Lockbox数字签名组件问题 [英] Lockbox digital signature component problem

查看:205
本文介绍了Lockbox数字签名组件问题的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在评估 TurboPower LockBox 图书库以进行数字签名。我创建了一个1024位的RSA密钥,并试图签名一个260字节的文本。在文本中更改一个或两个字符后,签名仍然有效。这可以吗?或者也许这是一个问题与这个库。
更改一个字符有一个关键的影响。我需要创建一个较大的键吗?



UPDATE



库我使用它自带的演示应用程序。我生成了一个1024 RSA密钥对,然后尝试数字签名功能。首先,我试过一个真正的260位文本文件,发现我可以更改其中的一些字符,签名仍然有效。然后我将它缩小到了followinf字符串:

  AAAAAAAAAAAAAAAAAAAAAAAAA 
AAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAA 8

当我更改'8'字符时,它仍然有效。

 

code> Signatory1:TSignatory;
....

var
DocumentStream,SignatureStream:TStream;
....

DocumentStream:= TFileStream.Create(edtRSADocumentFile.Text,fmOpenread);
try
SignatureStream:= TFileStream.Create(edtRSASignatureFile.Text,fmOpenread);
try
Res:= Signatory1.Verify(DocumentStream,SignatureStream)
finally
SignatureStream.Free
end;
finally
DocumentStream.Free;
end;


解决方案

LockBox 3在执行数字签名零件。 LockBox 2.07可以正确地签名和验证签名,但在Delphi 2010中加载/保存密钥不起作用。


I'm evaluating TurboPower LockBox library for digital signing. I've created a 1024 bit RSA key and tried to sign a 260 bytes of text with it. After changing one or two characters in the text the signature is still valid for it. Is that ok? Or maybe it's a problem with this library. Changing even one character has a crucial effect. Do I need to create a larger key?

UPDATE

To test the library I used the demo application that comes with it. I have generated a 1024 RSA key pair and then tried the digital signing functions. First I've tried with a real 260 bit text file and found out that I can change some characters in it and the signature was still valid. Then I narrowed it a bit to the followinf string:

AAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAA 8

And it still works when I'm changing the '8' character. I could probably narrow it even more.

The code that performs the validation is:

Signatory1: TSignatory;
....

var
  DocumentStream, SignatureStream: TStream;
....

DocumentStream  := TFileStream.Create( edtRSADocumentFile.Text, fmOpenread);
try
SignatureStream := TFileStream.Create( edtRSASignatureFile.Text, fmOpenread);
try
 Res := Signatory1.Verify( DocumentStream, SignatureStream)
finally
  SignatureStream.Free
end;
finally
  DocumentStream.Free;
end;

解决方案

LockBox 3 has a bug in the implementation of digital signature component. LockBox 2.07 can correctly sign and verify signatures, but loading/saving keys doesn't work in Delphi 2010.

这篇关于Lockbox数字签名组件问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆