Dave Nottage 490 Posted August 27, 2022 I'd like to be able to remove a dependency on OpenSSL, which is being used in this routine (original context here😞 class function TgoSSLHelper.Sign_RSASHA256(const AData: TBytes; const APrivateKey: TBytes; out ASignature: TBytes): Boolean; var BIOPrivateKey: PBIO; PrivateKey: PEVP_PKEY; Ctx: PEVP_MD_CTX; SHA256: PEVP_MD; Size: Cardinal; begin BIOPrivateKey := BIO_new_mem_buf(@APrivateKey[0], Length(APrivateKey)); PrivateKey := PEM_read_bio_PrivateKey(BIOPrivateKey, nil, nil, nil); Ctx := EVP_MD_CTX_create; try SHA256 := EVP_sha256; if (EVP_DigestSignInit(Ctx, nil, SHA256, nil, PrivateKey) > 0) and (EVP_DigestUpdate(Ctx, @AData[0], Length(AData)) > 0) and (EVP_DigestSignFinal(Ctx, nil, Size) > 0) then begin SetLength(ASignature, Size); Result := EVP_DigestSignFinal(Ctx, @ASignature[0], Size) > 0; end else Result := False; finally EVP_MD_CTX_destroy(Ctx); end; end;  I'm a bit green when it comes to cryptography routines, so I'm not exactly sure what it is doing, and the OpenSSL docs are quite verbose, however my goal is to be able to use another library like LockBox, or DCPCrypt (if it can handle it) so as to remove the dependency on OpenSSL. Can someone help replicate it using LockBox3 or perhaps some other (non-commercial) library, or at least point to which classes should be used? Share this post Link to post
Angus Robertson 521 Posted August 28, 2022 That code is creating a digital signature using a private key and Sha-256.  Windows does have various old high level APIs for signing, using Capicom or Mssign32.dll, I use Capicom to check the digital signatures on EXE files. There must be low level APIs for signing as well, but I've never looked for them or used them, OpenSSL is so simple, albeit a large overhead since there is so much you don't need. YuOpenSSL links it's into your application to avoid DLL hell.  Angus  Share this post Link to post
Dave Nottage 490 Posted August 28, 2022 Thanks, however I'm after something that is cross-platform. Share this post Link to post
Angus Robertson 521 Posted August 29, 2022 I'm afraid OpenSSL is the cross platform solution. Or one of it's forks.  While there are native Delphi cryptography libraries, I've never seen a native library handling X509 certificates and PKCS-8 private keys..  Angus  Share this post Link to post
![Delphi-PRAXiS [en]](https://en.delphipraxis.net/uploads/monthly_2018_12/logo.png.be76d93fcd709295cb24de51900e5888.png){kind=logo}
