Function for Harbour to Signing files(CMS) with a Certificate and Key

[Diego Fazio]

Hi, all. I create a new function for HB with which you can sign a file with its corresponding certificate and key. It replace the command line...

C:\OpenSSL-Win32\BIN\openssl smime -sign -in inFile -out outFile -signer cert.crt -inkey privatekey.key -outform DER -nodetach

I added this function to HBSSL lib. If someone is interested I can post it.

Diego.

[Reinaldo]

Please do post.  I'd love to see it. 

Thank you.

Reinaldo.

[Angel Pais]

Sure! I'm interested !

--
--
You received this message because you are subscribed to the Google
Groups "Harbour Users" group.
Unsubscribe: harbour-user...@googlegroups.com
Web: http://groups.google.com/group/harbour-users

---
You received this message because you are subscribed to the Google Groups "Harbour Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to harbour-user...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Diego Fazio]

Modify HBSSL.HBP adding the new CMS.C file at the end.

recompile HBSSL

I attached an example.

hbmk2 tip4.prg hbssl.hbc

Diego.

[Diego Fazio]

I have another function wich make the same but from a PFX file. Specifying the password.

I'm testing it yet....

Diego.

El lunes, 26 de noviembre de 2018, 14:13:42 (UTC-3), Diego Fazio escribió:

[Angel Pais]

Thank you !

[Enrique Cabrerizo]

Thanks 

[Serge Girard]

Thanks Diego! I'm intersted!

Serge

Op maandag 26 november 2018 18:13:42 UTC+1 schreef Diego Fazio:

[Juank]

Thanks Diego.

I'm intersted too !

Could you move on with the PFX file ?

Juan

[Diego F]

HB_FUNC( HB_CMS_SIGNFILE_PFX )

{

// HB_SignFile( Archivo a firmar, Archivo .pfx, clave, Archivo Firmado)

    BIO *in = NULL, *out = NULL;

    CMS_ContentInfo *cms = NULL;

X509 *x509;

EVP_PKEY *priKey;

FILE *fp;

PKCS12 *p12;

STACK_OF(X509) *ca = NULL;

OpenSSL_add_all_algorithms();

OpenSSL_add_all_ciphers();

int flags = CMS_PARTIAL;

    if ((fp = fopen(hb_parc(2), "rb")) == NULL) {

        hb_retni( 2 );

        return;

    }

    p12 = d2i_PKCS12_fp(fp, NULL);

    fclose(fp);

    if (!p12) {

        hb_retni( 3 );

        return;

    }

    if (!PKCS12_parse(p12, hb_parc(3), &priKey, &x509, &ca)) {

        hb_retni( 4 );

        return;

}

    PKCS12_free(p12);

//abre el archivo a firmar

    in = BIO_new_file(hb_parc(1), "r");

    if (!in) {

hb_retni(5); //error al crear objeto in

return;

}

//crea el cms

    cms = CMS_sign(NULL, NULL, NULL, in, flags);

    if (!cms) {

hb_retni(6); //error al crear objeto cms

return;

}

CMS_SignerInfo *si;

    si = CMS_add1_signer(cms, x509, priKey, EVP_sha1(), flags);

if (!si) {

hb_retni(8); //error al crear objeto cms

return;

}

if (!CMS_final(cms, in, NULL, flags)) {

hb_retni(9); //error al crear objeto cms

return;

}

 

out = BIO_new_file(hb_parc(4), "wb");

    if (!out) {

hb_retni(10); //error al abrir el archivo toSignFile

return;

}

    BIO_reset(in);

//if(!PEM_write_bio_CMS_stream(out,cms, in, flags)) {//lo graba en formato PEM

//if (!SMIME_write_CMS(out, cms, in, flags)) { //lo graba en formato SMIME

if (!i2d_CMS_bio_stream(out,cms, in, flags)) {//lo graba en formato DER

hb_retni(11); //error al grabar el archivo toSignFile

return;

}

    CMS_ContentInfo_free(cms);

X509_free(x509);

    BIO_free(in);

    BIO_free(out);

hb_retni( 1 );

return;

[Juank]

Thanks you Diego.

I will try to implement it.

Juan