登录 Javascript 并在 Flask 中验证
Sign in Javascript and Verify in Flask
使用现有库在 Javascript 中签名和验证很容易。但是,如果我们想在Javascript中生成一个public-私钥对,签署一个文本,然后在Flask中进行验证,这就很混乱了。我已经知道一些差异,例如 Javascript 端与 python 端的默认散列。但是Flask端验证还是失败
index.html
function send(){
promise = window.crypto.subtle.generateKey(algo,
true, //whether the key is extractable (i.e. can be used in exportKey)
["sign", "verify"] //can be any combination of "sign" and "verify"
);
console.log(promise)
promise.then( (keys) => {
priv = keys.privateKey
pub = keys.publicKey
console.log(pub)
console.log(exportCryptoKey(pub))
const pub_key_export = exportCryptoKey(pub)
return pub_key_export.then( (pub_key) => {
console.log("storing keys in", pub_key)
signature = window.crypto.subtle.sign(algo, priv, enc_msg);
signature.then((sign) => {
sgn = window.btoa(ab2str(sign));
$.post("verify", {"pub": pub_key, "data": ab2str(enc_msg), "signature": sgn}, function(data){
console.log("data", data);
})
})
})
})
}
verify.py
def verifySignature(signature, data, pub_key):
key = RSA.importKey(pub_key)
h = SHA256.new(data.encode("utf-8"))
verifier = PKCS1_v1_5.new(key)
return verifier.verify(h, signature)
btoa(raw_binary_bytes) 会在 js 中将您的 payload 编码为 base64,这样做是为了防止在传输原始字节时出现问题。
你需要用base64.b64decode(encoded_bytes)调用python中的decode方法来获取实际的加密字节,然后你可以解密
使用现有库在 Javascript 中签名和验证很容易。但是,如果我们想在Javascript中生成一个public-私钥对,签署一个文本,然后在Flask中进行验证,这就很混乱了。我已经知道一些差异,例如 Javascript 端与 python 端的默认散列。但是Flask端验证还是失败
index.html
function send(){
promise = window.crypto.subtle.generateKey(algo,
true, //whether the key is extractable (i.e. can be used in exportKey)
["sign", "verify"] //can be any combination of "sign" and "verify"
);
console.log(promise)
promise.then( (keys) => {
priv = keys.privateKey
pub = keys.publicKey
console.log(pub)
console.log(exportCryptoKey(pub))
const pub_key_export = exportCryptoKey(pub)
return pub_key_export.then( (pub_key) => {
console.log("storing keys in", pub_key)
signature = window.crypto.subtle.sign(algo, priv, enc_msg);
signature.then((sign) => {
sgn = window.btoa(ab2str(sign));
$.post("verify", {"pub": pub_key, "data": ab2str(enc_msg), "signature": sgn}, function(data){
console.log("data", data);
})
})
})
})
}
verify.py
def verifySignature(signature, data, pub_key):
key = RSA.importKey(pub_key)
h = SHA256.new(data.encode("utf-8"))
verifier = PKCS1_v1_5.new(key)
return verifier.verify(h, signature)
btoa(raw_binary_bytes) 会在 js 中将您的 payload 编码为 base64,这样做是为了防止在传输原始字节时出现问题。
你需要用base64.b64decode(encoded_bytes)调用python中的decode方法来获取实际的加密字节,然后你可以解密