS Corp.)

You need something like this:
Code
CertStorage.Add(WinCertStorage.Certificates[FoundIndex], true);


That's all.


Sincerely yours
Eugene Mayevski
#16717
Posted: 06/20/2011 13:36:01
by Sorin Meleanca (Standard support level)
Joined: 03/02/2007
Posts: 5

Hi thanks for your response. I modified the previous code like bellow:
...
try
//winstorage.ExportTo(CertStorage);
ElCertificateLookup1.EmailAddresses.Clear;
ElCertificateLookup1.EmailAddresses.Add(SCSubject);
I := winstorage.FindFirst(ElCertificateLookup1);
if I < 0 then raise exception.create('Nu a fost gasit certificatul')
else ShowMessage(winstorage.Certificates[I].SubjectName.EMailAddress);
CertStorage.Add(winstorage.Certificates[I], true);
...

but the error is still #2002 :(

on winstorage I tested the provider property with two values: ptDefault and ptBaseSmartCard with the same result .
#16718
Posted: 06/20/2011 14:01:02
by Eugene Mayevski (EldoS Corp.)

Please check the value of WinStorage.Certificates[i].PrivateKeyExists property. It can be that the key is not accessible.


Sincerely yours
Eugene Mayevski
#16719
Posted: 06/20/2011 14:35:17
by Sorin Meleanca (Standard support level)
Joined: 03/02/2007
Posts: 5

I will try this tomorow morning. Now I'm home. But ...
When I use another app with the USB token then, before to acces the certificate, I'm prompted for a password. No matter what software I use the prompt screen is the same, probably is generated by the USB Token's software. In the previous code the error apear before to be prompted about the password.
#16723
Posted: 06/20/2011 19:55:41
by Ken Ivanov (EldoS Corp.)

CSPs of the most of the tokens ask for a password right before the private key is used [for signing or decryption]. According to the symptoms you've let us know, it seems that the right certificate is not added to the CertStorage store at all. Please check the PrivateKeyExists property as Eugene explained above.

Please also ensure that other properties of your TElWinCertStorage object are set correctly. The best idea would be not to change any properties but the SystemStores for now (leave provider type set to ptDefault).
#16756
Posted: 06/21/2011 01:13:48
by Sorin Meleanca (Standard support level)
Joined: 03/02/2007
Posts: 5

Thanks, now work OK :)

The command Signer.CertStorage := CertStorage; was omitted by me.
Now the code is:
...
ElCertificateLookup1.EmailAddresses.Clear;
ElCertificateLookup1.EmailAddresses.Add(SCSubject);
I := winstorage.FindFirst(ElCertificateLookup1);
if I < 0 then raise exception.create('No certificate was found')
else ShowMessage(winstorage.Certificates[I].SubjectName.EMailAddress);
CertStorage.Add(winstorage.Certificates[I], true);
Signer.CertStorage := CertStorage;
....
#16757
Posted: 06/21/2011 02:13:15
by Sorin Meleanca (Standard support level)
Joined: 03/02/2007
Posts: 5

I bought a PKIBlackBox license to use the previous code.
Is that enough to use the code on my app?
#16758
Posted: 06/21/2011 02:18:23
by Vsevolod Ievgiienko (EldoS Corp.)

Hello.

Yes PKIBlackBox is enough for your code.
Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.

Reply

Statistics

Topic viewed 1267 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!