0

We're at the breakup point where we need to add an option for a client to sign the XML with certificate. As out whole software is made in Delphi, we'd like to implement this within the app itself (or via the dll library, in case there is anything out there that could be used like this more easily).

Out SW creates the XML, which needs to be signed with the clients cerfiticate (using private key).

Based on a lot of reading here on the web, all I can conclude is this: Confusion.

What are our options? Any good examples/guides on how to achieve this?

We've tried going through this here and this here, but nothing useful came out...

We're using Delphi 7 and Delphi XE3 (depends on the module of the app, but basically it doesn't really matter for which one we get the solution).

Note: I apologize upfront for generalized question, but I'm all new into cerfiticates field!

Thanks. Best, M.

Community
  • 1
  • 1
That Marc
  • 1,134
  • 3
  • 19
  • 42
  • You can use `capicom` https://msdn.microsoft.com/en-us/library/windows/desktop/aa375732%28v=vs.85%29.aspx . Capicom has been declared as deprecated because it is only implemented in 32 bit. But it works well in all 32 and 64 bits Windows (XP to Windows 10). – Val Marinov Sep 20 '15 at 13:48
  • @ValMarinov Do you happen to have any links to examples of this usage? Google mostly returns info about it being deprecated... – That Marc Sep 20 '15 at 14:06
  • 1
    I think that Google "delphi capicom example" will show a lot of resources. If not, I could make an example but I need some time. – Val Marinov Sep 20 '15 at 14:11
  • It shows lots of results, but don't really see other than encrypt/decrypt and SHA1 stuff... :( Anyway, in case you get to some link, or if you get to have some time to really make an example for me, It'd be way more than appreciated from my side! – That Marc Sep 20 '15 at 14:25
  • Ok I will do small example how to use digital signature with capicom in Delphi. I will try today, but maybe tomorrow will be ready – Val Marinov Sep 20 '15 at 14:33
  • Looking forward for it! Thank you a lot!! – That Marc Sep 20 '15 at 15:03
  • I have not forogtten for demo. Almost ready with it, but I'm too tired now to write the whole answer. In fact I'm not sure whether to post the whole code here or to upload the project. – Val Marinov Sep 21 '15 at 15:55
  • Whatever is easier for you!! I'll be happy getting either of them, and hopefully understand how they work! Today we managed to get *something* done via php, so I know at least approx what I'm after, though we're not entirely sure it's what we need. – That Marc Sep 22 '15 at 01:11

2 Answers2

0

One solution might be to use a 3rd party library such as XML BlackBox: https://www.eldos.com/SecureBlackbox/desc-xml.php

Jared Davison
  • 333
  • 3
  • 11
0

If you want to get lower level you could do pieces of it yourself referencing the documents:

http://www.w3.org/TR/xmldsig-core/

https://en.wikipedia.org/wiki/XML_Signature

Delphi Inspiration libxml wrapper lets you perform the canonicalisation part. http://www.yunqa.de/delphi/doku.php/products/xml/index

You could then sign it with openssl and add the signature element

Jared Davison
  • 333
  • 3
  • 11
  • To answer the original question: Definitely not *want* to get lower level, but when there's no other way, one can/should/must try every option. This could be a way as well, so thanks, though I'm more or less unfamiliar with what each piece does, but will take a look. Hopefully, I'm rather eagerly waiting for @Val's solution though... – That Marc Sep 22 '15 at 01:15