EldoS | Feel safer!

Software components for data protection, secure storage and transfer

HMAC Seal creating

Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.
#17090
Posted: 07/20/2011 12:42:55
by San P (Standard support level)
Joined: 11/07/2009
Posts: 37

I did not find any advice or sample from Documentation nor from Forums how to perform HMAC signing (or sealing).

For instance BlaxkBox CertDemo creates Certificate Signing Requests in PKCS#10 format. A test sample 'PkcsTest.Txt' in Base64 encoded form is like this:
Code
MIIDCTCCAnICAQAwOjEXMBUGA1UEAxMOUGV0cmkgVC4gTHVvdG8xEjAQBgNVBAUT
CTY3OTE1NTMzMDELMAkGA1UEBhMCRkkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
AoGBAJo41eSLt4P7FBwXZtFBNEks55y1sl2zdfRHqTH1QsfZvs5lKbkhIKRXWb6y
Ifnw5pktY6nYYM+Jd6SwbZbtvuUTIHTtNxlGSkfvGOXndlczky3e7qRRFfKy9LFS
WIAH7baVr/lDsTPxWXOOFxrTiyfWtTye0lrjvyRqWaBvBKdLAgMBAAGgggGNMBoG
CisGAQQBgjcNAgMxDBYKNS4xLjI2MDAuMjB7BgorBgEEAYI3AgEOMW0wazAOBgNV
HQ8BAf8EBAMCBPAwRAYJKoZIhvcNAQkPBDcwNTAOBggqhkiG9w0DAgICAIAwDgYI
KoZIhvcNAwQCAgCAMAcGBSsOAwIHMAoGCCqGSIb3DQMHMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMIHxBgorBgEEAYI3DQICMYHiMIHfAgEBHk4ATQBpAGMAcgBvAHMAbwBm
AHQAIABTAHQAcgBvAG4AZwAgAEMAcgB5AHAAdABvAGcAcgBhAHAAaABpAGMAIABQ
AHIAbwB2AGkAZABlAHIDgYkAbII1TrHis4afw+wbLrZIOYe1boagX3QNyHNj4kpk
tRyBgIFt6WofQ1nXK6TXmpAm2/AmY20/h+a1GZ1/vn7EEzHcNQfjvHoSZH7yU5Fz
vBVs5PGGZ//dlrlYX0iY8qhQicTdPQT3MRoYjUKBvi7IRJnfbWbpQKIZSweblEKN
1IYAAAAAAAAAADANBgkqhkiG9w0BAQUFAAOBgQBSO7NiaLLu7vB3ZEMV7qjnBhPP
7P7OjDsBG7G+4XFeqiRkpOPHDj9mb9PKp7SptH4rtv6bZZ4R3xnLWO74ZqIZuy3d
GmwtTeBavOJLLRkdYZhVsBkRX4sAHTt0190G80jbl+5NJRpb/ii0e2Sm0x7gIu66
qu8t+G80raOpKwI8CA==

Now I should HMAC sign that file, using key file Key.Txt that contains key value '1234567890'. The returned value should be 'F8Y8sxWtHbtaaUTVQ9tDp9KxM0A='.

In OpenSSL the command would be something like this:
Code
OpenSSL dgst -hmac key.txt < PkcsTest.Txt > TestHmac.txt
This far I have not got the right result even with OpenSSL.

I have checked also through the whole BlackBox Evaluation package, but have not found any obvious BlackBox function or Component that would this kind of HMAC signing for a plain File.

Currently we have registered XMLBlackBox package. What package should we have for HMAC sealing? Any comments?

Thanks.
SP
#17091
Posted: 07/20/2011 13:53:48
by Ken Ivanov (EldoS Corp.)

Thank you for contacting us.

HMAC support is shipped with the BaseBlackbox package, i.e. it implicitly comes with any SBB package you license.

Please use the TElHashFunction class to calculate HMAC signatures. It is to be used in the following way (no error handling for the sake of clarity):
Code
uses
  SBConstants, SBUtils, SBHashFunction, SBEncoding;

var
  HF : TElHashFunction;
  KM : TElHMACKeyMaterial;
  Res : BufferType;

...
  // creating a key object and setting it up
  KM := TElHMACKeyMaterial.Create();
  KM.Key := <the contents of Key.txt file>

  // creating a hash function object
  HF := TElHashFunction.Create(SB_ALGORITHM_MAC_HMACSHA1, KM);

  // feeding the request to the hash function
  HF.Update(<the contents of your certificate request>);

  // finalizing
  Res := HF.Finish();

  // encoding into Base64
  Res := Base64EncodeString(Res, false);  
  
  // now the Res variable contains the value you need, so you can e.g. write it to a file
#17110
Posted: 07/22/2011 07:01:24
by San P (Standard support level)
Joined: 11/07/2009
Posts: 37

Quote
Innokentiy Ivanov wrote:
Please use the TElHashFunction class to calculate HMAC signatures.

Thanks a lot. Even with that quite simple sample, it took me a while to get it all sorted. But finally I started to get right results.
Here's my code, in case someone else may need HMAC (Hash Message Authentication Code) later. For clarity there may be some needless steps, but just cut them away.

Code
procedure TForm1.Button1Click(Sender: TObject);
var
  KeySt:String;
  HF : TElHashFunction;
  KM : TElHMACKeyMaterial;
  S,Res : AnsiString;
  MS:TMemoryStream;
begin
  KeySt:='1234567890'; // HMAC Key
  KM := TElHMACKeyMaterial.Create();
  KM.Key := ByteArray(KeySt);
  MS := TMemoryStream.Create;
  MS.LoadFromFile('PKCS#10.bin'); // Any binary or text file
  // creating a hash function object
  HF := TElHashFunction.Create(SB_ALGORITHM_MAC_HMACSHA1, KM);
  // feeding the request to the hash function
  MS.Position :=0;
  HF.Update(MS);
  // finalizing
  Res := HF.Finish();
  S := SBXMLUtils.ConvertToBase64String(Bytearray(Res));
  Label1.Caption := S; // The calculated HMAC value
  HF.Free;
  KM.Free;
  MS.Free;
end;

Thanks for the quick response.
SP
#17111
Posted: 07/22/2011 07:04:46
by Ken Ivanov (EldoS Corp.)

Thank you very much for the code. I am sure that it might be useful for other forum users.

Reply

Statistics

Topic viewed 1972 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!