SwiftyRSA && Python 用于签名验证的密码学
SwiftyRSA && Python's cryptography for signature verification
我正在尝试使用 SwiftyRSA 使用私钥对一段文本进行签名,我成功了。然后将签名发送到持有public密钥的python服务器进行验证。但是我一直收到 InvalidSignature
异常。
我尝试了不同的散列算法、位大小,但仍然是相同的 InvalidSignature
异常。我确定密钥和签名是相关的b/c它们是同时生成的!
我的问题不在于库本身——我认为它们运行正常。我认为这与两个库之间的填充差异有关。密码学正在使用 PSS,而我找不到 SwiftyRSA 使用的 padding/salt。
密钥验证脚本
@app.route('/', methods=['POST'])
def verify():
record = json.loads(request.data)
signature = record['sig']
public_key = record['public_key']
hash_local_token = record['hash_local_token']
input_string = record['input_string']
verification_response = auth.verify_signature(signature=signature, pub_key=public_key, input_string=input_string)
print(verification_response)
return jsonify({"Verification": verification_response})
def verify_signature(signature, pub_key, input_string):
# Load the public key
# Url Safe Base64 Decoding
derdata = base64.b64decode(pub_key)
public_key = load_der_public_key(derdata, default_backend())
signature_decoded = base64.urlsafe_b64decode(signature)
# Perform the verification.
try:
public_key.verify(
signature_decoded,
str.encode(input_string),
padding.PSS(
mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH,
),
hashes.SHA256(),
)
return "SUCCESS: Signature Verified!"
except cryptography.exceptions.InvalidSignature as e:
return 'FAILED: Payload and/or signature files failed verification'
密钥生成脚本
func moreTesting() {
do {
let keyPair = try SwiftyRSA.generateRSAKeyPair(sizeInBits: 4096)
let privateKey = keyPair.privateKey
let publicKey = keyPair.publicKey
let inputString = "test_string"
let clear = try ClearMessage(string: inputString, using: .utf8)
let signature = try clear.signed(with: privateKey, digestType: .sha256)
let base64Signature = signature.base64String
let parameters: [String: String] = [
"sig": base64Signature,
"input_string": inputString,
"public_key": try publicKey.base64String()
]
AF.request("http://127.0.0.1:5000/", method: .post, parameters: parameters, encoder: JSONParameterEncoder.default).responseJSON { response in
debugPrint(response)
}
}
catch {
print(Error.self)
}
}
SwiftyRSA 的签名 API 似乎只使用 PKCS1 而不是 PSS。参见:https://github.com/TakeScoop/SwiftyRSA/blob/master/Source/Signature.swift#L20-L27
因此,要解决此问题,您需要将 Python 侧的填充从 PSS 切换到 PKCS1v15。
我正在尝试使用 SwiftyRSA 使用私钥对一段文本进行签名,我成功了。然后将签名发送到持有public密钥的python服务器进行验证。但是我一直收到 InvalidSignature
异常。
我尝试了不同的散列算法、位大小,但仍然是相同的 InvalidSignature
异常。我确定密钥和签名是相关的b/c它们是同时生成的!
我的问题不在于库本身——我认为它们运行正常。我认为这与两个库之间的填充差异有关。密码学正在使用 PSS,而我找不到 SwiftyRSA 使用的 padding/salt。
密钥验证脚本
@app.route('/', methods=['POST'])
def verify():
record = json.loads(request.data)
signature = record['sig']
public_key = record['public_key']
hash_local_token = record['hash_local_token']
input_string = record['input_string']
verification_response = auth.verify_signature(signature=signature, pub_key=public_key, input_string=input_string)
print(verification_response)
return jsonify({"Verification": verification_response})
def verify_signature(signature, pub_key, input_string):
# Load the public key
# Url Safe Base64 Decoding
derdata = base64.b64decode(pub_key)
public_key = load_der_public_key(derdata, default_backend())
signature_decoded = base64.urlsafe_b64decode(signature)
# Perform the verification.
try:
public_key.verify(
signature_decoded,
str.encode(input_string),
padding.PSS(
mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH,
),
hashes.SHA256(),
)
return "SUCCESS: Signature Verified!"
except cryptography.exceptions.InvalidSignature as e:
return 'FAILED: Payload and/or signature files failed verification'
密钥生成脚本
func moreTesting() {
do {
let keyPair = try SwiftyRSA.generateRSAKeyPair(sizeInBits: 4096)
let privateKey = keyPair.privateKey
let publicKey = keyPair.publicKey
let inputString = "test_string"
let clear = try ClearMessage(string: inputString, using: .utf8)
let signature = try clear.signed(with: privateKey, digestType: .sha256)
let base64Signature = signature.base64String
let parameters: [String: String] = [
"sig": base64Signature,
"input_string": inputString,
"public_key": try publicKey.base64String()
]
AF.request("http://127.0.0.1:5000/", method: .post, parameters: parameters, encoder: JSONParameterEncoder.default).responseJSON { response in
debugPrint(response)
}
}
catch {
print(Error.self)
}
}
SwiftyRSA 的签名 API 似乎只使用 PKCS1 而不是 PSS。参见:https://github.com/TakeScoop/SwiftyRSA/blob/master/Source/Signature.swift#L20-L27
因此,要解决此问题,您需要将 Python 侧的填充从 PSS 切换到 PKCS1v15。