EldoS | Feel safer!

Software components for data protection, secure storage and transfer

how to sign a hash

Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.
#37584
Posted: 08/29/2016 05:48:28
by delagoutte jean (Standard support level)
Joined: 04/02/2009
Posts: 34

Hello,

I can sign files by using your post in :
https://www.eldos.com/security/articles/7882.php?page=all

But i want to do the same thing not with files but with their hash, because the documents are on a server.

How can i do this ?

Thank you
#37585
Posted: 08/29/2016 09:23:57
by Ken Ivanov (EldoS Corp.)

Hi Jean,

Thank you for getting in touch.

You can use the CMS classes (TElSignedCMSMessage and TElCMSSignature) to sign document hashes just as you do with plain documents. What you need to do is pass the hash as the content to be signed and adjust the TElSignedCMSMessage.Content.ContentIsHash property to indicate that the source is the hash.

Ken
#37596
Posted: 08/30/2016 05:49:27
by delagoutte jean (Standard support level)
Joined: 04/02/2009
Posts: 34

Hi ken,

Instead of
Code
        CMSMessage := TElSignedCMSMessage.Create(nil);
        DataStream := TFileStream.Create(FileSource, fmOpenRead);
        CMSMessage.CreateNew(DataStream, 0, DataStream.Size);

i do
Code
  CMSMessage := TElSignedCMSMessage.Create(nil);
  CMSMessage.Content.AddKnownHash(SB_ALGORITHM_DGST_SHA256,'',HashSource);
  CMSMessage.Content.ContentIsHash := True;


But it is not that. Error on the function AddKnownHash.
i really miss something :(
#37597
Posted: 08/30/2016 06:01:21
by Vsevolod Ievgiienko (EldoS Corp.)

Quote
What you need to do is pass the hash as the content to be signed

So the code should be like this:

Code
CMSMessage.CreateNew(hash, 0, hash.Size);
CMSMessage.Content.ContentIsHash := True;
#37598
Posted: 08/30/2016 06:41:32
by delagoutte jean (Standard support level)
Joined: 04/02/2009
Posts: 34

yes, i post too early , sorry.

I've now one other problem : convert my hash into stream


i ve :
Code
function GetHash256(aSourceFile : string): string;
var
  aFile : TFileStream;
  myhash : TElHashFunction;
  dgst : ByteArray;
begin
  try
     aFile:= TFileStream.Create(aSourceFile, fmShareDenyWrite);
     MyHash :=TElHashFunction.Create(SB_OID_SHA256{SB_ALGORITHM_DGST_SHA256});
     myhash.UpdateStream(aFile, 0);
     dgst:=myhash.Finish;
     result:= ByteArrayToStr(dgst);
     MyHash.Free;
     Afile.Free;
  except
     on e: exception do
     begin
       MyHash.Free;
       Afile.Free;
       Raise;
     end;
  end;

end;


So i have a string to put on a stream :
i do
Code
      atsream := TMemoryStream.Create;
      atsream.Seek(0, soFromBeginning);

      atsream.WriteBuffer(HashSource[1], Length(HashSource));



but i have an error again when calling CAdESProcessor.CreateBES(aCert);
#37605
Posted: 08/31/2016 09:11:59
by delagoutte jean (Standard support level)
Joined: 04/02/2009
Posts: 34

It seems that :
in unit SBASN1Tree
function TElASN1DataSource.Read(Buffer: pointer; Size: integer; Offset: Int64): integer;
FContentStream is null
so there is an acces violation on
FContentStream.Position := FContentOffset + Offset;
#37610
Posted: 09/01/2016 03:28:30
by delagoutte jean (Standard support level)
Joined: 04/02/2009
Posts: 34

my fault !
i was doing FreeAndNil(atsream);
just after CMSMessage.CreateNew(atsream, 0, atsream.Size);
and not at the and.

Thank you for your help
#37616
Posted: 09/01/2016 09:44:56
by delagoutte jean (Standard support level)
Joined: 04/02/2009
Posts: 34

Hello,

All seems good. No errors, but when i verify the signature, it is incorrect.

i calculate the same hash as you calculate when you sign a file. i copy the same method.

but the function
function TElCMSSignature.CalculateDigest(Data : TElCMSContent): ByteArray;
...
SetLength(Result, Data.Size);
Data.Read(@Result[0], Length(Result), 0);
exit
...

no return the same hash as i pass

is there something to add/change ?
#37621
Posted: 09/02/2016 10:55:30
by Eugene Mayevski (EldoS Corp.)

How exactly are you verifying the signature? Comparing it with something is not correct because signature contents will *always* be different.


Sincerely yours
Eugene Mayevski
#37625
Posted: 09/05/2016 03:30:57
by delagoutte jean (Standard support level)
Joined: 04/02/2009
Posts: 34

Hello,

I verify the signature with the same program which verify the signature when i sign directly a file.

I know the signature have always a different hash
I told you that because instead of :
SetLength(Result, Data.Size);
Data.Read(@Result[0], Length(Result), 0);

i write result := myhash
I've a correct signature file.
Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.

Reply

Statistics

Topic viewed 1308 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!