EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Simple text signing in Delphi (RSA+SHA1)

Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages
Posted: 12/07/2011 09:30:27
by Leonardo Herrera (Standard support level)
Joined: 02/14/2011
Posts: 67


Being using SecureBlackBox for a little while and so far I'm impressed, using it primarily for XMLDSig, which works flawlessly. Great work.

Now I also have to sign some data using a private key provided to me in an initial exchange. I'm told to use SHA1+RSA, and I've been provided with

a) data (a String) to sign,
b) a private key (String) in PEM format,
c) a public key (String) in PEM format.

Now, If I understand what I have to do correctly, I should sign the data using my private key. In Java this is easy enough (using java.security.Signature) but I haven't found what objects should I use to accomplish this with SecureBlackbox.

I'm using Delphi. Any hints in the right direction?

Posted: 12/07/2011 09:35:49
by Vsevolod Ievgiienko (Team)

Thank you for contacting us.

You should use TElPublicKeyCrypto class. Please refer to our demos that are located in \EldoS\SecureBlackbox\Samples\Delphi\PKIBlackbox\Primitives folder for more information.
Posted: 12/07/2011 10:04:45
by Leonardo Herrera (Standard support level)
Joined: 02/14/2011
Posts: 67

Thank you for your quick answer!. I see in this directory that there are four projects:

1) Decrypt: shows how to decrypt a file.
2) Encrypt: shows how to encrypt a file.
3) Sign detached: close to what I want. Uses RSA and public key to sign data.
4) Verify - verify signature.

I think the Sign Detached demo may help me, but I don't know if there is a quick way to use it for RSA+SHA1 or if I have to calculate the digest myself. If so, can you tell me what classes are the ones to use? There seems to be thousands of classes to choose...

EDIT: I'm trying with the following:

function CalcSignature(data, private_key: String): String;
  signer: TElRSAPublicKeyCrypto;
  StreamKey, StreamInput, StreamOutput: TStringStream;
  KeyMaterial : TElRSAKeyMaterial;
  signer := TElRSAPublicKeyCrypto.Create(SB_CERT_ALGORITHM_SHA1_RSA_ENCRYPTION);
  signer.InputEncoding := pkeBinary;
  signer.OutputEncoding := pkeBase64;
  StreamKey := TStringStream.Create(private_key);
  KeyMaterial := TElRSAKeyMaterial.Create;
  signer.KeyMaterial := KeyMaterial;
  StreamInput := TStringStream.Create(data);
  StreamOutput := TStringStream.Create;
  signer.SignDetached(StreamInput, StreamOutput);

  Result := StreamOutput.DataString;


My private key string is as follows:
(... 4 lines removed here ...)
... ecFQCoRZO+qv9eZGnU1NBA2tl37v3i2cfUHYu5qz

This seems to be working okay. Do you think this is a good approach?
Posted: 08/20/2012 14:59:31
by Bremen Sistemas (Basic support level)
Joined: 08/20/2012
Posts: 17

If i use A3, with Privatekey is hardware device ?
Posted: 08/21/2012 04:51:14
by Ken Ivanov (Team)

With SBB, you can use any hardware security module, provided it supports PKCS#11 access (and provides the corresponding driver) OR maps certificates to Windows system store by installing a CSP.
Posted: 08/21/2012 09:49:34
by Bremen Sistemas (Basic support level)
Joined: 08/20/2012
Posts: 17

How i use this code with A3 cert if privatekey is a hardware device ?
I cant found privatekey in SBB.
Only .privatekeyexists and .privatekeyexportable
Tkz for your help.

Certificate found. Here is my code to found:

if (Assinador.NumeroSerie <> '') then
    for i := 0 to WinCertStorage.Count - 1 do
      Cert := WinCertStorage.Certificates[i];

      if (BinaryToString(Cert.SerialNumber) = Assinador.NumeroSerie) then
        if Cert.PrivateKeyExists then
           WinCertStorage.Certificates[i].Clone(Cert, true);


Whit code, Cert.PrivateKeyExists = true
Posted: 08/21/2012 10:10:33
by Eugene Mayevski (Team)

Let's continue in another topic, which you initiated.

Sincerely yours
Eugene Mayevski
Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.



Topic viewed 5272 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!