使用 OpenSSL 和 Python3 签署数据 - 无法验证签署的数据
Signing Data with OpenSSL and Python3 - signed data cannot be validated
我正在尝试复制以下步骤以在 python3 脚本中使用 OpenSSL 对一些数据进行签名。当我从命令行执行工作时,一切正常。当我把它放入脚本时,签名数据不是 recognized/validated.
如何将已签名的数据转换为可识别的格式?下面我尝试删除 'b' (对于字节)和单引号以强制通过,但没有运气。
这些步骤在从命令行执行时工作正常:
命令行:
创建数据文件
echo -n "This is my data." > data.txt
签署数据文件
openssl dgst -sha256 -sign key.pem -keyform PEM -out signature data.txt
编码数据文件
openssl enc -base64 -in signature > sig_base64
*输出:
nTxLMxUTOf5suMOqy9vCHserJ3jzaKPRxGABR1zz3sZsuQHvBD8r9z82wzmvkS7u
ygW4fi6NH9P5znJFaTw3omnZjOL+xWrxvwmK0Lg25a/MNC5xpuY8i12rIsLLZHbu
B4q0G7dj4m3oJNxyhoZjrKPr3V0KssdxuNBlMYdjd3tuhj5MI1cqpRetAcw2nJps
ovC14sPAzTaKHUmMoN+H5t2rVgoeaHhTknhEAlW5FqXMcm/cR/rRru9EoAEe7cmV
rTRiJpCBiKrpHBNPmQJOmF+zrS3tID4XGFV/yUgcU0chlLMoJyv1AdfHdQYzfeGP
EYFuk7NYnjz5kVLoasTS7Q==
我的脚本
#!/usr/local/bin/python3
import cryptography
import base64
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization, hashes
from cryptography.hazmat.primitives.asymmetric import padding
key_file = open("key.pem", "rb")
private_key = serialization.load_pem_private_key(key_file.read(), password = None, backend=default_backend())
data = "This is my data."
dataBytes = bytes(data, encoding='ascii')
signData = private_key.sign(dataBytes,padding.PSS(mgf=padding.MGF1(hashes.SHA256()),salt_length=padding.PSS.MAX_LENGTH),hashes.SHA256())
encodedData = base64.b64encode(signData)
print("-----BEGIN DATA REQUEST-----")
print(data)
print("-----END DATA REQUEST-----")
print("\n")
print("Example 1")
print("-----BEGIN SIGNATURE-----")
print(encodedData)
print("-----END SIGNATURE-----")
print("\n")
print("Example 2")
print("-----BEGIN SIGNATURE-----")
print (encodedData.decode('ascii'))
print("-----END SIGNATURE-----")
print("\n")
print("Example 3")
print("-----BEGIN SIGNATURE-----")
print(str(encodedData).replace("b'","").replace("'",""))
print("-----END SIGNATURE-----")
我的脚本输出
-----BEGIN DATA REQUEST-----
This is my data.
-----END DATA REQUEST-----
Example 1
-----BEGIN SIGNATURE-----
b'sooabk4NIJwPtTdQvqIpiHxGpc10log56IdSaE9gnwPToYhlIOZBUo5W1Peyfz6lnQojYcG+MGLGtYQNIsHsYJnT6p5cBN3QHf/FIU4SaELTLpmLhEtW3n5a19vbEXi/LBXaUfrCNf1A7TaNh+uM+iMIeNDsgF4GWfJwb+O1jlw1NdUk4hces7CHBYGvk9/sGwntyHYkkOnJpPhy6ZQ2bhVnYS/R2d9Wilptjl7OlDkAb4VB2TXjPPtSzWxMQ+Ch4HF8BdnOGzUo+Yb9lKsP8LnyROMEtEBBaTmh/6xVKwaRi1xqorJS+qWRtivqIN4RPsKz+jlcqg6fCZxi6NW2Qw=='
-----END SIGNATURE-----
Example 2
-----BEGIN SIGNATURE-----
sooabk4NIJwPtTdQvqIpiHxGpc10log56IdSaE9gnwPToYhlIOZBUo5W1Peyfz6lnQojYcG+MGLGtYQNIsHsYJnT6p5cBN3QHf/FIU4SaELTLpmLhEtW3n5a19vbEXi/LBXaUfrCNf1A7TaNh+uM+iMIeNDsgF4GWfJwb+O1jlw1NdUk4hces7CHBYGvk9/sGwntyHYkkOnJpPhy6ZQ2bhVnYS/R2d9Wilptjl7OlDkAb4VB2TXjPPtSzWxMQ+Ch4HF8BdnOGzUo+Yb9lKsP8LnyROMEtEBBaTmh/6xVKwaRi1xqorJS+qWRtivqIN4RPsKz+jlcqg6fCZxi6NW2Qw==
-----END SIGNATURE-----
Example 3
-----BEGIN SIGNATURE-----
sooabk4NIJwPtTdQvqIpiHxGpc10log56IdSaE9gnwPToYhlIOZBUo5W1Peyfz6lnQojYcG+MGLGtYQNIsHsYJnT6p5cBN3QHf/FIU4SaELTLpmLhEtW3n5a19vbEXi/LBXaUfrCNf1A7TaNh+uM+iMIeNDsgF4GWfJwb+O1jlw1NdUk4hces7CHBYGvk9/sGwntyHYkkOnJpPhy6ZQ2bhVnYS/R2d9Wilptjl7OlDkAb4VB2TXjPPtSzWxMQ+Ch4HF8BdnOGzUo+Yb9lKsP8LnyROMEtEBBaTmh/6xVKwaRi1xqorJS+qWRtivqIN4RPsKz+jlcqg6fCZxi6NW2Qw==
-----END SIGNATURE-----
我从命令行输出与示例 2 和示例 3 的脚本输出中看到的唯一区别是命令行中签名数据的格式与我的脚本生成的格式不同(cli 是一个块,而我的代码只生成一行)。
我卡住了。无法弄清楚出了什么问题。有什么想法吗?
我使用 OpenSSL 库再次尝试了此操作,示例 3 的输出一切正常(我没有尝试其他的):
脚本
#!/usr/local/bin/python3
import OpenSSL
from OpenSSL import crypto
import base64
key_file = open("key.pem", "rb")
key = key_file.read()
key_file.close()
pkey = crypto.load_privatekey(crypto.FILETYPE_PEM, key)
data = "This is my data."
dataBytes = bytes(data, encoding='ascii')
signData = OpenSSL.crypto.sign(pkey, dataBytes, "sha256")
encodedData = base64.b64encode(signData)
print("-----BEGIN DATA REQUEST-----")
print(data)
print("-----END DATA REQUEST-----")
print("\n")
print("Example 1")
print("-----BEGIN SIGNATURE-----")
print(encodedData)
print("-----END SIGNATURE-----")
print("\n")
print("Example 2")
print("-----BEGIN SIGNATURE-----")
print (encodedData.decode('ascii'))
print("-----END SIGNATURE-----")
print("\n")
print("Example 3")
print("-----BEGIN SIGNATURE-----")
print(str(encodedData).replace("b'","").replace("'",""))
print("-----END SIGNATURE-----")
输出
-----BEGIN DATA REQUEST-----
This is my data.
-----END DATA REQUEST-----
Example 1
-----BEGIN SIGNATURE-----
b'AOPHhQAQ7QnST30rdaFEMVFJqTDAq886MAe1tigxWrjKwUZYIObeabH3UuYVd7s2N4fT9Z/9fOKSyPiDkB61WcfYIdIJBkCkKX+xHTqBnpZjyFevkdx+P8MjomXI1/hP66Jnk2VK7H/KcW+dxG1/F60d3kRvuLeG6M/1bwVJ3zYC2J6c9216GCwBrCg/WG6rJLweuOQL63pccWYMaxESTM9Br6KpK3fw/12soei19+2btFmEx50mUNeXPDKVwePYVT3il3ArrT96NdSteogMd+qnweZvRomMJu+v8SWZeumMU/+ytEHXQzwlgiED+hLCnzG2RYo+s4khbEdu7o57sQ=='
-----END SIGNATURE-----
Example 2
-----BEGIN SIGNATURE-----
AOPHhQAQ7QnST30rdaFEMVFJqTDAq886MAe1tigxWrjKwUZYIObeabH3UuYVd7s2N4fT9Z/9fOKSyPiDkB61WcfYIdIJBkCkKX+xHTqBnpZjyFevkdx+P8MjomXI1/hP66Jnk2VK7H/KcW+dxG1/F60d3kRvuLeG6M/1bwVJ3zYC2J6c9216GCwBrCg/WG6rJLweuOQL63pccWYMaxESTM9Br6KpK3fw/12soei19+2btFmEx50mUNeXPDKVwePYVT3il3ArrT96NdSteogMd+qnweZvRomMJu+v8SWZeumMU/+ytEHXQzwlgiED+hLCnzG2RYo+s4khbEdu7o57sQ==
-----END SIGNATURE-----
Example 3
-----BEGIN SIGNATURE-----
AOPHhQAQ7QnST30rdaFEMVFJqTDAq886MAe1tigxWrjKwUZYIObeabH3UuYVd7s2N4fT9Z/9fOKSyPiDkB61WcfYIdIJBkCkKX+xHTqBnpZjyFevkdx+P8MjomXI1/hP66Jnk2VK7H/KcW+dxG1/F60d3kRvuLeG6M/1bwVJ3zYC2J6c9216GCwBrCg/WG6rJLweuOQL63pccWYMaxESTM9Br6KpK3fw/12soei19+2btFmEx50mUNeXPDKVwePYVT3il3ArrT96NdSteogMd+qnweZvRomMJu+v8SWZeumMU/+ytEHXQzwlgiED+hLCnzG2RYo+s4khbEdu7o57sQ==
-----END SIGNATURE-----
我正在尝试复制以下步骤以在 python3 脚本中使用 OpenSSL 对一些数据进行签名。当我从命令行执行工作时,一切正常。当我把它放入脚本时,签名数据不是 recognized/validated.
如何将已签名的数据转换为可识别的格式?下面我尝试删除 'b' (对于字节)和单引号以强制通过,但没有运气。
这些步骤在从命令行执行时工作正常:
命令行:
创建数据文件
echo -n "This is my data." > data.txt签署数据文件
openssl dgst -sha256 -sign key.pem -keyform PEM -out signaturedata.txt编码数据文件
openssl enc -base64 -in signature > sig_base64
*输出:
nTxLMxUTOf5suMOqy9vCHserJ3jzaKPRxGABR1zz3sZsuQHvBD8r9z82wzmvkS7u
ygW4fi6NH9P5znJFaTw3omnZjOL+xWrxvwmK0Lg25a/MNC5xpuY8i12rIsLLZHbu
B4q0G7dj4m3oJNxyhoZjrKPr3V0KssdxuNBlMYdjd3tuhj5MI1cqpRetAcw2nJps
ovC14sPAzTaKHUmMoN+H5t2rVgoeaHhTknhEAlW5FqXMcm/cR/rRru9EoAEe7cmV
rTRiJpCBiKrpHBNPmQJOmF+zrS3tID4XGFV/yUgcU0chlLMoJyv1AdfHdQYzfeGP
EYFuk7NYnjz5kVLoasTS7Q==
我的脚本
#!/usr/local/bin/python3
import cryptography
import base64
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization, hashes
from cryptography.hazmat.primitives.asymmetric import padding
key_file = open("key.pem", "rb")
private_key = serialization.load_pem_private_key(key_file.read(), password = None, backend=default_backend())
data = "This is my data."
dataBytes = bytes(data, encoding='ascii')
signData = private_key.sign(dataBytes,padding.PSS(mgf=padding.MGF1(hashes.SHA256()),salt_length=padding.PSS.MAX_LENGTH),hashes.SHA256())
encodedData = base64.b64encode(signData)
print("-----BEGIN DATA REQUEST-----")
print(data)
print("-----END DATA REQUEST-----")
print("\n")
print("Example 1")
print("-----BEGIN SIGNATURE-----")
print(encodedData)
print("-----END SIGNATURE-----")
print("\n")
print("Example 2")
print("-----BEGIN SIGNATURE-----")
print (encodedData.decode('ascii'))
print("-----END SIGNATURE-----")
print("\n")
print("Example 3")
print("-----BEGIN SIGNATURE-----")
print(str(encodedData).replace("b'","").replace("'",""))
print("-----END SIGNATURE-----")
我的脚本输出
-----BEGIN DATA REQUEST-----
This is my data.
-----END DATA REQUEST-----
Example 1
-----BEGIN SIGNATURE-----
b'sooabk4NIJwPtTdQvqIpiHxGpc10log56IdSaE9gnwPToYhlIOZBUo5W1Peyfz6lnQojYcG+MGLGtYQNIsHsYJnT6p5cBN3QHf/FIU4SaELTLpmLhEtW3n5a19vbEXi/LBXaUfrCNf1A7TaNh+uM+iMIeNDsgF4GWfJwb+O1jlw1NdUk4hces7CHBYGvk9/sGwntyHYkkOnJpPhy6ZQ2bhVnYS/R2d9Wilptjl7OlDkAb4VB2TXjPPtSzWxMQ+Ch4HF8BdnOGzUo+Yb9lKsP8LnyROMEtEBBaTmh/6xVKwaRi1xqorJS+qWRtivqIN4RPsKz+jlcqg6fCZxi6NW2Qw=='
-----END SIGNATURE-----
Example 2
-----BEGIN SIGNATURE-----
sooabk4NIJwPtTdQvqIpiHxGpc10log56IdSaE9gnwPToYhlIOZBUo5W1Peyfz6lnQojYcG+MGLGtYQNIsHsYJnT6p5cBN3QHf/FIU4SaELTLpmLhEtW3n5a19vbEXi/LBXaUfrCNf1A7TaNh+uM+iMIeNDsgF4GWfJwb+O1jlw1NdUk4hces7CHBYGvk9/sGwntyHYkkOnJpPhy6ZQ2bhVnYS/R2d9Wilptjl7OlDkAb4VB2TXjPPtSzWxMQ+Ch4HF8BdnOGzUo+Yb9lKsP8LnyROMEtEBBaTmh/6xVKwaRi1xqorJS+qWRtivqIN4RPsKz+jlcqg6fCZxi6NW2Qw==
-----END SIGNATURE-----
Example 3
-----BEGIN SIGNATURE-----
sooabk4NIJwPtTdQvqIpiHxGpc10log56IdSaE9gnwPToYhlIOZBUo5W1Peyfz6lnQojYcG+MGLGtYQNIsHsYJnT6p5cBN3QHf/FIU4SaELTLpmLhEtW3n5a19vbEXi/LBXaUfrCNf1A7TaNh+uM+iMIeNDsgF4GWfJwb+O1jlw1NdUk4hces7CHBYGvk9/sGwntyHYkkOnJpPhy6ZQ2bhVnYS/R2d9Wilptjl7OlDkAb4VB2TXjPPtSzWxMQ+Ch4HF8BdnOGzUo+Yb9lKsP8LnyROMEtEBBaTmh/6xVKwaRi1xqorJS+qWRtivqIN4RPsKz+jlcqg6fCZxi6NW2Qw==
-----END SIGNATURE-----
我从命令行输出与示例 2 和示例 3 的脚本输出中看到的唯一区别是命令行中签名数据的格式与我的脚本生成的格式不同(cli 是一个块,而我的代码只生成一行)。
我卡住了。无法弄清楚出了什么问题。有什么想法吗?
我使用 OpenSSL 库再次尝试了此操作,示例 3 的输出一切正常(我没有尝试其他的):
脚本
#!/usr/local/bin/python3
import OpenSSL
from OpenSSL import crypto
import base64
key_file = open("key.pem", "rb")
key = key_file.read()
key_file.close()
pkey = crypto.load_privatekey(crypto.FILETYPE_PEM, key)
data = "This is my data."
dataBytes = bytes(data, encoding='ascii')
signData = OpenSSL.crypto.sign(pkey, dataBytes, "sha256")
encodedData = base64.b64encode(signData)
print("-----BEGIN DATA REQUEST-----")
print(data)
print("-----END DATA REQUEST-----")
print("\n")
print("Example 1")
print("-----BEGIN SIGNATURE-----")
print(encodedData)
print("-----END SIGNATURE-----")
print("\n")
print("Example 2")
print("-----BEGIN SIGNATURE-----")
print (encodedData.decode('ascii'))
print("-----END SIGNATURE-----")
print("\n")
print("Example 3")
print("-----BEGIN SIGNATURE-----")
print(str(encodedData).replace("b'","").replace("'",""))
print("-----END SIGNATURE-----")
输出
-----BEGIN DATA REQUEST-----
This is my data.
-----END DATA REQUEST-----
Example 1
-----BEGIN SIGNATURE-----
b'AOPHhQAQ7QnST30rdaFEMVFJqTDAq886MAe1tigxWrjKwUZYIObeabH3UuYVd7s2N4fT9Z/9fOKSyPiDkB61WcfYIdIJBkCkKX+xHTqBnpZjyFevkdx+P8MjomXI1/hP66Jnk2VK7H/KcW+dxG1/F60d3kRvuLeG6M/1bwVJ3zYC2J6c9216GCwBrCg/WG6rJLweuOQL63pccWYMaxESTM9Br6KpK3fw/12soei19+2btFmEx50mUNeXPDKVwePYVT3il3ArrT96NdSteogMd+qnweZvRomMJu+v8SWZeumMU/+ytEHXQzwlgiED+hLCnzG2RYo+s4khbEdu7o57sQ=='
-----END SIGNATURE-----
Example 2
-----BEGIN SIGNATURE-----
AOPHhQAQ7QnST30rdaFEMVFJqTDAq886MAe1tigxWrjKwUZYIObeabH3UuYVd7s2N4fT9Z/9fOKSyPiDkB61WcfYIdIJBkCkKX+xHTqBnpZjyFevkdx+P8MjomXI1/hP66Jnk2VK7H/KcW+dxG1/F60d3kRvuLeG6M/1bwVJ3zYC2J6c9216GCwBrCg/WG6rJLweuOQL63pccWYMaxESTM9Br6KpK3fw/12soei19+2btFmEx50mUNeXPDKVwePYVT3il3ArrT96NdSteogMd+qnweZvRomMJu+v8SWZeumMU/+ytEHXQzwlgiED+hLCnzG2RYo+s4khbEdu7o57sQ==
-----END SIGNATURE-----
Example 3
-----BEGIN SIGNATURE-----
AOPHhQAQ7QnST30rdaFEMVFJqTDAq886MAe1tigxWrjKwUZYIObeabH3UuYVd7s2N4fT9Z/9fOKSyPiDkB61WcfYIdIJBkCkKX+xHTqBnpZjyFevkdx+P8MjomXI1/hP66Jnk2VK7H/KcW+dxG1/F60d3kRvuLeG6M/1bwVJ3zYC2J6c9216GCwBrCg/WG6rJLweuOQL63pccWYMaxESTM9Br6KpK3fw/12soei19+2btFmEx50mUNeXPDKVwePYVT3il3ArrT96NdSteogMd+qnweZvRomMJu+v8SWZeumMU/+ytEHXQzwlgiED+hLCnzG2RYo+s4khbEdu7o57sQ==
-----END SIGNATURE-----