Lockbox数字签名组件问题 [英] Lockbox digital signature component problem

问题描述

我正在评估 TurboPower LockBox 图书库以进行数字签名。我创建了一个1024位的RSA密钥，并试图签名一个260字节的文本。在文本中更改一个或两个字符后，签名仍然有效。这可以吗？或者也许这是一个问题与这个库。
更改一个字符有一个关键的影响。我需要创建一个较大的键吗？

UPDATE

库我使用它自带的演示应用程序。我生成了一个1024 RSA密钥对，然后尝试数字签名功能。首先，我试过一个真正的260位文本文件，发现我可以更改其中的一些字符，签名仍然有效。然后我将它缩小到了followinf字符串：

  AAAAAAAAAAAAAAAAAAAAAAAAA 
 AAAAAAAAAAAAAAAAAAAAAAAAA 
 AAAAAAAAAAAAA 8 
  

当我更改'8'字符时，它仍然有效。

 
 code> Signatory1：TSignatory; 
 .... 
 
 var 
 DocumentStream，SignatureStream：TStream; 
 .... 
 
 DocumentStream：= TFileStream.Create（edtRSADocumentFile.Text，fmOpenread）; 
 try 
 SignatureStream：= TFileStream.Create（edtRSASignatureFile.Text，fmOpenread）; 
 try 
 Res：= Signatory1.Verify（DocumentStream，SignatureStream）
 finally 
 SignatureStream.Free 
 end; 
 finally 
 DocumentStream.Free; 
 end; 
  

解决方案

LockBox 3在执行数字签名零件。 LockBox 2.07可以正确地签名和验证签名，但在Delphi 2010中加载/保存密钥不起作用。

I'm evaluating TurboPower LockBox library for digital signing. I've created a 1024 bit RSA key and tried to sign a 260 bytes of text with it. After changing one or two characters in the text the signature is still valid for it. Is that ok? Or maybe it's a problem with this library. Changing even one character has a crucial effect. Do I need to create a larger key?

UPDATE

To test the library I used the demo application that comes with it. I have generated a 1024 RSA key pair and then tried the digital signing functions. First I've tried with a real 260 bit text file and found out that I can change some characters in it and the signature was still valid. Then I narrowed it a bit to the followinf string:

AAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAA 8

And it still works when I'm changing the '8' character. I could probably narrow it even more.

The code that performs the validation is:

Signatory1: TSignatory;
....

var
  DocumentStream, SignatureStream: TStream;
....

DocumentStream  := TFileStream.Create( edtRSADocumentFile.Text, fmOpenread);
try
SignatureStream := TFileStream.Create( edtRSASignatureFile.Text, fmOpenread);
try
 Res := Signatory1.Verify( DocumentStream, SignatureStream)
finally
  SignatureStream.Free
end;
finally
  DocumentStream.Free;
end;

解决方案

LockBox 3 has a bug in the implementation of digital signature component. LockBox 2.07 can correctly sign and verify signatures, but loading/saving keys doesn't work in Delphi 2010.

这篇关于Lockbox数字签名组件问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！