SwiftyRSA && Python 用于签名验证的密码学

SwiftyRSA && Python's cryptography for signature verification

我正在尝试使用 SwiftyRSA 使用私钥对一段文本进行签名,我成功了。然后将签名发送到持有public密钥的python服务器进行验证。但是我一直收到 InvalidSignature 异常。

我尝试了不同的散列算法、位大小,但仍然是相同的 InvalidSignature 异常。我确定密钥和签名是相关的b/c它们是同时生成的!

我的问题不在于库本身——我认为它们运行正常。我认为这与两个库之间的填充差异有关。密码学正在使用 PSS,而我找不到 SwiftyRSA 使用的 padding/salt。

密钥验证脚本


@app.route('/', methods=['POST'])
def verify():
    record = json.loads(request.data)
    signature = record['sig']
    public_key = record['public_key']
    hash_local_token = record['hash_local_token']
    input_string = record['input_string']


    verification_response = auth.verify_signature(signature=signature, pub_key=public_key, input_string=input_string)
    print(verification_response)
    return jsonify({"Verification": verification_response})


def verify_signature(signature, pub_key, input_string):
    # Load the public key
    # Url Safe Base64 Decoding

    derdata = base64.b64decode(pub_key)
    public_key = load_der_public_key(derdata, default_backend())
    signature_decoded = base64.urlsafe_b64decode(signature)

    # Perform the verification.
    try:
        public_key.verify(
            signature_decoded,
            str.encode(input_string),
            padding.PSS(
                mgf=padding.MGF1(hashes.SHA256()),
                salt_length=padding.PSS.MAX_LENGTH,
            ),
            hashes.SHA256(),
        )
        return "SUCCESS: Signature Verified!"

    except cryptography.exceptions.InvalidSignature as e:
        return 'FAILED: Payload and/or signature files failed verification'

密钥生成脚本

 func moreTesting() {
        
        do {
            let keyPair = try SwiftyRSA.generateRSAKeyPair(sizeInBits: 4096)
            let privateKey = keyPair.privateKey
            let publicKey = keyPair.publicKey
        
            
            let inputString = "test_string"
            let clear = try ClearMessage(string: inputString, using: .utf8)
            let signature = try clear.signed(with: privateKey, digestType: .sha256)
            let base64Signature = signature.base64String
       
            
            let parameters: [String: String] = [
                "sig": base64Signature,
                "input_string": inputString,
                "public_key": try publicKey.base64String()
            ]
            
            AF.request("http://127.0.0.1:5000/", method: .post, parameters: parameters, encoder: JSONParameterEncoder.default).responseJSON { response in
                debugPrint(response)
            }

        }
        
        catch {
            print(Error.self)
        }
        
    }

SwiftyRSA 的签名 API 似乎只使用 PKCS1 而不是 PSS。参见:https://github.com/TakeScoop/SwiftyRSA/blob/master/Source/Signature.swift#L20-L27

因此,要解决此问题,您需要将 Python 侧的填充从 PSS 切换到 PKCS1v15。