Watch, Follow, &
Connect with Us

For forums, blogs and more please visit our
Developer Tools Community.


Welcome, Guest
Guest Settings
Help

Thread: Android x509 sign certificate


This question is not answered. Helpful answers available: 2. Correct answers available: 1.


Permlink Replies: 1 - Last Post: Jan 11, 2017 12:49 AM Last Post By: bernard roussely
Marjan Osvaldič

Posts: 4
Registered: 1/24/05
Android x509 sign certificate  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Nov 30, 2016 3:08 AM
Hi,

I have a question about Delphi solution for a very (simple) problem. I need to port some source code from c# to Delphi and I'm stuck. Because I can't find Delphi example for Android and sign data/envelope. Company Eldos have library solutions for that, but I'll prefer to have my own source code for such a simple task.

Another problem is that Indy components won't work on Android > 6 .. so i Have to solve it without that route.


private void Button_Click(object sender, EventArgs e) {
byte[] MyData = Encoding.ASCII.GetBytes(
"10025421"
+ "10.11.2016 14:59:52"
+ "2404"
+ "5000"
+ "500"
+ MyConvertUtil.ToStringWithFormat(MyConvertUtil.ToDecimal(194.7m), "0.00")
);

// Load certificate with password
RSACryptoServiceProvider key = new RSACryptoServiceProvider();
X509Certificate2 _cert = new X509Certificate2(Resource1.MyTestcertificate, "Geslo123#", X509KeyStorageFlags.Exportable | X509KeyStorageFlags.MachineKeySet);
key.FromXmlString(_cert.PrivateKey.ToXmlString(true));
// sign data with SHA256
byte[] signature = key.SignData(MyData, "SHA256");
// md5 hash
var zoi = GetMd5Hash(signature);
button.Text = zoi;
}
// local function for md5

private string GetMd5Hash(byte[] input) {
byte[] data = MD5.Create().ComputeHash(input);
StringBuilder sBuilder = new StringBuilder();
for (int i = 0; i < data.Length; i++) sBuilder.Append(data[i].ToString("x2"));
return sBuilder.ToString();
}

End result ZOI: de878502d824e13b2252cde718fc8fd4

best regards,
Marjan Osvaldic

bernard roussely

Posts: 106
Registered: 2/8/05
Re: Android x509 sign certificate  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Jan 10, 2017 11:12 AM   in response to: Marjan Osvaldič in response to: Marjan Osvaldič
Hi,

You may want to have a look at https://msdn.microsoft.com/en-us/library/system.security.cryptography.rsacryptoserviceprovider(v=vs.110).aspx?cs-save-lang=1&cs-lang=cpp#code-snippet-1 for the MSFT functions.

You will most likely need to use the MSFT API in Delphi: https://msdn.microsoft.com/en-us/library/aa388162(v=vs.85).aspx.
Other examples are listed here:
http://stackoverflow.com/questions/4796590/window-c-c-crypto-api-examples-and-tips

Note that using the MSFT crypto API is fairly complex and you need quite a few lines of code before you can sign (generate the cert and store it, get it from the local store, get the private key, sign).

Then, you may also want to sign with "PSS" format because it is more secure.

Then, you may want to have a look at X:\Program Files (x86)\Embarcadero\Studio\18.0\include\androidandroid.jni.java.security.hpp for the Android functions that are similar but at a higher level than the MSFT API's.

Finally, why use MD5 at all? It is broken and doesn't add any value.

Cheers,

bernard

Legend
Helpful Answer (5 pts)
Correct Answer (10 pts)

Server Response from: ETNAJIVE02