数字式与Lockbox的标志钥匙 [英] Digitially Sign Key with Lockbox
问题描述
我必须使用带有RSA的SHA-1算法使用PKCS#1填充对数字签名字符串。我已经下载了Turbo Power Lockbox与Delphi编程语言一起使用。
I have to digitally sign a string using the SHA-1 algorithm with RSA using PKCS#1 padding. I have downloaded Turbo Power Lockbox to use with the Delphi programming language.
In a previous question I have learned how to convert private key from PEM format to DER format (which if I understand correctly is ASN.1 format and is used with Lockbox).
我在SignString上的以下代码中得到一个除零错误:
I am getting a "division by zero" error in the following code on the SignString:
uses LbRSA,lbAsym,LbDSA;
procedure TForm1.Button1Click(sender: TObject);
var
mPrivateKey: TLbRSAKey;
mLbRSASSA : TLbRSASSA;
begin
mPrivateKey := TLbRSAKey.Create(aks1024);
mPrivateKey.LoadFromFile('C:\temp\myrsakey.der');
mLbRSASSA := TLbRSASSA.create(nil);
mLbRSASSA.HashMethod := hmSHA1;
mLbRSASSA.PrivateKey.Assign(mprivateKey);
mLbRSASSA.SignString('sign this message');
这是我如何生成c:\temp\myrsakey.der:
Here is how I generated c:\temp\myrsakey.der:
c:\openssl\bin\openssl req -x509 -nodes -days 365 -newkey rsa:1024 -sha1 -subj/ C = US / ST = CA / L = Mountain View / CN = www.mycompany.com-keyout myrsakey.pem -out c:\temp\myrsacert.pem
c:\openssl\bin\openssl req -x509 -nodes -days 365 -newkey rsa:1024 -sha1 -subj "/C=US/ST=CA/L=Mountain View/CN=www.mycompany.com" -keyout myrsakey.pem -out c:\temp\myrsacert.pem
使用以下命令从PEM转换为DER:
Use following to convert from PEM to DER:
c:\openssl\bin\openssl rsa -inform PEM -outform DER -in c:\temp\myrsakey.pem -out c:\temp\myrsakey.der
c:\openssl\bin\openssl rsa -inform PEM -outform DER -in c:\temp\myrsakey.pem -out c:\temp\myrsakey.der
任何想法为什么我得到除以零错误?
Any ideas why I am getting the division by zero error?
推荐答案
使用OpenSSL生成的私钥是以不同于Lockbox要求的格式。
我还没有找出所需的咒语,你需要OpenSSL生成一个Lockbox兼容密钥(即使OpenSSL能够),但判断你以前的问题你已经有一个密钥/证书,所以我第一个想法使用Lockbox生成密钥可能没有用:
The private key you are generating with OpenSSL is in a different format to what Lockbox requires.
I haven't worked out what the required incantation is that you need for OpenSSL to generate a Lockbox compatible key (even if OpenSSL is able to) but judging by your previous question you already have a key/certificate so my first idea of using Lockbox to generate the key is probably no use:
mLbRSASSA := TLbRSASSA.create(nil);
mLbRSASSA.KeySize := aks1024;
mLbRSASSA.GenerateKeyPair;
mLbRSASSA.PrivateKey.StoreToFile(mykeyname);
然而,也许一个更好的建议是,你可以避免Lockbox。我已经停止使用Lockbox,现在直接使用OpenSSL库/ dll进行签名等使用Marco Ferrante的工作:
http://www.disi.unige.it/person/FerranteM/delphiopenssl/
有很好的例子,一旦你结合它与OpenSSL文档的阅读有意义。
However, perhaps a better suggestion is that you could avoid Lockbox altogether. I've stopped using Lockbox and now use the OpenSSL library/dll directly for signing etc using the work by Marco Ferrante:
http://www.disi.unige.it/person/FerranteM/delphiopenssl/
There are good examples on there and it all starts to make sense once you combine it with a reading of the OpenSSL docs.
这篇关于数字式与Lockbox的标志钥匙的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!