Jump to content
Dave Nottage

Replicating a routine that uses OpenSSL to use another library

Recommended Posts

I'd like to be able to remove a dependency on OpenSSL, which is being used in this routine (original context here😞

class function TgoSSLHelper.Sign_RSASHA256(const AData: TBytes; const APrivateKey: TBytes;
  out ASignature: TBytes): Boolean;
var
  BIOPrivateKey: PBIO;
  PrivateKey: PEVP_PKEY;
  Ctx: PEVP_MD_CTX;
  SHA256: PEVP_MD;
  Size: Cardinal;
begin
  BIOPrivateKey := BIO_new_mem_buf(@APrivateKey[0], Length(APrivateKey));
  PrivateKey := PEM_read_bio_PrivateKey(BIOPrivateKey, nil, nil, nil);
  Ctx := EVP_MD_CTX_create;
  try
    SHA256 := EVP_sha256;
    if (EVP_DigestSignInit(Ctx, nil, SHA256, nil, PrivateKey) > 0) and
      (EVP_DigestUpdate(Ctx, @AData[0], Length(AData)) > 0) and
      (EVP_DigestSignFinal(Ctx, nil, Size) > 0) then
    begin
      SetLength(ASignature, Size);
      Result := EVP_DigestSignFinal(Ctx, @ASignature[0], Size) > 0;
    end
    else
      Result := False;
  finally
    EVP_MD_CTX_destroy(Ctx);
  end;
end;

 I'm a bit green when it comes to cryptography routines, so I'm not exactly sure what it is doing, and the OpenSSL docs are quite verbose, however my goal is to be able to use another library like LockBox, or DCPCrypt (if it can handle it) so as to remove the dependency on OpenSSL. Can someone help replicate it using LockBox3 or perhaps some other (non-commercial) library, or at least point to which classes should be used?

Share this post


Link to post

That code is creating a digital signature using a private key and Sha-256. 

 

Windows does have various old high level APIs for signing, using Capicom or Mssign32.dll, I use Capicom to check the digital signatures on EXE files.  There must be low level APIs for signing as well, but I've never looked for them or used them, OpenSSL is so simple, albeit a large overhead since there is so much you don't need.  YuOpenSSL links it's into your application to avoid DLL hell.

 

Angus

 

Share this post


Link to post

I'm afraid OpenSSL is the cross platform solution.  Or one of it's forks. 

 

While there are native Delphi cryptography libraries, I've never seen a native library handling X509 certificates and PKCS-8 private keys..

 

Angus

 

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×