EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Simple text signing in Delphi (RSA+SHA1)

Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.
#18390
Posted: 12/07/2011 09:30:27
by Leonardo Herrera (Standard support level)
Joined: 02/14/2011
Posts: 66

Hello,

Being using SecureBlackBox for a little while and so far I'm impressed, using it primarily for XMLDSig, which works flawlessly. Great work.

Now I also have to sign some data using a private key provided to me in an initial exchange. I'm told to use SHA1+RSA, and I've been provided with

a) data (a String) to sign,
b) a private key (String) in PEM format,
c) a public key (String) in PEM format.

Now, If I understand what I have to do correctly, I should sign the data using my private key. In Java this is easy enough (using java.security.Signature) but I haven't found what objects should I use to accomplish this with SecureBlackbox.

I'm using Delphi. Any hints in the right direction?

Thanks,
Leo
#18391
Posted: 12/07/2011 09:35:49
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you for contacting us.

You should use TElPublicKeyCrypto class. Please refer to our demos that are located in \EldoS\SecureBlackbox\Samples\Delphi\PKIBlackbox\Primitives folder for more information.
#18395
Posted: 12/07/2011 10:04:45
by Leonardo Herrera (Standard support level)
Joined: 02/14/2011
Posts: 66

Thank you for your quick answer!. I see in this directory that there are four projects:

1) Decrypt: shows how to decrypt a file.
2) Encrypt: shows how to encrypt a file.
3) Sign detached: close to what I want. Uses RSA and public key to sign data.
4) Verify - verify signature.

I think the Sign Detached demo may help me, but I don't know if there is a quick way to use it for RSA+SHA1 or if I have to calculate the digest myself. If so, can you tell me what classes are the ones to use? There seems to be thousands of classes to choose...

EDIT: I'm trying with the following:

Code
function CalcSignature(data, private_key: String): String;
var
  signer: TElRSAPublicKeyCrypto;
  StreamKey, StreamInput, StreamOutput: TStringStream;
  KeyMaterial : TElRSAKeyMaterial;
begin
  signer := TElRSAPublicKeyCrypto.Create(SB_CERT_ALGORITHM_SHA1_RSA_ENCRYPTION);
  signer.InputEncoding := pkeBinary;
  signer.OutputEncoding := pkeBase64;
  StreamKey := TStringStream.Create(private_key);
  KeyMaterial := TElRSAKeyMaterial.Create;
  KeyMaterial.LoadSecret(StreamKey);
  FreeAndNil(StreamKey);
  signer.KeyMaterial := KeyMaterial;
  StreamInput := TStringStream.Create(data);
  StreamOutput := TStringStream.Create;
  signer.SignDetached(StreamInput, StreamOutput);

  Result := StreamOutput.DataString;

  FreeAndNil(StreamInput);
  FreeAndNil(StreamOutput);
  FreeAndNil(KeyMaterial);
  FreeAndNil(signer);
end;


My private key string is as follows:
Code
-----BEGIN RSA PRIVATE KEY-----
MIIBOgIBAAJBAKJmyeaAuTO5N5JgmgyuMlcz1ObqO0i7mSaRQjKn7yY........
(... 4 lines removed here ...)
... ecFQCoRZO+qv9eZGnU1NBA2tl37v3i2cfUHYu5qz
-----END RSA PRIVATE KEY-----


This seems to be working okay. Do you think this is a good approach?
#21082
Posted: 08/20/2012 14:59:31
by Bremen Sistemas (Basic support level)
Joined: 08/20/2012
Posts: 17

If i use A3, with Privatekey is hardware device ?
#21087
Posted: 08/21/2012 04:51:14
by Ken Ivanov (EldoS Corp.)

With SBB, you can use any hardware security module, provided it supports PKCS#11 access (and provides the corresponding driver) OR maps certificates to Windows system store by installing a CSP.
#21090
Posted: 08/21/2012 09:49:34
by Bremen Sistemas (Basic support level)
Joined: 08/20/2012
Posts: 17

How i use this code with A3 cert if privatekey is a hardware device ?
I cant found privatekey in SBB.
Only .privatekeyexists and .privatekeyexportable
Tkz for your help.

Certificate found. Here is my code to found:

Code
if (Assinador.NumeroSerie <> '') then
  begin
    for i := 0 to WinCertStorage.Count - 1 do
    begin
      Cert := WinCertStorage.Certificates[i];

      if (BinaryToString(Cert.SerialNumber) = Assinador.NumeroSerie) then
      begin
        //Cert.Assign(WinCertStorage.Certificates[i]);
        if Cert.PrivateKeyExists then
           WinCertStorage.Certificates[i].Clone(Cert, true);

        Break;
      end;
      //FreeAndNil(Cert);
    end;
  end;


Whit code, Cert.PrivateKeyExists = true
#21093
Posted: 08/21/2012 10:10:33
by Eugene Mayevski (EldoS Corp.)

Let's continue in another topic, which you initiated.


Sincerely yours
Eugene Mayevski
Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.

Reply

Statistics

Topic viewed 4801 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!