Lockbox数字签名组件问题 [英] Lockbox digital signature component problem
问题描述
我正在评估 TurboPower LockBox 图书库以进行数字签名。我创建了一个1024位的RSA密钥,并试图签名一个260字节的文本。在文本中更改一个或两个字符后,签名仍然有效。这可以吗?或者也许这是一个问题与这个库。
更改一个字符有一个关键的影响。我需要创建一个较大的键吗?
UPDATE
库我使用它自带的演示应用程序。我生成了一个1024 RSA密钥对,然后尝试数字签名功能。首先,我试过一个真正的260位文本文件,发现我可以更改其中的一些字符,签名仍然有效。然后我将它缩小到了followinf字符串:
AAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAA 8
当我更改'8'字符时,它仍然有效。
code> Signatory1:TSignatory;
....
var
DocumentStream,SignatureStream:TStream;
....
DocumentStream:= TFileStream.Create(edtRSADocumentFile.Text,fmOpenread);
try
SignatureStream:= TFileStream.Create(edtRSASignatureFile.Text,fmOpenread);
try
Res:= Signatory1.Verify(DocumentStream,SignatureStream)
finally
SignatureStream.Free
end;
finally
DocumentStream.Free;
end;
LockBox 3在执行数字签名零件。 LockBox 2.07可以正确地签名和验证签名,但在Delphi 2010中加载/保存密钥不起作用。
I'm evaluating TurboPower LockBox library for digital signing. I've created a 1024 bit RSA key and tried to sign a 260 bytes of text with it. After changing one or two characters in the text the signature is still valid for it. Is that ok? Or maybe it's a problem with this library. Changing even one character has a crucial effect. Do I need to create a larger key?
UPDATE
To test the library I used the demo application that comes with it. I have generated a 1024 RSA key pair and then tried the digital signing functions. First I've tried with a real 260 bit text file and found out that I can change some characters in it and the signature was still valid. Then I narrowed it a bit to the followinf string:
AAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAA 8
And it still works when I'm changing the '8' character. I could probably narrow it even more.
The code that performs the validation is:
Signatory1: TSignatory;
....
var
DocumentStream, SignatureStream: TStream;
....
DocumentStream := TFileStream.Create( edtRSADocumentFile.Text, fmOpenread);
try
SignatureStream := TFileStream.Create( edtRSASignatureFile.Text, fmOpenread);
try
Res := Signatory1.Verify( DocumentStream, SignatureStream)
finally
SignatureStream.Free
end;
finally
DocumentStream.Free;
end;
LockBox 3 has a bug in the implementation of digital signature component. LockBox 2.07 can correctly sign and verify signatures, but loading/saving keys doesn't work in Delphi 2010.
这篇关于Lockbox数字签名组件问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!