EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Signing hash

Posted: 01/15/2013 08:52:57
by David Eršil (Standard support level)
Joined: 01/15/2013
Posts: 38

Hello, today I have just found your SecureBlackbox product that can help us a lot with our WinRT application. I try to create digital signatures and everything has been going pretty well so far, but I have one question - when I use TElMessageSigner for signing messages, is there any possibility of not computing hash from that message (i.e. sign it directly)? Consider the data being signed to already be a hash (computed elsewhere) that we need to sign. Or is this possible to perform using any other class?
Thanks for any help.
Posted: 01/15/2013 09:00:16
by Vsevolod Ievgiienko (Team)

Thank you for interest in our products.

Unfortunately TElMessageSigner doesn't allow to do this. If PKCS#7 format produced by TElMessageSigner is not mandatory then you can use TElPublicKeyCrypto class that allows to do what your need using TElPublicKeyCrypto.InputIsHash property.
Posted: 01/15/2013 09:01:12
by Eugene Mayevski (Team)

Cryptographic procedure of "signing" is time-consuming and can only be done on blocks smaller than the key size. That's why the hash is calculated first.

According to the above, it's possible to "sign" the data (if you have a small chunk) using RSA or DSA key contained in the certificate. This would constitute RSA or DSA signing.

TElMessageSigner uses PKCS#7 format for signing - this is more high-level procedure than just applying the mentioned cryptographic procedure.

So first thing is to check what exactly you need to accomplish, what format the signature must be in, and then you can do signing. SecureBlackbox supports several ways from "raw" signing to CMS (advanced version of PKCS#7) and more.

Sincerely yours
Eugene Mayevski
Posted: 01/15/2013 09:18:10
by David Eršil (Standard support level)
Joined: 01/15/2013
Posts: 38

Thanks for really quick responses, Vsevolod and Eugene and I apologize if my first question was not clear enough.

Our goal is to create a PKCS#7 signature while the input is a hash - i.e. in the same manner the TElMessageSigner works, just only with "skipping" the hash-computing part, as the hash is already on the input.

In usual way, we provide a message (let's say "Hello, world", in byte array) and TElMessageSigner computes hash (using algorithm we want, eg. MD5) and then performs signing.
What we want to do here is: have a hash already computed (using MD5, so we have bc6e6f16b8a077ef5fbc8d59d0b931b9 on the input as a byte array), and then just sign it without internally computing hash again.

Is this by any chance possible to do to get a PKCS#7 signature? It would be great, your software looks very promising.
Posted: 01/15/2013 09:25:41
by Vsevolod Ievgiienko (Team)

TElMessageSigner doesn't allow to do this out-of-the-box. If you had a license and a source code then you can implement this relatively easy by detached signature algorithm modification.



Topic viewed 1021 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!