Eric Winfly 1 Posted Tuesday at 06:33 PM This is what i try before but my content i need to sign text like this : 100000000120250815090926+000000000.25+000000000.50+000000005.75567891234RT00015678912340TQ0001FACOPE======================================================================================== And when i use your code you specify i obtain Base64Encoded String of length of 96 but her specification need a length of 88 (i use IcsBase64EncodeTB after SignDigest) ? Now i have try : TSslCertTools *Tool = new TSslCertTools(NULL); AnsiString DataEnc, Digest, Secret; TBytes SigTB, DataTB = IcsStringToTBytes(Data), SecretTB, DigestTB; //Tool->PrivateKeyLoadFromPemFile("Certificat.pem"); //DataEnc = IcsAsymSignDigest(Data, Tool->PrivateKey, Digest_sha256); //DataEnc = IcsBase64Encode(DataEnc); //DataEnc = IcsAsymSignDigest(Data, Tool->PrivateKey, Digest_sha256); //DataEnc = IcsBase64Encode(DataEnc); delete Tool; //return (DataEnc); //Configuration->FieldByName("CertificatKEY")->AsString; Secret = Configuration->FieldByName("CertificatKEY")->AsString; DataTB = IcsStringToTBytes(Data); SecretTB = IcsStringToTBytes(Secret); DigestTB = IcsHMACDigestTB(DataTB, SecretTB, Digest_sha512); DataEnc = IcsBase64EncodeTB(DigestTB); With this last call i obtain 88 of length but the server tell me this is not sign with the FingerPrint of the last cert ??? Note : i put Digest_sha512 because this give me 88 of length ! Share this post Link to post
Eric Winfly 1 Posted Tuesday at 08:43 PM Also im not sure if ICS Library digital signature with format p1363 or ASN, i also need to create a p1363 sign ? Share this post Link to post
Angus Robertson 660 Posted yesterday at 08:00 AM Sha256 and Sha512 give different length digests, and HMAC is not using a private key. Private keys are not strings. Digests are binary, there are lots of ways of converting binary to text, variations of bas64, hex, etc. You need to work which version gives you the length you need. ASN is the binary format of X509 certificates, never heard of p1363. Signing gives a digest, nothing more. Angus Share this post Link to post
Eric Winfly 1 Posted yesterday at 10:03 AM 2 hours ago, Angus Robertson said: Sha256 and Sha512 give different length digests, and HMAC is not using a private key. Private keys are not strings. Digests are binary, there are lots of ways of converting binary to text, variations of bas64, hex, etc. You need to work which version gives you the length you need. ASN is the binary format of X509 certificates, never heard of p1363. Signing gives a digest, nothing more. Angus So IcsAsymSignDigest Return only sign digest base on asn.1, i need to convert to ieee p1363 ? Nothing do this in Ics Library ? Share this post Link to post
Angus Robertson 660 Posted yesterday at 10:29 AM Have a read at https://blog.yaakov.online/ecdsa-signatures-openssl-vs-net/ might give you a few clues. I'm not planning any signing changes in ICS at the moment, the next release is weeks overdue. Angus Share this post Link to post
Eric Winfly 1 Posted 18 hours ago Thanks Angus i found and it work now, there is my code if you need in futur : String SignData(String Data) { TSslCertTools *Tool = new TSslCertTools(NULL); AnsiString DataEnc; TBytes SignTB, DataTB; Tool->PrivateKeyLoadFromText(Configuration->FieldByName("CertificatKey")->AsString, ""); DataTB = IcsStringToTBytes(Data); SignTB = IcsAsymSignDigestTB(DataTB, Tool->PrivateKey, Digest_sha256); SignTB = ConvertASNToP1363(SignTB); DataEnc = IcsBase64EncodeTB(SignTB); delete Tool; return (DataEnc); } TBytes ConvertASNToP1363(TBytes SignatureTB) { TBytes bSignature; bSignature.Length = 64; TBytes bR = ExtraireR(SignatureTB); TBytes bS = ExtraireS(SignatureTB); System::Move(&bR[0], &bSignature[0], 32); System::Move(&bS[0], &bSignature[32], 32); return(bSignature); } TBytes ExtraireR(TBytes Signature) { int debutR = (Signature[1] & 0x80) != 0 ? 3 : 2; int longueurR = Signature[debutR + 1]; TBytes bR; bR.Length = 32; TBytes bTemp; bTemp.Length = longueurR; System::Move(&Signature[debutR + 2], &bTemp[0], longueurR); if (bTemp.Length == 33) System::Move(&bTemp[1], &bR[0], 32); else if (bTemp.Length <= 32) System::Move(&bTemp[0], &bR[32 - bTemp.Length], bTemp.Length); return(bR); } TBytes ExtraireS(TBytes Signature) { int debutR = (Signature[1] & 0x80) != 0 ? 3 : 2; int longueurR = Signature[debutR + 1]; int debutS = debutR + 2 + longueurR; int longueurS = Signature[debutS + 1]; TBytes bS; bS.Length = 32; TBytes bTemp; bTemp.Length = longueurS; System::Move(&Signature[debutS + 2], &bTemp[0], longueurS); if (bTemp.Length == 33) System::Move(&bTemp[1], &bS[0], 32); else if (bTemp.Length <= 32) System::Move(&bTemp[0], &bS[32 - bTemp.Length], bTemp.Length); return(bS); } Eric Share this post Link to post
Angus Robertson 660 Posted 7 hours ago Adding the three functions to convert the ASN.1 signature to the simpler IEEE version would be good, but I need Delphi code for ICS. Angus Share this post Link to post
Eric Winfly 1 Posted 3 hours ago 4 hours ago, Angus Robertson said: Adding the three functions to convert the ASN.1 signature to the simpler IEEE version would be good, but I need Delphi code for ICS. Angus I have done in my source code and i send to you for algorytm. It in C++ but i think its usefull for you also its fully tested and debugged :) Cheers ! Share this post Link to post
![Delphi-PRAXiS [en]](https://en.delphipraxis.net/uploads/monthly_2018_12/logo.png.be76d93fcd709295cb24de51900e5888.png){kind=logo}
