I appreciate the TurboPower LockBox library for digital signing. I created a 1024-bit RSA key and tried to sign 260 bytes of text with it. After changing one or two characters in the text, the signature is still valid for it. This is normal? Or maybe this is a problem with this library. Changing even one character has a decisive effect. Do I need to create a larger key?
UPDATE
To test the library, I used the demo application that comes with it. I created an RSA 1024 key pair and then tried the digital signature features. At first I tried with a real 260-bit text file and found out that I can change some characters in it, and the signature is still valid. Then I narrowed it down a bit to the next line:
AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAA 8
And it still works when I change the character "8". I could probably narrow it down even more.
Code that validates:
Signatory1: TSignatory; .... var DocumentStream, SignatureStream: TStream; .... DocumentStream := TFileStream.Create( edtRSADocumentFile.Text, fmOpenread); try SignatureStream := TFileStream.Create( edtRSASignatureFile.Text, fmOpenread); try Res := Signatory1.Verify( DocumentStream, SignatureStream) finally SignatureStream.Free end; finally DocumentStream.Free; end;
source share