如何验证由openssl创建的pycrypto签名?

| 我已经在openssl中创建了私钥/公钥,并签署了一些数据: 
openssl genrsa -out private.pem 1024
openssl rsa -in private.pem -out public.pem -outform PEM -pubout
echo \'data to sign\' > data.txt
openssl dgst -md5 < data.txt > hash
openssl rsautl -sign -inkey private.pem -keyform PEM -in hash  > signature
现在在python中,我正在尝试验证以下数据: 
pubKey = open(\'public.pem\').read()
data = open(\'data.txt\').read()
signature = open(\'signature\').read()

from Crypto import PublicKey
key = PublicKey.RSA.importKey(pubKey)
pub = key.publickey()
hash = MD5.new(data).hexdigest()
# here, hash is same, as contents of \'hash\' file
print pub.verify(hash, signature) # <-- here
问题是
pub.verify
期望第二个参数是一个较大数量的一元列表。而且我不知道如何将文件“ 3”中的二进制数据转换为该整数。每个关于pycrypto的示例都显示从pycrypto生成的签名,而
key.sign()
会以
(1832273432...2340234L, )
的形式生成正确的签名。但是我不知道如何使用外部签名。 如果有必要,下面是其他信息,我不知道该如何解释: 简要技术信息: 数字签名的格式:PKCS#7“签名数据” 公钥过程:DSS 密钥长度:512 – 1024位 公开指数:2 +1 公钥格式:X.509 v3证书 MD(消息摘要)算法:MD5或RIPEMD-160 16     
2020-03-02 5 条评论
分享

没有找到相关结果

    已邀请:

    芳菱挨啡

            您需要Crypto.Signature模块。从
    Crypto.Signature.PKCS1_v1_5
    文档中: 
    key = RSA.importKey(open(\'pubkey.der\').read())
h = SHA.new(message)
verifier = PKCS1_v1_5.new(key)
if verifier.verify(h, signature):
   print \"The signature is authentic.\"
else:
   print \"The signature is not authentic.\"
        
    2020-03-02 0 0
    分享

    窃誓额

            我有同样的问题,这里是使用openssl和python生成和验证的示例。希望这可以帮助某人... 重击: 
    #!/bin/bash
# Generate keys
openssl genrsa -out priv.pem
# Export public key
openssl rsa -pubout -in priv.pem -out pub.pem
# Create test file
echo test123 > test.txt
# Create SHA1 signature
openssl dgst -sha1 -sign priv.pem -out test.txt.sig test.txt
# Verify SHA1 signature
openssl dgst -sha1 -verify pub.pem -signature test.txt.sig test.txt
    蟒蛇: 
    #!/usr/bin/python
from Crypto.Signature import PKCS1_v1_5
from Crypto.PublicKey import RSA
from Crypto.Hash import SHA
from Crypto import Random
# Read public key from file
fd = open(\'pub.pem\', \'r\')
key_data = fd.read()
fd.close()
# Load public key
key = RSA.importKey(key_data)
# Read test file
fd = open(\'test.txt\', \'r\')
message = fd.read()
fd.close()
# Create SHA1 hash object
h = SHA.new(message)
# Create PKCS1 handler
cipher = PKCS1_v1_5.new(key)
# Read signature file
fd = open(\'test.txt.sig\', \'r\')
signature = fd.read()
fd.close()
# Verify signature
print cipher.verify(h, signature)
# Read private key from file
fd = open(\'priv.pem\', \'r\')
priv_key_data = fd.read()
fd.close()
# Load private key
priv_key = RSA.importKey(priv_key_data)
# Create PKCS1 handler
priv_cipher = PKCS1_v1_5.new(priv_key)
# Sign hash of test file content and compare
signature2 = priv_cipher.sign(h)
if signature == signature2:
    print \"Match!! :)\"
    经过一番阅读之后,我了解到(PKS1_PSS是应该用于创建签名的新方案(https://en.wikipedia.org/wiki/PKCS_1)。 这两个脚本都需要进行一些更改: 重击: 
    #!/bin/bash
# Generate keys
openssl genrsa -out priv.pem
# Export public key
openssl rsa -pubout -in priv.pem -out pub.pem
# Create test file
echo test123 > test.txt
# Create SHA1 signature
openssl dgst -sha1 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 -sign priv.pem -out test.txt.sig test.txt
# Verify SHA1 signature
openssl dgst -sha1 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 -verify pub.pem -signature test.txt.sig test.txt
    蟒蛇: 
    #!/usr/bin/python
from Crypto.Signature import PKCS1_PSS
from Crypto.PublicKey import RSA
from Crypto.Hash import SHA
from Crypto import Random
# Read public key from file
fd = open(\'pub.pem\', \'r\')
key_data = fd.read()
fd.close()
# Load public key
key = RSA.importKey(key_data)
# Read test file
fd = open(\'test.txt\', \'r\')
message = fd.read()
fd.close()
# Create SHA1 hash object
h = SHA.new(message)
# Create PKCS1 handler
cipher = PKCS1_PSS.new(key)
# Read signature file
fd = open(\'test.txt.sig\', \'r\')
signature = fd.read()
fd.close()
# Verify signature
print cipher.verify(h, signature)
# Read private key from file
fd = open(\'priv.pem\', \'r\')
priv_key_data = fd.read()
fd.close()
# Load private key
priv_key = RSA.importKey(priv_key_data)
# Create PKCS1 handler
priv_cipher = PKCS1_PSS.new(priv_key)
# Sign hash of test file content and compare
signature2 = priv_cipher.sign(h)
# PKCS1_PSS signatures always differ!
#if signature == signature2:
#    print \"Match!! :)\"
        
    2020-03-02 0 0
    分享

    踩什不

            这是解决方案。 
    from Crypto.Util import number
signature  = number.bytes_to_long(signature) #Convert the signature to long
print pub.verify(hash, (signature,) ) #Pass tuple to verify
        
    2020-03-02 0 0
    分享

    姬第柔炒

            这篇文章给你最好的答案。 如何在Python中验证RSA SHA1签名? pycrypto无法验证OpenSSL创建的签名。您可以尝试使用M2Crypto。     
    2020-03-02 0 0
    分享
    为什么被折叠? 0 个回复被折叠

    要回复问题请先登录注册

    或代码 OrCode.com 备案号:粤ICP备15020848号-1
    Escape time: 0.039069175720215