EldoS | Feel safer!

Software components for data protection, secure storage and transfer

List / verify all signature of a multiple signed file

Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.
Posted: 11/28/2014 03:39:58
by Toni Santa (Standard support level)
Joined: 05/27/2013
Posts: 57

I need to get the list and verify all signatures of a file containing more than one signature (PKCS#7). I looked on the TELMessageVerifier component and the MessageDemo-sample, but I'm missing how to know if there are more signatures. the help of the TELMessageVerifier.VerifyAllSignatures(2) says this methods are under development (vcl). Please, point me to the right direction. A sample would be welcome.
I've .p7m-files with multiple signature: there could be one or more inner signatures (xx.p7m) and the file could be signed another time externaly, becoming a .p7m.p7m. I've also PAdES-signed PDF, signed in a second moment with CAdES becoming a xx.pdf.p7m. Extracting the PAdES-signature I've just solved looking your samples.
Thanks and best regards
Posted: 11/28/2014 03:45:19
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you for contacting us.

I recommend you to look at TElSignedCMSMessage class. The sample can be found here in \EldoS\SecureBlackbox.VCL\Samples\Delphi\PKIBlackbox\CMS folder.
Posted: 11/28/2014 05:02:08
by Toni Santa (Standard support level)
Joined: 05/27/2013
Posts: 57

Thank you for your prompt response.
Based on your CAdESDemo I changed the code of TfrmMain.btnUpdateSigClick procedure as follows
procedure TfrmMain.btnUpdateSigClick(Sender: TObject);
  CMS : TElSignedCMSMessage;
  F, Fn : TFileStream;
  i: integer;
  aFileName, aNewFileName : string;
  if OpenDialog.Execute then
    aFileName := OpenDialog.Filename;
    while ExtractFileExt(aFileName) = '.p7m' do
      F := TFileStream.Create(aFileName, fmOpenRead or fmShareDenyWrite);
      CMS := TElSignedCMSMessage.Create(nil);
        CMS.Open(F, nil);
        if (CMS.SignatureCount > 0) then
          for i := 0 to CMS.SignatureCount - 1 do

          //remove signatures and save stream to a new file
          aNewFileName := Copy(aFileName, 1, length(aFileName) - 4);
          Fn := TFileStream.Create(aNewFileName, fmCreate);

          aFileName := aNewFileName;
          MessageDlg('No signatures found. Validation cannot be done.', mtError, [mbOK], 0);

I removed the clear of the treelist of the sigForm.
Having a .p7m.p7m in the second loop the CMS.SignatureCount is 0. So there must be something wrong with the .ClearSignatures or .Save. I can open the newly created file (with one .p7m extension) with other tools like DIKE.exe and see the signatures. It seems the TElSignedCMSMessage cannot read the files created by itself. Should you need the original p7m I can send it by private email.
best regards
Posted: 11/28/2014 05:36:53
by Vsevolod Ievgiienko (EldoS Corp.)

I've created a Helpdesk ticket for you. Please post the sample file there.



Topic viewed 572 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!