LockBox3 Generate the same RSA Key Pairs

Question

I recently decide to came across the LockBox3 crypto component set and follow the straightforward documentation about how to generate a RSA Key Pair using the following link :

http://lockbox.seanbdurkin.id.au/Generate+an+RSA+key

(Official documentation)

When I apply the process, I'm able to generate both public and private keys and export to file.

But when I decide to generate new key pairs using the same code it still the same public and private key (exactly the same)

Normally it should not be the case, we should be able to generate unlimited different key pairs in case the private key got leaked for some reasons.

Is there any other steps to generate total new key pairs or this is a bug?

I'm using Delphi XE6 and running the Lockbox 3 components (latest available from SourceForge)

Thanks in advance

Answer 1

There was a typing error in uTPLb_Random unit, in TRandomStream.Randomize method. Now it is fixed (see uTPLb_Random.pas on GitHub).

procedure TRandomStream.Randomize();
{$IFDEF SMWINDOWS} //Should be MSWINDOWS
var
  hProv: THandle;
  dwProvType, dwFlags: DWORD;
  Provider1: string;
  hasOpenHandle: boolean;
{$ENDIF}
begin
{$IFDEF SMWINDOWS} //Should be MSWINDOWS
  Provider1 := Provider;
  dwProvType := PROV_RSA_FULL;
  dwFlags := CRYPT_SILENT;
  hasOpenHandle := CryptAcquireContext(hProv, nil, PChar(Provider), dwProvType, dwFlags);
  try
    if (not hasOpenHandle) or (not CryptGenRandom(hProv, SizeOf(FValue), @FValue)) then
  FValue := TimeStampClock();
  finally
    if hasOpenHandle then
      CryptReleaseContext(hProv, 0);
  end;
  Crunch();
{$ENDIF}
end;

After correction it generates different keys each time.

Answer 2

Randomize your seed before generation. For best results, dont use the inbuilt randomize procedure.