views:

484

answers:

1

I have to digitally sign a string using the SHA-1 algorithm with RSA using PKCS#1 padding. I have downloaded Turbo Power Lockbox to use with the Delphi programming language.

In a previous question I have learned how to convert private key from PEM format to DER format (which if I understand correctly is ASN.1 format and is used with Lockbox).

I am getting a "division by zero" error in the following code on the SignString:

uses LbRSA,lbAsym,LbDSA;

procedure TForm1.Button1Click(sender: TObject);
var
  mPrivateKey: TLbRSAKey;
  mLbRSASSA : TLbRSASSA;
begin
  mPrivateKey := TLbRSAKey.Create(aks1024);
  mPrivateKey.LoadFromFile('C:\temp\myrsakey.der');
  mLbRSASSA := TLbRSASSA.create(nil);
  mLbRSASSA.HashMethod := hmSHA1;
  mLbRSASSA.PrivateKey.Assign(mprivateKey);
  mLbRSASSA.SignString('sign this message');

Here is how I generated c:\temp\myrsakey.der:

c:\openssl\bin\openssl req -x509 -nodes -days 365 -newkey rsa:1024 -sha1 -subj "/C=US/ST=CA/L=Mountain View/CN=www.mycompany.com" -keyout myrsakey.pem -out c:\temp\myrsacert.pem

Use following to convert from PEM to DER:

c:\openssl\bin\openssl rsa -inform PEM -outform DER -in c:\temp\myrsakey.pem -out c:\temp\myrsakey.der

Any ideas why I am getting the division by zero error?

+2  A: 

The private key you are generating with OpenSSL is in a different format to what Lockbox requires.
I haven't worked out what the required incantation is that you need for OpenSSL to generate a Lockbox compatible key (even if OpenSSL is able to) but judging by your previous question you already have a key/certificate so my first idea of using Lockbox to generate the key is probably no use:

  mLbRSASSA := TLbRSASSA.create(nil);
  mLbRSASSA.KeySize := aks1024;
  mLbRSASSA.GenerateKeyPair;
  mLbRSASSA.PrivateKey.StoreToFile(mykeyname);

However, perhaps a better suggestion is that you could avoid Lockbox altogether. I've stopped using Lockbox and now use the OpenSSL library/dll directly for signing etc using the work by Marco Ferrante: http://www.disi.unige.it/person/FerranteM/delphiopenssl/
There are good examples on there and it all starts to make sense once you combine it with a reading of the OpenSSL docs.

shunty
Thanks, helpful. I think what you are saying keys generated with OpenSSL cannot be used with LockBox. I will give the OpenSSL library a try (OpenSSLUtils.pas). I guess that makes sense; afterall LockBox is over 7 years old. If it helps, I am trying to interface to Google's AuthSub using a digitally signature.
M Schenkel
Not necessarily saying it can't be done - just not sure it's worth the effort :-) Lockbox, as noted, is pretty old and the OpenSSL API works well once you get the hang of it. Forgot to add that if you're using unicode Delphi then you'll need to do a few changes from PChar to PByte or PAnsiChar in the pas files from that web site. EVP_* functions are what you want.
shunty