Search the Community

Hello everyone, I'm working on a Delphi project that requires signing a request signature with RSASSA-PSS algorithm. In my implementation, I initialize the signing context with EVP_DigestSignInit using SHA-256. However, when I attempt to set the salt length with EVP_PKEY_CTX_set_rsa_pss_saltlen(PSSCtx, 32), it consistently returns an error. I'm using the OverByteIcsLIBEAY.pas functions. Params I need to use for the signature: Hash algorithm: SHA-256 Mask generation function: MGF1 Mask generation algorithm: SHA-256 Salt length: 32 bytes (= 256 bits, same as the hash length) Trailer field: 1 Has anyone here encountered similar issues with RSASSA-PSS in OpenSSL, particularly with setting the salt length? Any advice on handling this setup in Delphi would be greatly appreciated! Thanks in advance! function TIsabelData.SignData(const AData: TBytes; APrivateKey: PEVP_PKEY): string; var SignCtx: PEVP_MD_CTX; PSSCtx: PEVP_PKEY_CTX; Sig: TBytes; SigLen: Cardinal; ErrCode: Cardinal; begin if EVP_PKEY_base_id(APrivateKey) <> EVP_PKEY_RSA then raise Exception.Create('The provided key is not an RSA key'); SignCtx := EVP_MD_CTX_create; PSSCtx := nil; try if EVP_DigestSignInit(SignCtx, @PSSCtx, EVP_sha256, nil, APrivateKey) <> 1 then raise Exception.Create('Error initializing digest sign'); if EVP_PKEY_CTX_set_rsa_padding(PSSCtx, RSA_PKCS1_PSS_PADDING) <= 0 then raise Exception.Create('Error setting RSA PSS padding'); if EVP_PKEY_CTX_set_rsa_pss_saltlen(PSSCtx, 32) <= 0 then begin ErrCode := ERR_get_error; raise Exception.Create('Error setting RSA PSS salt length: ' + string(ERR_reason_error_string(ErrCode))); end; if EVP_PKEY_CTX_set_rsa_mgf1_md(PSSCtx, EVP_sha256) <= 0 then raise Exception.Create('Error setting MGF1 to SHA256'); if EVP_DigestSignUpdate(SignCtx, @AData[0], Length(AData)) <> 1 then raise Exception.Create('Error updating digest sign'); SigLen := 0; if EVP_DigestSignFinal(SignCtx, nil, @SigLen) <> 1 then raise Exception.Create('Error finalizing digest sign'); SetLength(Sig, SigLen); if EVP_DigestSignFinal(SignCtx, @Sig[0], @SigLen) <> 1 then raise Exception.Create('Error finalizing digest sign'); Result := TNetEncoding.Base64.EncodeBytesToString(Sig); finally EVP_MD_CTX_free(SignCtx); EVP_PKEY_CTX_free(PSSCtx); end; end;

Hi Team, D10.3.3, 32Bit Apps. I have written a couple of native Windows Apps for a Company that is now making them available to their Customers via ThinFinity from Cybele Software. https://www.cybelesoft.com/ Some of their Field Techs are now using it to log and complete tasks in the field via the browser on their Company iPads. Everything works as designed, no issue. What they, the Company, have now asked is if I can add the ability for their Customer to Sign the iPad against the Task signifying their acceptance that the Task is finished to their satisfaction. The Company expects the Signature to be recorded against the database Task record. Given the configuration.. Application running on a Win 2012 Server via Thinfinity and the Web to the browser on the iPad. Is it even possible to capture the signature through this means? I can certainly add a field in the database and Tasking interface to present a Memo field of some sort but I don't know that it is possible for the application to capture a signature via the iPad hardware/software. Does anybody have any experience/thoughts along these lines? Regards & TIA, Ian