开发者

Digitially Sign Key with Lockbox

问答 作者:

I have to digitally sign a string using the SHA-1 algorithm with RSA using PKCS#1 padding. I have downloaded Turbo Power Lockbox to use with the Delphi programming language.

In a previous question I have learned how to convert private key from PEM format to DER format (which if I understand correc开发者_开发技巧tly is ASN.1 format and is used with Lockbox).

I am getting a "division by zero" error in the following code on the SignString:

uses LbRSA,lbAsym,LbDSA;

procedure TForm1.Button1Click(sender: TObject);
var
  mPrivateKey: TLbRSAKey;
  mLbRSASSA : TLbRSASSA;
begin
  mPrivateKey := TLbRSAKey.Create(aks1024);
  mPrivateKey.LoadFromFile('C:\temp\myrsakey.der');
  mLbRSASSA := TLbRSASSA.create(nil);
  mLbRSASSA.HashMethod := hmSHA1;
  mLbRSASSA.PrivateKey.Assign(mprivateKey);
  mLbRSASSA.SignString('sign this message');

Here is how I generated c:\temp\myrsakey.der:

c:\openssl\bin\openssl req -x509 -nodes -days 365 -newkey rsa:1024 -sha1 -subj "/C=US/ST=CA/L=Mountain View/CN=www.mycompany.com" -keyout myrsakey.pem -out c:\temp\myrsacert.pem

Use following to convert from PEM to DER:

c:\openssl\bin\openssl rsa -inform PEM -outform DER -in c:\temp\myrsakey.pem -out c:\temp\myrsakey.der

Any ideas why I am getting the division by zero error?

The private key you are generating with OpenSSL is in a different format to what Lockbox requires.
I haven't worked out what the required incantation is that you need for OpenSSL to generate a Lockbox compatible key (even if OpenSSL is able to) but judging by your previous question you already have a key/certificate so my first idea of using Lockbox to generate the key is probably no use:

  mLbRSASSA := TLbRSASSA.create(nil);
  mLbRSASSA.KeySize := aks1024;
  mLbRSASSA.GenerateKeyPair;
  mLbRSASSA.PrivateKey.StoreToFile(mykeyname);

However, perhaps a better suggestion is that you could avoid Lockbox altogether. I've stopped using Lockbox and now use the OpenSSL library/dll directly for signing etc using the work by Marco Ferrante: http://www.disi.unige.it/person/FerranteM/delphiopenssl/
There are good examples on there and it all starts to make sense once you combine it with a reading of the OpenSSL docs.

继续阅读:cryptographydelphi

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9