数字式与Lockbox的标志钥匙 [英] Digitially Sign Key with Lockbox

问题描述

我必须使用带有RSA的SHA-1算法使用PKCS＃1填充对数字签名字符串。我已经下载了Turbo Power Lockbox与Delphi编程语言一起使用。

I have to digitally sign a string using the SHA-1 algorithm with RSA using PKCS#1 padding. I have downloaded Turbo Power Lockbox to use with the Delphi programming language.

在

In a previous question I have learned how to convert private key from PEM format to DER format (which if I understand correctly is ASN.1 format and is used with Lockbox).

我在SignString上的以下代码中得到一个除零错误：

I am getting a "division by zero" error in the following code on the SignString:

uses LbRSA,lbAsym,LbDSA;

procedure TForm1.Button1Click(sender: TObject);
var
  mPrivateKey: TLbRSAKey;
  mLbRSASSA : TLbRSASSA;
begin
  mPrivateKey := TLbRSAKey.Create(aks1024);
  mPrivateKey.LoadFromFile('C:\temp\myrsakey.der');
  mLbRSASSA := TLbRSASSA.create(nil);
  mLbRSASSA.HashMethod := hmSHA1;
  mLbRSASSA.PrivateKey.Assign(mprivateKey);
  mLbRSASSA.SignString('sign this message');

这是我如何生成c：\temp\myrsakey.der：

Here is how I generated c:\temp\myrsakey.der:

c：\openssl\bin\openssl req -x509 -nodes -days 365 -newkey rsa：1024 -sha1 -subj/ C = US / ST = CA / L = Mountain View / CN = www.mycompany.com-keyout myrsakey.pem -out c：\temp\myrsacert.pem

c:\openssl\bin\openssl req -x509 -nodes -days 365 -newkey rsa:1024 -sha1 -subj "/C=US/ST=CA/L=Mountain View/CN=www.mycompany.com" -keyout myrsakey.pem -out c:\temp\myrsacert.pem

使用以下命令从PEM转换为DER：

Use following to convert from PEM to DER:

c：\openssl\bin\openssl rsa -inform PEM -outform DER -in c：\temp\myrsakey.pem -out c：\temp\myrsakey.der

c:\openssl\bin\openssl rsa -inform PEM -outform DER -in c:\temp\myrsakey.pem -out c:\temp\myrsakey.der

任何想法为什么我得到除以零错误？

Any ideas why I am getting the division by zero error?

推荐答案

使用OpenSSL生成的私钥是以不同于Lockbox要求的格式。

我还没有找出所需的咒语，你需要OpenSSL生成一个Lockbox兼容密钥（即使OpenSSL能够），但判断你以前的问题你已经有一个密钥/证书，所以我第一个想法使用Lockbox生成密钥可能没有用：

The private key you are generating with OpenSSL is in a different format to what Lockbox requires.
I haven't worked out what the required incantation is that you need for OpenSSL to generate a Lockbox compatible key (even if OpenSSL is able to) but judging by your previous question you already have a key/certificate so my first idea of using Lockbox to generate the key is probably no use:

  mLbRSASSA := TLbRSASSA.create(nil);
  mLbRSASSA.KeySize := aks1024;
  mLbRSASSA.GenerateKeyPair;
  mLbRSASSA.PrivateKey.StoreToFile(mykeyname);

然而，也许一个更好的建议是，你可以避免Lockbox。我已经停止使用Lockbox，现在直接使用OpenSSL库/ dll进行签名等使用Marco Ferrante的工作：
http://www.disi.unige.it/person/FerranteM/delphiopenssl/

有很好的例子，一旦你结合它与OpenSSL文档的阅读有意义。

However, perhaps a better suggestion is that you could avoid Lockbox altogether. I've stopped using Lockbox and now use the OpenSSL library/dll directly for signing etc using the work by Marco Ferrante: http://www.disi.unige.it/person/FerranteM/delphiopenssl/
There are good examples on there and it all starts to make sense once you combine it with a reading of the OpenSSL docs.

这篇关于数字式与Lockbox的标志钥匙的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！