Eric Winfly

Nice Angus its work now, very thanks !

I try this and same error AccessViolation $0000000C in libcrypto-3.dll i think this dll is not loaded ?

Yes i change the depreciate define and rebuilt all but me i use CBIcsInstallVclFmx.groupproj this is good ? Or i need to rebuilt some delphi project ?

What is your version of your openssl you run because with brand new compiled ics 9.5 and openssl 3.5.2.0 i always receive EAccessViolation in module libcrypto-3.dll Read of adresse 0000000C ? If i go in debug mode on pemtool and go directly to the func EncryptPublicRSA(PubKey, PAnsiChar(S), Length(S), nil, Len, Padding); // THIS CALL WORK for obtain the length SetLength(Result, Len); if EncryptPublicRSA(PubKey, PAnsiChar(S), Length(S), PAnsiChar(Result), Len, Padding) then // BUT THIS ONE AccessViolation The first call for the length work but the other for obtain the buffer make accessviolation ?

Angus could you please find me a solution to Encrypt RSA Text from public key with Ics because i always receive libcrypto-3.dll access violation. I have try your new version 9.5 with deprectec_openssl activate but this not work, i have update openssl dll to the lastest 2.5.2 but always have acces violation ? If i need to use an older version for Ics or OpenSsl for EncryptRsaPublic work, tell me, im very bad and i need to produce this project for the next week Many thanks for all, Eric !

Thanks, you know if i can use it with a pem file contening only cert with only public key ? The gouv only returning Cert with public key ? He use X509Certificat to add to Windows Store and after he reload it for calling RSA Encrypt with PublicKey but whatever i search over internet and all openssl pkeyutl cmd i try always tell me openssl pkeyutl -encrypt -inkey CertificatPSI.pem -pubin -in pass.txt -out pass.enc Could not find private key of public key from CertificatPSI.pem pkeyutl: Error loading key Im afraid about all about certificat

Now i need to Encrypt with RSA public Key but the function StrEncRsa make fault on libcrypto-3.dll with the sample IcsPemTool this is normal i take a look at source code and this function make a first call to EncryptPublicRSA with OutBuf = nil this could be the problem ? i also try to make call directly to EncryptPublicRSA but C++ dont want to find a good declaration of this func ??

I have done in my source code and i send to you for algorytm. It in C++ but i think its usefull for you also its fully tested and debugged :) Cheers !

Thanks Angus i found and it work now, there is my code if you need in futur : String SignData(String Data) { TSslCertTools *Tool = new TSslCertTools(NULL); AnsiString DataEnc; TBytes SignTB, DataTB; Tool->PrivateKeyLoadFromText(Configuration->FieldByName("CertificatKey")->AsString, ""); DataTB = IcsStringToTBytes(Data); SignTB = IcsAsymSignDigestTB(DataTB, Tool->PrivateKey, Digest_sha256); SignTB = ConvertASNToP1363(SignTB); DataEnc = IcsBase64EncodeTB(SignTB); delete Tool; return (DataEnc); } TBytes ConvertASNToP1363(TBytes SignatureTB) { TBytes bSignature; bSignature.Length = 64; TBytes bR = ExtraireR(SignatureTB); TBytes bS = ExtraireS(SignatureTB); System::Move(&bR[0], &bSignature[0], 32); System::Move(&bS[0], &bSignature[32], 32); return(bSignature); } TBytes ExtraireR(TBytes Signature) { int debutR = (Signature[1] & 0x80) != 0 ? 3 : 2; int longueurR = Signature[debutR + 1]; TBytes bR; bR.Length = 32; TBytes bTemp; bTemp.Length = longueurR; System::Move(&Signature[debutR + 2], &bTemp[0], longueurR); if (bTemp.Length == 33) System::Move(&bTemp[1], &bR[0], 32); else if (bTemp.Length <= 32) System::Move(&bTemp[0], &bR[32 - bTemp.Length], bTemp.Length); return(bR); } TBytes ExtraireS(TBytes Signature) { int debutR = (Signature[1] & 0x80) != 0 ? 3 : 2; int longueurR = Signature[debutR + 1]; int debutS = debutR + 2 + longueurR; int longueurS = Signature[debutS + 1]; TBytes bS; bS.Length = 32; TBytes bTemp; bTemp.Length = longueurS; System::Move(&Signature[debutS + 2], &bTemp[0], longueurS); if (bTemp.Length == 33) System::Move(&bTemp[1], &bS[0], 32); else if (bTemp.Length <= 32) System::Move(&bTemp[0], &bS[32 - bTemp.Length], bTemp.Length); return(bS); } Eric

So IcsAsymSignDigest Return only sign digest base on asn.1, i need to convert to ieee p1363 ? Nothing do this in Ics Library ?

Also im not sure if ICS Library digital signature with format p1363 or ASN, i also need to create a p1363 sign ?

This is what i try before but my content i need to sign text like this : 100000000120250815090926+000000000.25+000000000.50+000000005.75567891234RT00015678912340TQ0001FACOPE======================================================================================== And when i use your code you specify i obtain Base64Encoded String of length of 96 but her specification need a length of 88 (i use IcsBase64EncodeTB after SignDigest) ? Now i have try : TSslCertTools *Tool = new TSslCertTools(NULL); AnsiString DataEnc, Digest, Secret; TBytes SigTB, DataTB = IcsStringToTBytes(Data), SecretTB, DigestTB; //Tool->PrivateKeyLoadFromPemFile("Certificat.pem"); //DataEnc = IcsAsymSignDigest(Data, Tool->PrivateKey, Digest_sha256); //DataEnc = IcsBase64Encode(DataEnc); //DataEnc = IcsAsymSignDigest(Data, Tool->PrivateKey, Digest_sha256); //DataEnc = IcsBase64Encode(DataEnc); delete Tool; //return (DataEnc); //Configuration->FieldByName("CertificatKEY")->AsString; Secret = Configuration->FieldByName("CertificatKEY")->AsString; DataTB = IcsStringToTBytes(Data); SecretTB = IcsStringToTBytes(Secret); DigestTB = IcsHMACDigestTB(DataTB, SecretTB, Digest_sha512); DataEnc = IcsBase64EncodeTB(DigestTB); With this last call i obtain 88 of length but the server tell me this is not sign with the FingerPrint of the last cert ??? Note : i put Digest_sha512 because this give me 88 of length !

Nothing work because some specification, im found nothing about SignData on C#, her asking me to sign with crypt algorithme ECDSA_P256 with a key of 256 bits. Have you some idea ? my result of encryption have 96 of length and should be 88, her tell me i didnt use Elllecptic algo ECDSA_P256 ! // This is her code in C# i need to reproduce in C++ Builder or Delphi X509Certificate2 cert = Utiles.GetCertificate( CertificateSerialNumberSRS ); byte[ ] bTextToSign = Encoding.UTF8.GetBytes( TextToSign.Trim( ) ); using( ECDsa ecdsa = cert.GetECDsaPrivateKey( ) ) { if( ecdsa == null ) throw new ArgumentException( "The certificate must have an ECDSA private key. Le certificat doit avoir une clef privée ECDSA.", nameof( cert ) ); return ecdsa.SignData( bTextToSign, HashAlgorithmName.SHA256 ); } Eric

it only a test certificat and private key are not used for reel (also i change some letter in this sample 🙂

For information i found my PublicKey but its a ESCDA Public Key thats the problem ?