1

I have to digitally sign a string using the SHA-1 algorithm with RSA using PKCS#1 padding. I have downloaded Turbo Power Lockbox to use with the Delphi programming language.

In a previous question I have learned how to convert private key from PEM format to DER format (which if I understand correctly is ASN.1 format and is used with Lockbox).

I am getting a "division by zero" error in the following code on the SignString:

uses LbRSA,lbAsym,LbDSA;

procedure TForm1.Button1Click(sender: TObject);
var
  mPrivateKey: TLbRSAKey;
  mLbRSASSA : TLbRSASSA;
begin
  mPrivateKey := TLbRSAKey.Create(aks1024);
  mPrivateKey.LoadFromFile('C:\temp\myrsakey.der');
  mLbRSASSA := TLbRSASSA.create(nil);
  mLbRSASSA.HashMethod := hmSHA1;
  mLbRSASSA.PrivateKey.Assign(mprivateKey);
  mLbRSASSA.SignString('sign this message');

Here is how I generated c:\temp\myrsakey.der:

c:\openssl\bin\openssl req -x509 -nodes -days 365 -newkey rsa:1024 -sha1 -subj "/C=US/ST=CA/L=Mountain View/CN=www.mycompany.com" -keyout myrsakey.pem -out c:\temp\myrsacert.pem

Use following to convert from PEM to DER:

c:\openssl\bin\openssl rsa -inform PEM -outform DER -in c:\temp\myrsakey.pem -out c:\temp\myrsakey.der

Any ideas why I am getting the division by zero error?

Community
  • 1
  • 1
M Schenkel
  • 6,294
  • 12
  • 62
  • 107

1 Answers1

2

The private key you are generating with OpenSSL is in a different format to what Lockbox requires.
I haven't worked out what the required incantation is that you need for OpenSSL to generate a Lockbox compatible key (even if OpenSSL is able to) but judging by your previous question you already have a key/certificate so my first idea of using Lockbox to generate the key is probably no use:

  mLbRSASSA := TLbRSASSA.create(nil);
  mLbRSASSA.KeySize := aks1024;
  mLbRSASSA.GenerateKeyPair;
  mLbRSASSA.PrivateKey.StoreToFile(mykeyname);

However, perhaps a better suggestion is that you could avoid Lockbox altogether. I've stopped using Lockbox and now use the OpenSSL library/dll directly for signing etc using the work by Marco Ferrante: http://www.disi.unige.it/person/FerranteM/delphiopenssl/
There are good examples on there and it all starts to make sense once you combine it with a reading of the OpenSSL docs.

shunty
  • 3,699
  • 1
  • 22
  • 27
  • Thanks, helpful. I think what you are saying keys generated with OpenSSL cannot be used with LockBox. I will give the OpenSSL library a try (OpenSSLUtils.pas). I guess that makes sense; afterall LockBox is over 7 years old. If it helps, I am trying to interface to Google's AuthSub using a digitally signature. – M Schenkel Nov 23 '09 at 15:59
  • Not necessarily saying it can't be done - just not sure it's worth the effort :-) Lockbox, as noted, is pretty old and the OpenSSL API works well once you get the hang of it. Forgot to add that if you're using unicode Delphi then you'll need to do a few changes from PChar to PByte or PAnsiChar in the pas files from that web site. EVP_* functions are what you want. – shunty Nov 23 '09 at 16:15
  • 10 years later, are there any new findings? I'd also like to use my existing keys, but unfortunately fail to do so with LockBox2 as well as LockBox3. Any new ideas on how to accomplish this? – CodeX Apr 04 '19 at 01:20
  • Nothing to add, from me, I'm afraid. I've posted a few crypto based answers since - all based around the Delphi/OpenSSL implementations - but the latest version of Delphi I own is D2010 and very rarely use it at the moment so I'm a bit out of touch on that front. – shunty Apr 07 '19 at 09:46