Nodejs 加密到 Python jwt 转换
Nodejs crypto to Python jwt convert
我正在与网关集成,他们为我提供了一种机制来创建一些有效载荷的签名,我正在尝试将此 Nodejs 代码转换为 python
这是我们要签名的有效载荷:
actual = {"IntraTransferRqHeader": {"CorporateID": "XXX", "CorpReferenceNumber": "47165454456"},
"IntraTransferRqBody": {"AccountNumber": "05100004061100",
"DebitCurrency": "SAR", "BeneficiaryAccountNumber": "30008776337526",
"TransferAmount": "100.23",
"TransferCurrency": "SAR",
"Description": "Transfer fund to beneficiary", "AMLPurposeCode": "BC"}};
这里是 Nodejs 提供的代码
const cert = fs.readFileSync('/etc/ssl/nginx/snbcsr.key', "utf8");
var privateKey = crypto.createPrivateKey({
'key': cert,
'format': 'pem',
});
var signerObject = crypto.createSign("RSA-SHA256");
signerObject.update(JSON.stringify(actual).trim());
var signature = signerObject.sign({ key: privateKey }, "base64");
这是我制作相同签名的方法
private_key_pem = "/etc/ssl/nginx/snbcsr.key"
with open(private_key_pem, "rb") as key_file:
private_key = serialization.load_pem_private_key(key_file.read(), password=None, backend=default_backend())
signature = jwt.encode(actual, private_key, algorithm="RS256")
我仍然收到签名错误。我不知道 Nodejs,我不知道我在这里做错了什么
您不应将 JWT 与普通签名混淆。
给定 Node.js 代码
const fs = require('fs');
const crypto = require('crypto');
const cert = fs.readFileSync('key.pem', 'utf8');
var privateKey = crypto.createPrivateKey({
'key': cert,
'format': 'pem',
});
const payload = 'foople';
const signerObject = crypto.createSign('RSA-SHA256');
signerObject.update(payload);
const signature = signerObject.sign({key: privateKey}, 'base64');
console.log(signature);
等效的 Python 代码 using the cryptography library's signing primitives 是
import base64
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.asymmetric.padding import PKCS1v15
from cryptography.hazmat.primitives.hashes import SHA256
from cryptography.hazmat.primitives.serialization import load_pem_private_key
bk = default_backend()
with open("./key.pem", "rb") as key_file:
private_key = load_pem_private_key(key_file.read(), password=None, backend=bk)
payload = b'foople'
signature = base64.b64encode(private_key.sign(
payload,
padding=PKCS1v15(),
algorithm=SHA256(),
)).decode()
根据我新生成的模拟 512 位 RSA 密钥
-----BEGIN RSA PRIVATE KEY-----
MIIBPAIBAAJBAMd6HFNMreA1zwFpTA7vGFwSJFFZlKYtgJVsnSW3rc9zsisewUIC
U0MnvNucHeKifhniFOoimUr8hTiZMywEmFMCAwEAAQJBAJKYX+arzICgqr+rxZSY
C/vl7UDHp6G0gPHPP3HvmdGBNLst0mqV8GKbNEr1Myb7vQOjbYDno2OVFNL+jeMI
JYkCIQD2r+1dvpSDrSvelBIyymE1D42dQFviyoY8URCefRzJhQIhAM8B7VbcYNo1
Tm0BLCKIPO1CZKmPsYDb2byk8mtakVX3AiEAiDBF9iwh57Qx9PaAOYQbOGT2xKrk
T4eJpkEG0Mi3nNUCIQC6bdPf3E1ld4iP5vRmjSfBzX92rbCAin8Hw82HHWOydQIg
fLfsV/P5F0LseV5KRPVombYNc/bh4oU467kEEPXDX5w=
-----END RSA PRIVATE KEY-----
两个程序输出
Wvy7cxuaUIpuiadTH2iOm6ayZUNrKY1whZElBIGBWbglEf0yA07wGbhD0qsPTWY7PzMtvuPV2xre+pCQsMwxmw==
我正在与网关集成,他们为我提供了一种机制来创建一些有效载荷的签名,我正在尝试将此 Nodejs 代码转换为 python
这是我们要签名的有效载荷:
actual = {"IntraTransferRqHeader": {"CorporateID": "XXX", "CorpReferenceNumber": "47165454456"},
"IntraTransferRqBody": {"AccountNumber": "05100004061100",
"DebitCurrency": "SAR", "BeneficiaryAccountNumber": "30008776337526",
"TransferAmount": "100.23",
"TransferCurrency": "SAR",
"Description": "Transfer fund to beneficiary", "AMLPurposeCode": "BC"}};
这里是 Nodejs 提供的代码
const cert = fs.readFileSync('/etc/ssl/nginx/snbcsr.key', "utf8");
var privateKey = crypto.createPrivateKey({
'key': cert,
'format': 'pem',
});
var signerObject = crypto.createSign("RSA-SHA256");
signerObject.update(JSON.stringify(actual).trim());
var signature = signerObject.sign({ key: privateKey }, "base64");
这是我制作相同签名的方法
private_key_pem = "/etc/ssl/nginx/snbcsr.key"
with open(private_key_pem, "rb") as key_file:
private_key = serialization.load_pem_private_key(key_file.read(), password=None, backend=default_backend())
signature = jwt.encode(actual, private_key, algorithm="RS256")
我仍然收到签名错误。我不知道 Nodejs,我不知道我在这里做错了什么
您不应将 JWT 与普通签名混淆。
给定 Node.js 代码
const fs = require('fs');
const crypto = require('crypto');
const cert = fs.readFileSync('key.pem', 'utf8');
var privateKey = crypto.createPrivateKey({
'key': cert,
'format': 'pem',
});
const payload = 'foople';
const signerObject = crypto.createSign('RSA-SHA256');
signerObject.update(payload);
const signature = signerObject.sign({key: privateKey}, 'base64');
console.log(signature);
等效的 Python 代码 using the cryptography library's signing primitives 是
import base64
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.asymmetric.padding import PKCS1v15
from cryptography.hazmat.primitives.hashes import SHA256
from cryptography.hazmat.primitives.serialization import load_pem_private_key
bk = default_backend()
with open("./key.pem", "rb") as key_file:
private_key = load_pem_private_key(key_file.read(), password=None, backend=bk)
payload = b'foople'
signature = base64.b64encode(private_key.sign(
payload,
padding=PKCS1v15(),
algorithm=SHA256(),
)).decode()
根据我新生成的模拟 512 位 RSA 密钥
-----BEGIN RSA PRIVATE KEY-----
MIIBPAIBAAJBAMd6HFNMreA1zwFpTA7vGFwSJFFZlKYtgJVsnSW3rc9zsisewUIC
U0MnvNucHeKifhniFOoimUr8hTiZMywEmFMCAwEAAQJBAJKYX+arzICgqr+rxZSY
C/vl7UDHp6G0gPHPP3HvmdGBNLst0mqV8GKbNEr1Myb7vQOjbYDno2OVFNL+jeMI
JYkCIQD2r+1dvpSDrSvelBIyymE1D42dQFviyoY8URCefRzJhQIhAM8B7VbcYNo1
Tm0BLCKIPO1CZKmPsYDb2byk8mtakVX3AiEAiDBF9iwh57Qx9PaAOYQbOGT2xKrk
T4eJpkEG0Mi3nNUCIQC6bdPf3E1ld4iP5vRmjSfBzX92rbCAin8Hw82HHWOydQIg
fLfsV/P5F0LseV5KRPVombYNc/bh4oU467kEEPXDX5w=
-----END RSA PRIVATE KEY-----
两个程序输出
Wvy7cxuaUIpuiadTH2iOm6ayZUNrKY1whZElBIGBWbglEf0yA07wGbhD0qsPTWY7PzMtvuPV2xre+pCQsMwxmw==