Search the Community

Hello everyone, I'm working on a Delphi project that requires signing a request signature with RSASSA-PSS algorithm. In my implementation, I initialize the signing context with EVP_DigestSignInit using SHA-256. However, when I attempt to set the salt length with EVP_PKEY_CTX_set_rsa_pss_saltlen(PSSCtx, 32), it consistently returns an error. I'm using the OverByteIcsLIBEAY.pas functions. Params I need to use for the signature: Hash algorithm: SHA-256 Mask generation function: MGF1 Mask generation algorithm: SHA-256 Salt length: 32 bytes (= 256 bits, same as the hash length) Trailer field: 1 Has anyone here encountered similar issues with RSASSA-PSS in OpenSSL, particularly with setting the salt length? Any advice on handling this setup in Delphi would be greatly appreciated! Thanks in advance! function TIsabelData.SignData(const AData: TBytes; APrivateKey: PEVP_PKEY): string; var SignCtx: PEVP_MD_CTX; PSSCtx: PEVP_PKEY_CTX; Sig: TBytes; SigLen: Cardinal; ErrCode: Cardinal; begin if EVP_PKEY_base_id(APrivateKey) <> EVP_PKEY_RSA then raise Exception.Create('The provided key is not an RSA key'); SignCtx := EVP_MD_CTX_create; PSSCtx := nil; try if EVP_DigestSignInit(SignCtx, @PSSCtx, EVP_sha256, nil, APrivateKey) <> 1 then raise Exception.Create('Error initializing digest sign'); if EVP_PKEY_CTX_set_rsa_padding(PSSCtx, RSA_PKCS1_PSS_PADDING) <= 0 then raise Exception.Create('Error setting RSA PSS padding'); if EVP_PKEY_CTX_set_rsa_pss_saltlen(PSSCtx, 32) <= 0 then begin ErrCode := ERR_get_error; raise Exception.Create('Error setting RSA PSS salt length: ' + string(ERR_reason_error_string(ErrCode))); end; if EVP_PKEY_CTX_set_rsa_mgf1_md(PSSCtx, EVP_sha256) <= 0 then raise Exception.Create('Error setting MGF1 to SHA256'); if EVP_DigestSignUpdate(SignCtx, @AData[0], Length(AData)) <> 1 then raise Exception.Create('Error updating digest sign'); SigLen := 0; if EVP_DigestSignFinal(SignCtx, nil, @SigLen) <> 1 then raise Exception.Create('Error finalizing digest sign'); SetLength(Sig, SigLen); if EVP_DigestSignFinal(SignCtx, @Sig[0], @SigLen) <> 1 then raise Exception.Create('Error finalizing digest sign'); Result := TNetEncoding.Base64.EncodeBytesToString(Sig); finally EVP_MD_CTX_free(SignCtx); EVP_PKEY_CTX_free(PSSCtx); end; end;

With this new year, it was time to make a mORMot 2 release. We went a bit behind the SQlite3 engine, and we added some nice features. 😎 Main added features: - OpenSSL 3.0/3.1 direct support in addition to 1.1 (with auto-switch at runtime) - Native X.509, RSA and HSM support - mget utility (wget + peer cache) Main changes: - Upgraded SQLite3 to 3.44.2 - Lots of bug fixes and enhancements (especially about cryptography and networking) - A lot of optimizations, so that we eventually reached in top 12 ranking of all frameworks tested by TFB https://github.com/synopse/mORMot2/releases/tag/2.2.stable 🙂

Today, almost all computer security relies on asymmetric cryptography and X.509 certificates as file or hardware modules. And the RSA algorithm is still used to sign the vast majority of those certificates. Even if there are better options (like ECC-256), RSA-2048 seems the actual standard, at least still allowed for a few years. So we added pure pascal RSA cryptography and X.509 certificates support in mORMot 2. Last but not least, we also added Hardware Security Modules support via the PKCS#11 standard. Until now, we were mostly relying on OpenSSL, but a native embedded solution would be smaller in code size, better for reducing dependencies, and easier to work with (especially for HSM). The main idea is to offer only safe algorithms and methods, so that you can write reliable software, even if you are no cryptographic expert. 😉 More information in our blog article about this almost unique features set in Delphi (and FPC): https://blog.synopse.info/?post/2023/12/09/Native-X.509-and-RSA-Support

I'm using the "SSH_Pascal" library and creating an SSH connection via delphi. After a lot of effort I discovered that it is necessary to have your RSA key and your host in this file called "known_hosts" in windows it is usually at: %USERPROFILE% + .ssh\known_hosts To create an RSA key using openSSH via CMD is simple, see the command: ssh-keyscan -t rsa your host There, your RSA key is created. The only difficulty I'm having is getting this RSA via cmd and adding it to the file. the simplest way through cmd would be: ssh-keyscan -t rsa your host > %USERPROFILE% + .ssh\known_hosts To insert the value into the file. But using by delphi is not working. I tried using a function(GIst.Github) to get the DOS output, without success. When it enters This step of the Function WasOK := ReadFile(StdOutPipeRead, Buffer, 255, BytesRead, nil); it hangs It just hangs. I've tried to increase the buffer size but without success, does anyone have any ideas?