【发布时间】:2021-11-16 11:02:39
【问题描述】:
我目前正在开发一个使用 PyCryptodome 在 python 中自动解密的小程序
我的测试有一个 shell 版本,可以正常工作,但我不知道为什么它不能在 python 中验证(可能是编码/解码问题?)
私有 ECC 密钥生成:
openssl ecparam -name prime256v1 -genkey -noout -out key.pem
公钥生成:
openssl ec -in key.pem -pubout -out publicKey.pub
要签名的数据:
echo test > i_am_a_test.txt
生成签名文件:
openssl dgst -sign key.pem -out data.sig i_am_a_test.txt
验证签名:
openssl dgst -verify publicKey.pub -signature data.sig i_am_a_test.txt
Verified OK
python 版本:
import base64
from Crypto.Hash import SHA256
from Crypto.PublicKey import ECC
from Crypto.Signature import DSS
if __name__ == "__main__":
# the pub key from publicKey.pub
pub = "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEzlNm3snsI8D4VWf7vwNkR4WG0F/ymFgew1xUIVn6tUL0ln+lc/lKxOIUa3O2uFkoCUwEALCTpasWbNUoNGi+JQ=="
# the data to verify
data = "test"
# the signature from data.sig
sig = "MEYCIQCLbTx5uk18vixVZiG/s9bpBso5u3BZcJDNDSUX5bZc6gIhAMbqzdioGmelKIgVlUmZhtaYs9Szs9asATHCJvTIx7G8"
key = ECC.import_key(base64.b64decode(pub))
h = SHA256.new(base64.b64decode(data))
verifier = DSS.new(key, 'fips-186-3', encoding="der")
verifier.verify(h, base64.b64decode(sig))
print("The message is authentic.")
验证输出
Traceback (most recent call last):
File "/home/admin/Documents/tests/main.py", line 51, in <module>
verifier.verify(h, base64.b64decode(sig))
File "/home/admin/.local/share/virtualenvs/admin-afIRSt_6/lib/python3.8/site-packages/Crypto/Signature/DSS.py", line 169, in verify
raise ValueError("The signature is not authentic")
ValueError: The signature is not authentic
【问题讨论】:
标签: python shell openssl google-pay pycryptodome