Eric Winfly

I use TSslCertTools for generating a KeyPair and Certificate CSR but i have a probleme with the Subject variable, i can find a ways to specify GN= and SN= because i only see the general variable like this : TSslCertTools *Tool = new TSslCertTools(NULL); Tool->CommonName = "Common Name"; Tool->Organization = "Org"; Tool->OrgUnit = "Org Unit"; Tool->Locality = "Montreal"; Tool->State = "QC"; Tool->Country = "CA"; I have search all source code for Extended option or Subject line to specify my own data but nothing found ?

Hi Angus, nice job i think i can try this new version just at end of my work 🙂

Nice Angus its work now, very thanks !

I try this and same error AccessViolation $0000000C in libcrypto-3.dll i think this dll is not loaded ?

Yes i change the depreciate define and rebuilt all but me i use CBIcsInstallVclFmx.groupproj this is good ? Or i need to rebuilt some delphi project ?

What is your version of your openssl you run because with brand new compiled ics 9.5 and openssl 3.5.2.0 i always receive EAccessViolation in module libcrypto-3.dll Read of adresse 0000000C ? If i go in debug mode on pemtool and go directly to the func EncryptPublicRSA(PubKey, PAnsiChar(S), Length(S), nil, Len, Padding); // THIS CALL WORK for obtain the length SetLength(Result, Len); if EncryptPublicRSA(PubKey, PAnsiChar(S), Length(S), PAnsiChar(Result), Len, Padding) then // BUT THIS ONE AccessViolation The first call for the length work but the other for obtain the buffer make accessviolation ?

Angus could you please find me a solution to Encrypt RSA Text from public key with Ics because i always receive libcrypto-3.dll access violation. I have try your new version 9.5 with deprectec_openssl activate but this not work, i have update openssl dll to the lastest 2.5.2 but always have acces violation ? If i need to use an older version for Ics or OpenSsl for EncryptRsaPublic work, tell me, im very bad and i need to produce this project for the next week Many thanks for all, Eric !

Thanks, you know if i can use it with a pem file contening only cert with only public key ? The gouv only returning Cert with public key ? He use X509Certificat to add to Windows Store and after he reload it for calling RSA Encrypt with PublicKey but whatever i search over internet and all openssl pkeyutl cmd i try always tell me openssl pkeyutl -encrypt -inkey CertificatPSI.pem -pubin -in pass.txt -out pass.enc Could not find private key of public key from CertificatPSI.pem pkeyutl: Error loading key Im afraid about all about certificat

Now i need to Encrypt with RSA public Key but the function StrEncRsa make fault on libcrypto-3.dll with the sample IcsPemTool this is normal i take a look at source code and this function make a first call to EncryptPublicRSA with OutBuf = nil this could be the problem ? i also try to make call directly to EncryptPublicRSA but C++ dont want to find a good declaration of this func ??

I have done in my source code and i send to you for algorytm. It in C++ but i think its usefull for you also its fully tested and debugged :) Cheers !

Thanks Angus i found and it work now, there is my code if you need in futur : String SignData(String Data) { TSslCertTools *Tool = new TSslCertTools(NULL); AnsiString DataEnc; TBytes SignTB, DataTB; Tool->PrivateKeyLoadFromText(Configuration->FieldByName("CertificatKey")->AsString, ""); DataTB = IcsStringToTBytes(Data); SignTB = IcsAsymSignDigestTB(DataTB, Tool->PrivateKey, Digest_sha256); SignTB = ConvertASNToP1363(SignTB); DataEnc = IcsBase64EncodeTB(SignTB); delete Tool; return (DataEnc); } TBytes ConvertASNToP1363(TBytes SignatureTB) { TBytes bSignature; bSignature.Length = 64; TBytes bR = ExtraireR(SignatureTB); TBytes bS = ExtraireS(SignatureTB); System::Move(&bR[0], &bSignature[0], 32); System::Move(&bS[0], &bSignature[32], 32); return(bSignature); } TBytes ExtraireR(TBytes Signature) { int debutR = (Signature[1] & 0x80) != 0 ? 3 : 2; int longueurR = Signature[debutR + 1]; TBytes bR; bR.Length = 32; TBytes bTemp; bTemp.Length = longueurR; System::Move(&Signature[debutR + 2], &bTemp[0], longueurR); if (bTemp.Length == 33) System::Move(&bTemp[1], &bR[0], 32); else if (bTemp.Length <= 32) System::Move(&bTemp[0], &bR[32 - bTemp.Length], bTemp.Length); return(bR); } TBytes ExtraireS(TBytes Signature) { int debutR = (Signature[1] & 0x80) != 0 ? 3 : 2; int longueurR = Signature[debutR + 1]; int debutS = debutR + 2 + longueurR; int longueurS = Signature[debutS + 1]; TBytes bS; bS.Length = 32; TBytes bTemp; bTemp.Length = longueurS; System::Move(&Signature[debutS + 2], &bTemp[0], longueurS); if (bTemp.Length == 33) System::Move(&bTemp[1], &bS[0], 32); else if (bTemp.Length <= 32) System::Move(&bTemp[0], &bS[32 - bTemp.Length], bTemp.Length); return(bS); } Eric

So IcsAsymSignDigest Return only sign digest base on asn.1, i need to convert to ieee p1363 ? Nothing do this in Ics Library ?

Also im not sure if ICS Library digital signature with format p1363 or ASN, i also need to create a p1363 sign ?

This is what i try before but my content i need to sign text like this : 100000000120250815090926+000000000.25+000000000.50+000000005.75567891234RT00015678912340TQ0001FACOPE======================================================================================== And when i use your code you specify i obtain Base64Encoded String of length of 96 but her specification need a length of 88 (i use IcsBase64EncodeTB after SignDigest) ? Now i have try : TSslCertTools *Tool = new TSslCertTools(NULL); AnsiString DataEnc, Digest, Secret; TBytes SigTB, DataTB = IcsStringToTBytes(Data), SecretTB, DigestTB; //Tool->PrivateKeyLoadFromPemFile("Certificat.pem"); //DataEnc = IcsAsymSignDigest(Data, Tool->PrivateKey, Digest_sha256); //DataEnc = IcsBase64Encode(DataEnc); //DataEnc = IcsAsymSignDigest(Data, Tool->PrivateKey, Digest_sha256); //DataEnc = IcsBase64Encode(DataEnc); delete Tool; //return (DataEnc); //Configuration->FieldByName("CertificatKEY")->AsString; Secret = Configuration->FieldByName("CertificatKEY")->AsString; DataTB = IcsStringToTBytes(Data); SecretTB = IcsStringToTBytes(Secret); DigestTB = IcsHMACDigestTB(DataTB, SecretTB, Digest_sha512); DataEnc = IcsBase64EncodeTB(DigestTB); With this last call i obtain 88 of length but the server tell me this is not sign with the FingerPrint of the last cert ??? Note : i put Digest_sha512 because this give me 88 of length !

Nothing work because some specification, im found nothing about SignData on C#, her asking me to sign with crypt algorithme ECDSA_P256 with a key of 256 bits. Have you some idea ? my result of encryption have 96 of length and should be 88, her tell me i didnt use Elllecptic algo ECDSA_P256 ! // This is her code in C# i need to reproduce in C++ Builder or Delphi X509Certificate2 cert = Utiles.GetCertificate( CertificateSerialNumberSRS ); byte[ ] bTextToSign = Encoding.UTF8.GetBytes( TextToSign.Trim( ) ); using( ECDsa ecdsa = cert.GetECDsaPrivateKey( ) ) { if( ecdsa == null ) throw new ArgumentException( "The certificate must have an ECDSA private key. Le certificat doit avoir une clef privée ECDSA.", nameof( cert ) ); return ecdsa.SignData( bTextToSign, HashAlgorithmName.SHA256 ); } Eric

it only a test certificat and private key are not used for reel (also i change some letter in this sample 🙂

For information i found my PublicKey but its a ESCDA Public Key thats the problem ?

Im not an expert of Certificat and signing for explain my situation i have create a CSR after i send hover the server (gouverment) and he returning me my certificat, i have writen on pem file (its contening Certificat and Private Key). Now im communicate with the server with these Cert in my comm with RESTClient, sound good ! Now i need to send Json request and add some signed data to its structure, but i found no other ways to do this otherswise with StrEncRsa Someone can help me to found the good ways ? (The sample project from gouv it build in C# and it will use microsoft SignData function)

All work fine, now i need to Sign Data with my public key but the function tell me no RSA key found ? TSslCertTools *Tool = new TSslCertTools(NULL); String DataEnc; Tool->LoadFromPemFile("Certificat.pem"); DataEnc = String(StrEncRsa(Tool->X509PublicKey, Data, true)); return (DataEnc); Somebody can help or if i need to create an new post ?

Without think to repair this unit can store my cert into Windows Store (add, delete) ? Thanks for the add !

The SslTool have method for Save Cert to the Windows Store ? I see many methode have code for TMsCertTools but im not sure if i have acces with C++ package or i need to define MSCRYPT_Tool variable ? How can easily load my cert with pkey and Store this to Windows Store ?

Only use by her to validate the user who try to connect the server, before her return the real Certificat.

Hi added to the source and build package, its work fine now thanks ! For the use of names (GN, SN) i work on project for gouv of Quebec and he ask to put some parameter in this before signing my Cert, i dont think its a standars 😛

I see the only the GetNameEntryByNid(TRUE, NID_givenName) in ListCertDetail but i see nothing about the opposite SetNameEntryByNid(TRUE, NID_givenName, String) example ? I found no Edit box or other related component in the PemTool sample ? Can you copy some code for setting the givenName and surName this is the only thinks i need for my Cert Req, and yes the calling server return me the Signed Certificate but it ask for these 2 subject items ? Thanks Eric