Lockbox digital signature component problem

徘徊边缘 提交于 2020-01-13 03:20:10

问题


I'm evaluating TurboPower LockBox library for digital signing. I've created a 1024 bit RSA key and tried to sign a 260 bytes of text with it. After changing one or two characters in the text the signature is still valid for it. Is that ok? Or maybe it's a problem with this library. Changing even one character has a crucial effect. Do I need to create a larger key?

UPDATE

To test the library I used the demo application that comes with it. I have generated a 1024 RSA key pair and then tried the digital signing functions. First I've tried with a real 260 bit text file and found out that I can change some characters in it and the signature was still valid. Then I narrowed it a bit to the followinf string:

AAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAA 8

And it still works when I'm changing the '8' character. I could probably narrow it even more.

The code that performs the validation is:

Signatory1: TSignatory;
....

var
  DocumentStream, SignatureStream: TStream;
....

DocumentStream  := TFileStream.Create( edtRSADocumentFile.Text, fmOpenread);
try
SignatureStream := TFileStream.Create( edtRSASignatureFile.Text, fmOpenread);
try
 Res := Signatory1.Verify( DocumentStream, SignatureStream)
finally
  SignatureStream.Free
end;
finally
  DocumentStream.Free;
end;

回答1:


First, I wouldn't assume anything wrong with the library as it's been used for years. You shouldn't be able to change the inputs and use the same signature to validate it and it work. Keysize wouldn't play a part.

To get real answers, I'd expand your question - what version of Delphi? Can you show some code?




回答2:


LockBox 3 has a bug in the implementation of digital signature component. LockBox 2.07 can correctly sign and verify signatures, but loading/saving keys doesn't work in Delphi 2010.



来源:https://stackoverflow.com/questions/4228224/lockbox-digital-signature-component-problem

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!