Sign string text

#40214
Posted: 02/01/2018 14:17:44
by Eduardo Helminsky (Standard support level)
Joined: 08/20/2010
Posts: 126

Hi.

I have been using the code below to sign string text since last year and it is working like expected but after change my A3 certificate (expires) to A1, it generate the result but in the site from governor that validades this signature they say it is incorrect. Is there some changes I can do to solve this ? Or what should I try to fix my problem ?

Code
function SignString(cStr: String): String;
var KeyMaterial: TElPublicKeyMaterial;
    Crypto: TElRSAPublicKeyCrypto;
    sInput: TMemoryStream;
    sOutput: TMemoryStream;
begin
     if FCert = nil then begin
        raise Exception.Create('@Nenhum certificado digital foi informado para assinar');
     end;

     Result := '';

     cStr := Base64EncodeString(cStr,False);

     KeyMaterial := TElRSAKeyMaterial.Create;
     try
        KeyMaterial.Assign(FCert.KeyMaterial);

        Crypto := TElRSAPublicKeyCrypto.Create;
        try
           Crypto.InputEncoding := pkeBase64;
           Crypto.OutputEncoding := pkeBase64;
           Crypto.KeyMaterial := KeyMaterial;
           Crypto.HashAlgorithm := SB_ALGORITHM_DGST_SHA256;

           sInput := TMemoryStream.Create;
           try
              sInput.Write(Pointer(cStr)^, Length(cStr) * SizeOf(Char));
              sInput.Position := 0;
              sOutput := TStringStream.Create;
              try
                 Crypto.SignDetached(sInput, sOutput);
                 SetString(Result, PAnsiChar(sOutput.Memory), sOutput.Size);
              finally
                 FreeAndNil(sOutput);
              end;
           finally
              FreeAndNil(sInput);
           end;
        finally
           FreeAndNil(Crypto);
        end;
     finally
        FreeAndNil(KeyMaterial);
     end;
end;


Thanks in advance
#40217
Posted: 02/02/2018 08:01:04
by Ken Ivanov (Team)

Hi Eduardo,

Thank you for getting in touch.

The only reason I can think of is that you started getting longer signatures due to increased key length in your new certificate, and those longer signatures are somehow being truncated in transit to the verifiers. Any other inconsistency (like certificate algorithm change) would have been detected in the components themselves and reported via an exception.

It would help much if you send us your old and new certificates, along with sample old and new signatures, via help desk so we can have a look and let you know what might go wrong with more certainty.

Ken
#40237
Posted: 02/14/2018 13:11:39
by Eduardo Helminsky (Standard support level)
Joined: 08/20/2010
Posts: 126

Ken

Sorry for long delay.

There were nothing wrong with the signing process.

After some research I have found I have to save my certificate in Base64 and submit to the site. After I have done it, the signature validation process became OK.

Thank you anyway

Eduardo

Reply

Statistics

Topic viewed 490 times

Number of guests: 1, registered members: 0, in total hidden: 0





Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!