Hi Simon,
the whole task is pretty automated in CAPICOM, and there si no need to
pass key pair to CAPICOM for signing directly. I expect you have your
key pair already generated and installed on your machine - usually
this means you have a certificate in your 'My' system store for which
you have also private key stored at the same place.
Then you can call CAPICOM function for signing:
1) create object of class SignedData (SD := CoSignedData.Create;)
2) fill it's Content property with your data (SD.Content := YourDataToBeSigned;)
3) call OutputData := SD.Sign(nil,false,CAPICOM_ENCODE_BASE64);
4) you have your data signed in OutputData widestring varible.
as you can see SD.Sign is called with first parameter set to nil,
which means CAPICOM looks into your 'My' store for all certificates
you have installed including private key, and in case it finds none it
calls exception, in case you have just one it silently uses that key
to sign your data, and in case you have more certificates with private
keys installed a common windows dialog for choosing which certificate
to use is displayed.
Read through these articles:
http://msdn.microsoft.com/en-us/library/aa380254%28VS.85%29.aspx
http://msdn.microsoft.com/en-us/library/aa387722%28VS.85%29.aspx
http://msdn.microsoft.com/en-us/library/aa387726%28VS.85%29.aspx
and have a look at the source codes available from CAPICOM SDK. They
are written in VB, C++ etc. but you can use them to take the algorithm
and fill your Delphi variables of the same types as in examples with
the same outputs of CAPICOM functions as in those examples.
You do not need to send your public key to the recipient, but in that
case of course the recipient must already have your public key
installed.
It'll take some time, but i recommend you reading through RFCs
RFC2311, RFC2312, RFC2632, RFC2633, RFC2634, RFC3850, RFC3851
available at www.iana.org. They are very useful and contain
specification for S/MIME e-mails.
2010/3/13 Simon B. <sim...@gmail.com>:
> Dear Peter,
>
> Thanks for your reply.
>
> When signing the MIME data, how do you pass the public & private key
> files to CAPICOM?
>
> Also, do you need to send your public key file to the email recipient
> for them to verify the S/MIME message?
>
> Thank you.
>
> Simon
>
>
>
>
>
>
> On Sat, Mar 13, 2010 at 5:18 AM, czernitko <czerni...@gmail.com> wrote:
>> Hi Simon,
>>
>> I don't have any suitable standalone application, but it's nothing
>> hard to implement attached signatures and working with encrypted
>> e-mails using Capicom and Synapse.
>>
>>>What parts of the message (plain text, HTML, attachments, etc) need to be
>>>encrypted?
>> First of all, signed (or encrypted) must be whole parts you want to
>> sign/encrypt. This makes signing/encrypting easy, because (for
>> verifying signature, for example) you just let Synapse parse your
>> email in MIME format, look at the Content-type headers so as to
>> recognize which type of signature/encryption was used, take those
>> whole parts and pass them to CAPICOM.
>> Simple algorithm for signing, using attached signature (output is one
>> base64 encoded part, unreadable for clients not supporting S/MIME)
>> would be like this:
>> - body := TMimeMess.Create;
>> - fill in the headers of body.MessagePart
>> - SD := CoSignedData.Create; //var SD:SignedData, defined in unit
>> CAPICOM_TLB
>> - SD.Sign(body.MessagePart.lines.text,false,CAPICOM_ENCODE_BASE64)
>> - set body.MessagePart.ContentType to application/x-pkcs7-mime;
>> smime-type="signed-data"; name="smime.p7m"...
>> - body.MessagePart.PartBody.Text := SD.Content;
>> - body.EncodeMessage;
>> That's all, you can send your MIME message (or use
>> body.lines.savetofile('./smime.eml') to save and open for example in
>> outlook to make sure signature was ok).
>> For verifying, just take the base64 encoded content (don't decode it
>> from base64) and pass it to
>> SD.Verify(mimePart.PartBody.Text,false,CAPICOM_VERIFY_SIGNATURE_AND_CERTIFICATE);
>> it raises exception or fills SD.Content with signed content and
>> SD.Certificates with used certificates... Procedure is very similar
>> for encrypting/decrypting data, you just use ED:EncryptedData instead
>> of SD:SignedData... Code snippet for working with detached signature
>> is already present in this thread.
>> By the way you will need some personal certificate, if you don't have
>> any you can use OpenSSL to generate self-signed one.
>> If you send some concrete question I can try to be more specific, but
>> making some demo app will take sooo much time...
>>
>> Greetings, Peter.
>>
>>
>> 2010/3/11 Simon B. <sim...@gmail.com>
>>>
>>> Hello,
>>>
>>> Could anyone give a working demo project showing how to implement
>>> S/MIME (using CAPICOM or other APIs)?
>>>
>>> What parts of the message (plain text, HTML, attachments, etc) need to
>>> be encrypted?
>>>
>>> Thank you.
>>>
>>> Simon
>>>
>>> On Tue, Mar 9, 2010 at 7:44 AM, czernitko <czerni...@gmail.com> wrote:
>>> > :-O instantly implemented and verified - worked like a charm! I still
>>> > can't
>>> > believe it was THAT simple. Thanks a lot, Lukas!
>>> >
>>> > In case anyone might be looking for CAPICOM solution, I attach a few lines
>>> > of code for creating S/MIME with detached signature. Maybe it saves some
>>> > time to others:
>>> >
>>> > procedure MakeDetachedSMIME(string messContent);
>>> > var
>>> > SD : SignedData;
>>> > MainPart, ContentPart, SignaturePart : TMimePart;
>>> > MessBody: TMimeMess;
>>> > begin
>>> > //create MessBody, fill the headers
>>> > ...
>>> > //create SD
>>> > SD := CoSignedData.Create;
>>> >
>>> > //Create multipart as the root message part with proper headers
>>> > MainPart := MessBody.AddPartMultipart('signed;
>>> > protocol="application/x-pkcs7-signature";'+#13#10+' micalg=SHA1',nil);
>>> > MainPart.PrePart.Text := 'This is a multi-part message in MIME
>>> > format.'+#13#10+#13#10;
>>> >
>>> > //Create part with readable data to be signed
>>> > ContentPart := MessBody.AddPart(MainPart);
>>> > ContentPart.Headers.Add('Content-type: text/plain');
>>> > ContentPart.Headers.Add('Content-Transfer-Encoding: 7bit');
>>> > ContentPart.PartBody.Text := messContent;
>>> > ContentPart.ComposeParts;
>>> >
>>> > //Assign content to be signed
>>> > SD.Content := StringToWideString(ContentPart.lines.Text);
>>> > //Obtain base64 encoded signature from CAPICOM
>>> > StrBase64 :=
>>> > BinaryStringToString(SD.Sign(nil,true,CAPICOM_ENCODE_BASE64));
>>> >
>>> > //DAMN YOU, OUTLOOK!!
>>> > //Add CrLf to the end of part to be signed so as to make it
>>> > "Outlook-verifiable". Thanks Lukas!
>>> > ContentPart.PartBody.Text := ContentPart.PartBody.Text+#13#10;
>>> >
>>> > //Create signature part as the second subpart of root multipart
>>> > SignaturePart := MessBody.AddPart(MainPart);
>>> > SignaturePart.Headers.Add('Content-Type:
>>> > application/x-pkcs7-signature;'+#13#10#9+'name="smime.p7s"');
>>> > SignaturePart.Headers.Add('Content-Transfer-Encoding: base64');
>>> > SignaturePart.EncodingCode := ME_BASE64;
>>> > SignaturePart.Headers.Add('Content-Disposition:
>>> > attachment;'+#13#10#9+'filename="smime.p7s"');
>>> > SignaturePart.PartBody.Text := StrBase64;
>>> >
>>> > MessBody.EncodeMessage;
>>> > //Save message to a file so as to be easily opened and verified in
>>> > outlook
>>> > locally
>>> > MessBody.Lines.SaveToFile('detached_signature.eml');
>>> > end;
>>> >
>>> > 2010/3/9 Lukas Gebauer <gebyl...@mlp.cz>
>>> >>
>>> >> I am not using CAPICOM, I am using CryptoAPI directly only.
>>> >>
>>> >> However when I try to build my own S/MIME detached signature, then I
>>> >> have a problem. Outlook says invalid has too. However Thunderbird is
>>> >> OK. :-O
>>> >>
>>> >> Solution is simple... add one empty line after signed message part
>>> >> before sending.
>>> >>
>>> >> Maybe similar issue causing your problems with verifying in your
>>> >> code.
>>> >>
>>> >>
>>> >> --
>>> >> Lukas Gebauer.
>>> >>
>>> >> http://synapse.ararat.cz/ - Ararat Synapse - TCP/IP Lib.
>>> >> http://geoget.ararat.cz/ - Geocaching solution
>>> >>
>>> >>
>>> >>
>>> >> ------------------------------------------------------------------------------
>>> >> Download Intel® Parallel Studio Eval
>>> >> Try the new software tools for yourself. Speed compiling, find bugs
>>> >> proactively, and fine-tune applications for parallel performance.
>>> >> See why Intel Parallel Studio got high marks during beta.
>>> >> http://p.sf.net/sfu/intel-sw-dev
>>> >> _______________________________________________
>>> >> synalist-public mailing list
>>> >> synalist-public@lists.sourceforge.net
>>> >> https://lists.sourceforge.net/lists/listinfo/synalist-public
>>> >
>>> >
>>> > ------------------------------------------------------------------------------
>>> > Download Intel® Parallel Studio Eval
>>> > Try the new software tools for yourself. Speed compiling, find bugs
>>> > proactively, and fine-tune applications for parallel performance.
>>> > See why Intel Parallel Studio got high marks during beta.
>>> > http://p.sf.net/sfu/intel-sw-dev
>>> > _______________________________________________
>>> > synalist-public mailing list
>>> > synalist-public@lists.sourceforge.net
>>> > https://lists.sourceforge.net/lists/listinfo/synalist-public
>>> >
>>> >
>>>
>>> ------------------------------------------------------------------------------
>>> Download Intel® Parallel Studio Eval
>>> Try the new software tools for yourself. Speed compiling, find bugs
>>> proactively, and fine-tune applications for parallel performance.
>>> See why Intel Parallel Studio got high marks during beta.
>>> http://p.sf.net/sfu/intel-sw-dev
>>> _______________________________________________
>>> synalist-public mailing list
>>> synalist-public@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/synalist-public
>>
>> ------------------------------------------------------------------------------
>> Download Intel® Parallel Studio Eval
>> Try the new software tools for yourself. Speed compiling, find bugs
>> proactively, and fine-tune applications for parallel performance.
>> See why Intel Parallel Studio got high marks during beta.
>> http://p.sf.net/sfu/intel-sw-dev
>> _______________________________________________
>> synalist-public mailing list
>> synalist-public@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/synalist-public
>>
>
> ------------------------------------------------------------------------------
> Download Intel® Parallel Studio Eval
> Try the new software tools for yourself. Speed compiling, find bugs
> proactively, and fine-tune applications for parallel performance.
> See why Intel Parallel Studio got high marks during beta.
> http://p.sf.net/sfu/intel-sw-dev
> _______________________________________________
> synalist-public mailing list
> synalist-public@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/synalist-public
>
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
synalist-public mailing list
synalist-public@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/synalist-public
