Lockbox数字签名组件问题
我正在评估用于数字签名的 TurboPower LockBox 库。我创建了一个 1024 位 RSA 密钥,并尝试用它签署 260 字节的文本。更改文本中的一两个字符后,签名仍然有效。可以吗?或者可能是这个库的问题。 即使改变一个角色也会产生至关重要的影响。我需要创建一个更大的密钥吗?
更新
为了测试该库,我使用了它附带的演示应用程序。我生成了一个1024 RSA密钥对,然后尝试了数字签名功能。首先,我尝试使用真正的 260 位文本文件,发现我可以更改其中的一些字符,并且签名仍然有效。然后我将其缩小到以下字符串:
AAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAA 8
当我更改“8”字符时它仍然有效。我可能可以进一步缩小范围。
执行验证的代码是:
Signatory1: TSignatory;
....
var
DocumentStream, SignatureStream: TStream;
....
DocumentStream := TFileStream.Create( edtRSADocumentFile.Text, fmOpenread);
try
SignatureStream := TFileStream.Create( edtRSASignatureFile.Text, fmOpenread);
try
Res := Signatory1.Verify( DocumentStream, SignatureStream)
finally
SignatureStream.Free
end;
finally
DocumentStream.Free;
end;
I'm evaluating TurboPower LockBox library for digital signing. I've created a 1024 bit RSA key and tried to sign a 260 bytes of text with it. After changing one or two characters in the text the signature is still valid for it. Is that ok? Or maybe it's a problem with this library.
Changing even one character has a crucial effect. Do I need to create a larger key?
UPDATE
To test the library I used the demo application that comes with it. I have generated a 1024 RSA key pair and then tried the digital signing functions. First I've tried with a real 260 bit text file and found out that I can change some characters in it and the signature was still valid. Then I narrowed it a bit to the followinf string:
AAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAA 8
And it still works when I'm changing the '8' character. I could probably narrow it even more.
The code that performs the validation is:
Signatory1: TSignatory;
....
var
DocumentStream, SignatureStream: TStream;
....
DocumentStream := TFileStream.Create( edtRSADocumentFile.Text, fmOpenread);
try
SignatureStream := TFileStream.Create( edtRSASignatureFile.Text, fmOpenread);
try
Res := Signatory1.Verify( DocumentStream, SignatureStream)
finally
SignatureStream.Free
end;
finally
DocumentStream.Free;
end;
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
首先,我不会认为该库有任何问题,因为它已经使用了多年。您不应该能够更改输入并使用相同的签名来验证它并且它可以工作。密钥大小不会发挥作用。
为了得到真正的答案,我会扩展你的问题 - Delphi 的版本是什么?你能展示一些代码吗?
First, I wouldn't assume anything wrong with the library as it's been used for years. You shouldn't be able to change the inputs and use the same signature to validate it and it work. Keysize wouldn't play a part.
To get real answers, I'd expand your question - what version of Delphi? Can you show some code?
LockBox 3 在数字签名组件的实现中存在错误。 LockBox 2.07 可以正确签名和验证签名,但加载/保存密钥在 Delphi 2010 中不起作用。
LockBox 3 has a bug in the implementation of digital signature component. LockBox 2.07 can correctly sign and verify signatures, but loading/saving keys doesn't work in Delphi 2010.