ECC P-256 problem (KSeF)

Wierzbicki_Arkadiusz · January 21, 2026, 4:34pm

Hi Bermard.

our activities have crossed on the fly .

I just added this routine:

procedure TECCEncSign.FromPrivateKeyStringList(ts: TStringList);
const RSA_FILE = 0;ECC_FILE = 1;
varKeyStr: string;
I: Integer;
Conv: TConvert;
ASN: TASN1;
fileType: integer;
pubK, privK: TBytes;
LocalType: TConvertType;
begin
ASN := TASN1.Create;
ASN.Password := Self.Password;
LocalType := Self.OutputFormat;
Self.OutputFormat := raw;
try

  fileType := ECC_FILE;
  if ts.count <> 0 then begin
    if (ts.Strings[0] = '-----BEGIN PRIVATE KEY-----') then begin
      if (ts.Strings[ts.count - 1] <> '-----END PRIVATE KEY-----') then
        raise ECryptoPack.Create('This is not a valid private key file [01]')
    end
    else if (ts.Strings[0] = '-----BEGIN RSA PRIVATE KEY-----') then begin
      if (ts.Strings[ts.count - 1] <> '-----END RSA PRIVATE KEY-----') then
        raise ECryptoPack.Create('This is not a valid RSA private key file [02]')
    end
    else if (ts.Strings[0] = '-----BEGIN ENCRYPTED PRIVATE KEY-----') then begin
      if (ts.Strings[ts.count - 1] <> '-----END ENCRYPTED PRIVATE KEY-----') then
        raise ECryptoPack.Create('This is not a valid encrypted private key file [03]')
    end
    else if (ts.Strings[0] = '-----BEGIN EC PRIVATE KEY-----') then begin
      if (ts.Strings[ts.count - 1] <> '-----END EC PRIVATE KEY-----') then
        raise ECryptoPack.Create('This is not a valid EC private key file [04]');
      fileType := ECC_FILE;
    end
    else
      raise ECryptoPack.Create('This is not a private key file');

    KeyStr := '';
    for I := 1 to ts.count - 2 do
      KeyStr := KeyStr + ts.Strings[I];
    // Convert from base64 to raw ASN.1
    Conv := TConvert.Create;
    Conv.Base64ToChar(KeyStr, KeyStr);
    Conv.Free;
    if fileType = ECC_FILE then
      Asn.ExtractECCPrivateKey(KeyStr)
    else
      raise ECryptoPack.Create('This is not an EC private key file');
  end;

  FPublicKey  := ASN.ECKeySet.PublicKey;
  FPrivateKey := ASN.ECKeySet.PrivateKey;
  self.ECCType := ASN.ECKeySet.ECCType;

  if (self.ECCType <> ex25519) and (self.ECCType <> ex448) and
    (self.ECCType <> cc25519) and (self.ECCType <> cc448)  then
    self.FCurve.SetOpenSSL(true)
  else begin
    privK := conv.StringToTBytes(FPrivateKey);
    SetLength(pubK, Length(FPrivateKey));
    self.FCurve.GeneratePublicKey(pubK, privK);
    FPublicKey := conv.TBytesToString(pubK);
  end;

finally
  ASN.Free;
end;
Self.OutputFormat := LocalType;
end;

And this is basically the copy of procedure TECCEncSign.FromPrivateKeyFile
but without loading the file.

And then procedure TECCEncSign.FromPrivateKeyFile can be simplified to just load the ts variable and call procedure FromPrivateKeyStringList(ts);

Anyway, I will follow your official implementation when it’s available.

Thank you so much for your help.

Kind regards

Arek

Bernard · January 21, 2026, 4:42pm

Funny!

I have cleaned up the initial FromPrivateKeyFile, as many lines are irrelevant for EC keys and my function is a lot simpler, but similar.

Wierzbicki_Arkadiusz · January 21, 2026, 4:45pm

Great! I will get the update as soon as it is available.

Thanks again!

Topic		Replies	Views
AES decryption fails with invalid key length TMS Cryptography Pack	12	186	January 20, 2026
TRSAEncSign.Verify still buggy in last version? TMS Cryptography Pack	14	119	December 4, 2025
Cant encrypt key TMS Cryptography Pack	23	422	December 11, 2024
Creating message with SHA256 RSA 2048 bits TMS VCL UI Pack	18	1967	April 13, 2022
ECC cc511187 not working on 64Bit TMS Cryptography Pack	5	413	October 7, 2022

ECC P-256 problem (KSeF)

Related topics