EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Encrypting a mime with self-signed certificate

Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.
Posted: 03/05/2014 10:29:46
by Toni Santa (Standard support level)
Joined: 05/27/2013
Posts: 59

I've to send a encrypted messages as email-attachment to a public-amministration office. They give me a self-signed certificate (cer-file) which I've to use for encrypting. The encryption-standard is CaDES. Please, point me to right sample where to start with encryption process. Thanks a lot.
Posted: 03/05/2014 16:29:16
by Ken Ivanov (Team)

Hello Toni,

I am afraid your task is not clear enough. CAdES is a signature standard, which can't be used for encrypting data. It would be great if you could show us the exact requirements set out by the administration office, then we will be able to give you a comprehensive answer.
Posted: 03/06/2014 04:30:31
by Toni Santa (Standard support level)
Joined: 05/27/2013
Posts: 59

Hi Ken,
I try to translate the requirements: "the encryption of the file (.msg, .eml) has to be done with the encrypted session key of the certificate. The used algorithm of this operation of symetric encryption of the file is the 3DES and the symetric Keys of the session are encrypted by use of the public key contained in certificate of the recipient".
The recipient is the public office.
the certificates can be found here: http://www.processotelematico.giustizia.it/pdapublic/resources/file/CertificatiCifratura/
thanks and best regards
Posted: 03/06/2014 05:18:52
by Vsevolod Ievgiienko (Team)

According to your description I suggest you to look into a sample from \EldoS\SecureBlackbox.VCL\Samples\Delphi\MIMEBlackbox\SecureMail folder.
Posted: 03/06/2014 06:19:42
by Toni Santa (Standard support level)
Joined: 05/27/2013
Posts: 59

Hi Vsevolod,
I just tried with this sample (selecting S/MIME "encrypt message"), set the eml-file (existing mime) and the output-file, but after selecting the certificate I receive a message "Invalid certificate data."
Posted: 03/06/2014 06:23:05
by Vsevolod Ievgiienko (Team)

Try to perform the same actions outside the IDE. Its possible that you see internal exception that is handled inside SecureBlackbox code.
Posted: 03/06/2014 06:41:04
by Toni Santa (Standard support level)
Joined: 05/27/2013
Posts: 59

now I tried to modify the source of the sample, replacing the Cert.LoadFromBuffer(...) with Cert.LoadFromFileAuto(..) so the certificate is shown in the wizard. Seems the LoadFromBuffer has some problem.
Now selecting 3DES and encrypting, the final page shows an error:

Failed to assemble a message.
ElMime error code: 8
Message: "Invalid key length"

What else can I try?
Posted: 03/06/2014 06:47:53
by Toni Santa (Standard support level)
Joined: 05/27/2013
Posts: 59

Outside the IDE the problem is the same when selecting the certificate. Only the LoadFromFileAuto seems to work. But with failure when encrypting.
My todays-first post contains a link to the side where the certificates are published, so you are free to try it in debug. Since these certificates are used from others, I think they should be OK.
Posted: 03/06/2014 07:43:49
by Vsevolod Ievgiienko (Team)

Please change TfrmMain.GetAlgorithmBitsInKey method from MainForm.pas next way:

function TfrmMain.GetAlgorithmBitsInKey: Integer;
// this is only for SB_ALGORITHM_CNT_RC2 or SB_ALGORITHM_CNT_RC4
  if rbRC4_40.Checked then
    Result := 40
    Result := 192; // correct size for 3DES

This will fix "Invalid key length" error.
Posted: 03/06/2014 10:07:14
by Toni Santa (Standard support level)
Joined: 05/27/2013
Posts: 59

Great - it works. Thank you very much.
So remains the problem with "LoadFromBuffer", but since the LoadFromFile works fine, it's not urgent.
Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages



Topic viewed 1223 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!