(Delphi DLL) RSA SHA256 Signature using Private Key from Java Keystore

Signs plaintext using RSA SHA256 using a key from a Java keystore.

Duplicatest this code:

KeyStore keystore; // key repository for keys containing signature certificate
String alias; // alias for the certificate in the key repository
String password; // password for the certificate's private key
String plaintext; // text being signed


Signature signature = Signature.getInstance("SHA256withRSA");
signature.initSign((PrivateKey) keystore.getKey(alias, password.toCharArray()));
signature.update(plaintext.getBytes("UTF-8"));
byte[] rsa_text= signature.sign();

Chilkat for Delphi Downloads Chilkat non-ActiveX DLL for Delphi Chilkat ActiveX DLL for Delphi * The examples here use the non-ActiveX DLL.

uses
    Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
    Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, JavaKeyStore, PrivateKey, Rsa, CkByteData;

...

procedure TForm1.Button1Click(Sender: TObject);
var
jks: HCkJavaKeyStore;
jksPassword: PWideChar;
success: Boolean;
privKeyPassword: PWideChar;
caseSensitive: Boolean;
privKey: HCkPrivateKey;
rsa: HCkRsa;
binarySignature: HCkByteData;
plaintext: PWideChar;
signatureStr: PWideChar;

begin
// This requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

jks := CkJavaKeyStore_Create();

jksPassword := 'secret';

// Load the Java keystore from a file.  The JKS file password is used
// to verify the keyed digest that is found at the very end of the keystore.
// It verifies that the keystore has not been modified.
success := CkJavaKeyStore_LoadFile(jks,jksPassword,'qa_data/jks/sample_secret.jks');
if (success <> True) then
  begin
    Memo1.Lines.Add(CkJavaKeyStore__lastErrorText(jks));
    Exit;
  end;

// Get the private key from the JKS.
// The private key password may be different than the file password.
privKeyPassword := 'secret';
caseSensitive := False;
privKey := CkJavaKeyStore_FindPrivateKey(jks,privKeyPassword,'some.alias',caseSensitive);
if (CkJavaKeyStore_getLastMethodSuccess(jks) <> True) then
  begin
    Memo1.Lines.Add(CkJavaKeyStore__lastErrorText(jks));
    Exit;
  end;

// Establish the RSA object and tell it to use the private key..
rsa := CkRsa_Create();

success := CkRsa_ImportPrivateKeyObj(rsa,privKey);
CkPrivateKey_Dispose(privKey);
if (success <> True) then
  begin
    Memo1.Lines.Add(CkRsa__lastErrorText(rsa));
    Exit;
  end;

// Indicate we'll be signing the utf-8 byte representation of the string..
CkRsa_putCharset(rsa,'utf-8');

// Sign some plaintext using RSA-SHA256
binarySignature := CkByteData_Create();
plaintext := 'this is the text to be signed';
success := CkRsa_SignString(rsa,plaintext,'SHA256',binarySignature);
if (CkRsa_getLastMethodSuccess(rsa) <> True) then
  begin
    Memo1.Lines.Add(CkRsa__lastErrorText(rsa));
    Exit;
  end;

// Alternatively, if the signature is desired in some encoded string form,
// such as base64, base64-url, hex, etc.
CkRsa_putEncodingMode(rsa,'base64-url');
signatureStr := CkRsa__signStringENC(rsa,plaintext,'SHA256');
Memo1.Lines.Add('base64-url RSA signature: ' + signatureStr);

CkJavaKeyStore_Dispose(jks);
CkRsa_Dispose(rsa);
CkByteData_Dispose(binarySignature);

end;