tags:

views:

484

answers:

1
+1  Q: 

Digitially Sign Key with Lockbox

I have to digitally sign a string using the SHA-1 algorithm with RSA using PKCS#1 padding. I have downloaded Turbo Power Lockbox to use with the Delphi programming language.

In a previous question I have learned how to convert private key from PEM format to DER format (which if I understand correctly is ASN.1 format and is used with Lockbox).

I am getting a "division by zero" error in the following code on the SignString:

uses LbRSA,lbAsym,LbDSA;

procedure TForm1.Button1Click(sender: TObject);
var
  mPrivateKey: TLbRSAKey;
  mLbRSASSA : TLbRSASSA;
begin
  mPrivateKey := TLbRSAKey.Create(aks1024);
  mPrivateKey.LoadFromFile('C:\temp\myrsakey.der');
  mLbRSASSA := TLbRSASSA.create(nil);
  mLbRSASSA.HashMethod := hmSHA1;
  mLbRSASSA.PrivateKey.Assign(mprivateKey);
  mLbRSASSA.SignString('sign this message');

Here is how I generated c:\temp\myrsakey.der:

c:\openssl\bin\openssl req -x509 -nodes -days 365 -newkey rsa:1024 -sha1 -subj "/C=US/ST=CA/L=Mountain View/CN=www.mycompany.com" -keyout myrsakey.pem -out c:\temp\myrsacert.pem

Use following to convert from PEM to DER:

c:\openssl\bin\openssl rsa -inform PEM -outform DER -in c:\temp\myrsakey.pem -out c:\temp\myrsakey.der

Any ideas why I am getting the division by zero error?

+2  A: 

The private key you are generating with OpenSSL is in a different format to what Lockbox requires.
I haven't worked out what the required incantation is that you need for OpenSSL to generate a Lockbox compatible key (even if OpenSSL is able to) but judging by your previous question you already have a key/certificate so my first idea of using Lockbox to generate the key is probably no use:

  mLbRSASSA := TLbRSASSA.create(nil);
  mLbRSASSA.KeySize := aks1024;
  mLbRSASSA.GenerateKeyPair;
  mLbRSASSA.PrivateKey.StoreToFile(mykeyname);

However, perhaps a better suggestion is that you could avoid Lockbox altogether. I've stopped using Lockbox and now use the OpenSSL library/dll directly for signing etc using the work by Marco Ferrante: http://www.disi.unige.it/person/FerranteM/delphiopenssl/
There are good examples on there and it all starts to make sense once you combine it with a reading of the OpenSSL docs.

shunty  2009-11-23 15:22:40
Thanks, helpful. I think what you are saying keys generated with OpenSSL cannot be used with LockBox. I will give the OpenSSL library a try (OpenSSLUtils.pas). I guess that makes sense; afterall LockBox is over 7 years old. If it helps, I am trying to interface to Google's AuthSub using a digitally signature.
M Schenkel  2009-11-23 15:59:55
Not necessarily saying it can't be done - just not sure it's worth the effort :-) Lockbox, as noted, is pretty old and the OpenSSL API works well once you get the hang of it. Forgot to add that if you're using unicode Delphi then you'll need to do a few changes from PChar to PByte or PAnsiChar in the pas files from that web site. EVP_* functions are what you want.
shunty  2009-11-23 16:15:33

related questions

How do you implement Levenshtein distance in Delphi?
Reintroducing functions in Delphi
Does Delphi call inherited on overridden procedures if there is no explicit call
HelpInsight documentation in Delphi 2007
Is it possible to deploy a native Delphi application with ClickOnce
In Delphi 7, why can I assign a value to a const?
Best way to sort an array in delphi
What's the best Delphi book for a newbie?
Visual Studio equivalent to Delphi bookmarks
What's the idiomatic way to do async socket programming in Delphi?
64bit Memory allocation
Documenting Delphi
How to implement Type-safe COM enumerations in Delphi ?
TClientDataSet Aggregates specification aren't added automatically when creating an Aggregate field.
Multiple form Delphi applications and dialogs
Unit testing in Delphi - how are you doing it ?
How to keep track of the references to an object?
Delphi and COM: TLB and maintenance issues
Changing CURRENT save/default directory in Delphi 2007 without using Save-As
What is the best way to make a Delphi Application completely full screen ?
Are there any "mind mapping" components for Delphi? (native VCL preferably)
Delphi resources for existing .NET developer.
What is needed to get Delphi back on top?
Delphi MDI Application and the titlebar of the MDI Children
Can a windows dll retrieve its own filename?