EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Simple text signing in Delphi (RSA+SHA1)

Posted: 12/07/2011 09:30:27
by Leonardo Herrera (Standard support level)
Joined: 02/14/2011
Posts: 67


Being using SecureBlackBox for a little while and so far I'm impressed, using it primarily for XMLDSig, which works flawlessly. Great work.

Now I also have to sign some data using a private key provided to me in an initial exchange. I'm told to use SHA1+RSA, and I've been provided with

a) data (a String) to sign,
b) a private key (String) in PEM format,
c) a public key (String) in PEM format.

Now, If I understand what I have to do correctly, I should sign the data using my private key. In Java this is easy enough (using java.security.Signature) but I haven't found what objects should I use to accomplish this with SecureBlackbox.

I'm using Delphi. Any hints in the right direction?

Posted: 12/07/2011 09:35:49
by Vsevolod Ievgiienko (Team)

Thank you for contacting us.

You should use TElPublicKeyCrypto class. Please refer to our demos that are located in \EldoS\SecureBlackbox\Samples\Delphi\PKIBlackbox\Primitives folder for more information.
Posted: 12/07/2011 10:04:45
by Leonardo Herrera (Standard support level)
Joined: 02/14/2011
Posts: 67

Thank you for your quick answer!. I see in this directory that there are four projects:

1) Decrypt: shows how to decrypt a file.
2) Encrypt: shows how to encrypt a file.
3) Sign detached: close to what I want. Uses RSA and public key to sign data.
4) Verify - verify signature.

I think the Sign Detached demo may help me, but I don't know if there is a quick way to use it for RSA+SHA1 or if I have to calculate the digest myself. If so, can you tell me what classes are the ones to use? There seems to be thousands of classes to choose...

EDIT: I'm trying with the following:

function CalcSignature(data, private_key: String): String;
  signer: TElRSAPublicKeyCrypto;
  StreamKey, StreamInput, StreamOutput: TStringStream;
  KeyMaterial : TElRSAKeyMaterial;
  signer := TElRSAPublicKeyCrypto.Create(SB_CERT_ALGORITHM_SHA1_RSA_ENCRYPTION);
  signer.InputEncoding := pkeBinary;
  signer.OutputEncoding := pkeBase64;
  StreamKey := TStringStream.Create(private_key);
  KeyMaterial := TElRSAKeyMaterial.Create;
  signer.KeyMaterial := KeyMaterial;
  StreamInput := TStringStream.Create(data);
  StreamOutput := TStringStream.Create;
  signer.SignDetached(StreamInput, StreamOutput);

  Result := StreamOutput.DataString;


My private key string is as follows:
(... 4 lines removed here ...)
... ecFQCoRZO+qv9eZGnU1NBA2tl37v3i2cfUHYu5qz

This seems to be working okay. Do you think this is a good approach?
Posted: 08/20/2012 14:59:31
by Bremen Sistemas (Basic support level)
Joined: 08/20/2012
Posts: 17

If i use A3, with Privatekey is hardware device ?
Posted: 08/21/2012 04:51:14
by Ken Ivanov (Team)

With SBB, you can use any hardware security module, provided it supports PKCS#11 access (and provides the corresponding driver) OR maps certificates to Windows system store by installing a CSP.
Posted: 08/21/2012 09:49:34
by Bremen Sistemas (Basic support level)
Joined: 08/20/2012
Posts: 17

How i use this code with A3 cert if privatekey is a hardware device ?
I cant found privatekey in SBB.
Only .privatekeyexists and .privatekeyexportable
Tkz for your help.

Certificate found. Here is my code to found:

if (Assinador.NumeroSerie <> '') then
    for i := 0 to WinCertStorage.Count - 1 do
      Cert := WinCertStorage.Certificates[i];

      if (BinaryToString(Cert.SerialNumber) = Assinador.NumeroSerie) then
        if Cert.PrivateKeyExists then
           WinCertStorage.Certificates[i].Clone(Cert, true);


Whit code, Cert.PrivateKeyExists = true
Posted: 08/21/2012 10:10:33
by Eugene Mayevski (Team)

Let's continue in another topic, which you initiated.

Sincerely yours
Eugene Mayevski



Topic viewed 5369 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!