EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Simple text signing in Delphi (RSA+SHA1)

Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.
#18390
Posted: 12/07/2011 09:30:27
by Leonardo Herrera (Standard support level)
Joined: 02/14/2011
Posts: 66

Hello,

Being using SecureBlackBox for a little while and so far I'm impressed, using it primarily for XMLDSig, which works flawlessly. Great work.

Now I also have to sign some data using a private key provided to me in an initial exchange. I'm told to use SHA1+RSA, and I've been provided with

a) data (a String) to sign,
b) a private key (String) in PEM format,
c) a public key (String) in PEM format.

Now, If I understand what I have to do correctly, I should sign the data using my private key. In Java this is easy enough (using java.security.Signature) but I haven't found what objects should I use to accomplish this with SecureBlackbox.

I'm using Delphi. Any hints in the right direction?

Thanks,
Leo
#18391
Posted: 12/07/2011 09:35:49
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you for contacting us.

You should use TElPublicKeyCrypto class. Please refer to our demos that are located in \EldoS\SecureBlackbox\Samples\Delphi\PKIBlackbox\Primitives folder for more information.
#18395
Posted: 12/07/2011 10:04:45
by Leonardo Herrera (Standard support level)
Joined: 02/14/2011
Posts: 66

Thank you for your quick answer!. I see in this directory that there are four projects:

1) Decrypt: shows how to decrypt a file.
2) Encrypt: shows how to encrypt a file.
3) Sign detached: close to what I want. Uses RSA and public key to sign data.
4) Verify - verify signature.

I think the Sign Detached demo may help me, but I don't know if there is a quick way to use it for RSA+SHA1 or if I have to calculate the digest myself. If so, can you tell me what classes are the ones to use? There seems to be thousands of classes to choose...

EDIT: I'm trying with the following:

Code
function CalcSignature(data, private_key: String): String;
var
  signer: TElRSAPublicKeyCrypto;
  StreamKey, StreamInput, StreamOutput: TStringStream;
  KeyMaterial : TElRSAKeyMaterial;
begin
  signer := TElRSAPublicKeyCrypto.Create(SB_CERT_ALGORITHM_SHA1_RSA_ENCRYPTION);
  signer.InputEncoding := pkeBinary;
  signer.OutputEncoding := pkeBase64;
  StreamKey := TStringStream.Create(private_key);
  KeyMaterial := TElRSAKeyMaterial.Create;
  KeyMaterial.LoadSecret(StreamKey);
  FreeAndNil(StreamKey);
  signer.KeyMaterial := KeyMaterial;
  StreamInput := TStringStream.Create(data);
  StreamOutput := TStringStream.Create;
  signer.SignDetached(StreamInput, StreamOutput);

  Result := StreamOutput.DataString;

  FreeAndNil(StreamInput);
  FreeAndNil(StreamOutput);
  FreeAndNil(KeyMaterial);
  FreeAndNil(signer);
end;


My private key string is as follows:
Code
-----BEGIN RSA PRIVATE KEY-----
MIIBOgIBAAJBAKJmyeaAuTO5N5JgmgyuMlcz1ObqO0i7mSaRQjKn7yY........
(... 4 lines removed here ...)
... ecFQCoRZO+qv9eZGnU1NBA2tl37v3i2cfUHYu5qz
-----END RSA PRIVATE KEY-----


This seems to be working okay. Do you think this is a good approach?
#21082
Posted: 08/20/2012 14:59:31
by Bremen Sistemas (Basic support level)
Joined: 08/20/2012
Posts: 17

If i use A3, with Privatekey is hardware device ?
#21087
Posted: 08/21/2012 04:51:14
by Ken Ivanov (EldoS Corp.)

With SBB, you can use any hardware security module, provided it supports PKCS#11 access (and provides the corresponding driver) OR maps certificates to Windows system store by installing a CSP.
#21090
Posted: 08/21/2012 09:49:34
by Bremen Sistemas (Basic support level)
Joined: 08/20/2012
Posts: 17

How i use this code with A3 cert if privatekey is a hardware device ?
I cant found privatekey in SBB.
Only .privatekeyexists and .privatekeyexportable
Tkz for your help.

Certificate found. Here is my code to found:

Code
if (Assinador.NumeroSerie <> '') then
  begin
    for i := 0 to WinCertStorage.Count - 1 do
    begin
      Cert := WinCertStorage.Certificates[i];

      if (BinaryToString(Cert.SerialNumber) = Assinador.NumeroSerie) then
      begin
        //Cert.Assign(WinCertStorage.Certificates[i]);
        if Cert.PrivateKeyExists then
           WinCertStorage.Certificates[i].Clone(Cert, true);

        Break;
      end;
      //FreeAndNil(Cert);
    end;
  end;


Whit code, Cert.PrivateKeyExists = true
#21093
Posted: 08/21/2012 10:10:33
by Eugene Mayevski (EldoS Corp.)

Let's continue in another topic, which you initiated.


Sincerely yours
Eugene Mayevski
Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.

Reply

Statistics

Topic viewed 4803 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!