使用 M2Crypto 从 xml 数据文件生成公钥进行签名验证
我有 xml 格式的 pub 密钥:
<RSAKeyValue><Modulus>xF9y25EXh8n99sXtU/JAsYTwML6PB7gSCE8tWw8Www2KBfDqohQBL8FMs8jzsDQa7WwoEmiVJ1resEC9YXJGbwQyWgb9qgooC9oSnCB/TkRdBybwby0DKuZOzq+609OBGkwWpgnS4QVCBc6eW+10l3qE3/2hKdcSV+08iRYp7zs=</Modulus><Exponent>AQAB</Exponent></RSAKeyValue>
所以我尝试这样的操作:
from M2Crypto import RSA
from xml.dom.minidom import parseString
import base64
dom = parseString(pubKey)
e = base64.b64decode(dom.getElementsByTagName('Exponent')[0].childNodes[0].data)
n = base64.b64decode(dom.getElementsByTagName('Modulus')[0].childNodes[0].data)
rsa = RSA.new_pub_key((e, n))
遇到错误:
...
rsa = RSA.new_pub_key((e, n))
File "/usr/lib/pymodules/python2.6/M2Crypto/RSA.py", line 390, in new_pub_key
m2.rsa_set_e(rsa, e)
M2Crypto.RSA.RSAError: invalid length
有什么想法吗?
I have pub key in xml format:
<RSAKeyValue><Modulus>xF9y25EXh8n99sXtU/JAsYTwML6PB7gSCE8tWw8Www2KBfDqohQBL8FMs8jzsDQa7WwoEmiVJ1resEC9YXJGbwQyWgb9qgooC9oSnCB/TkRdBybwby0DKuZOzq+609OBGkwWpgnS4QVCBc6eW+10l3qE3/2hKdcSV+08iRYp7zs=</Modulus><Exponent>AQAB</Exponent></RSAKeyValue>
So i try thms like this:
from M2Crypto import RSA
from xml.dom.minidom import parseString
import base64
dom = parseString(pubKey)
e = base64.b64decode(dom.getElementsByTagName('Exponent')[0].childNodes[0].data)
n = base64.b64decode(dom.getElementsByTagName('Modulus')[0].childNodes[0].data)
rsa = RSA.new_pub_key((e, n))
Got error:
...
rsa = RSA.new_pub_key((e, n))
File "/usr/lib/pymodules/python2.6/M2Crypto/RSA.py", line 390, in new_pub_key
m2.rsa_set_e(rsa, e)
M2Crypto.RSA.RSAError: invalid length
Any ideas?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
RSA.new_pub_key 文档指出
e和n需要采用 OpenSSL MPINT 格式(4 字节大端位数,后跟适当的位数)。看来至少你的e不是那种格式。如果您查看 test_rsa.py,您可以看到评论也就是说:看来您的
e只是 '\001\000\001'。如果我们在其前面添加“\000\000\000\003”,您的示例应用程序会进一步前进,但随后会尝试设置n失败。我还没有研究如何创建有效的 OpenSSL MPINT 值,因此这不是您问题的完整答案。The RSA.new_pub_key documentation states that
eandnneed to be in OpenSSL MPINT format (4-byte big-endian bit-count followed by the appropriate number of bits). It seems like at least youreis not in that format. If you take a look at test_rsa.py, you can see comments that say:It seems your
eis just '\001\000\001'. If we prepend the '\000\000\000\003' to it, your sample app gets a bit further along, but then fails trying to setn. I haven't looked into how to create valid OpenSSL MPINT values, so this isn't a complete answer to your question.我阅读了M2Crypto源码,发现有
m2PyObject。将十六进制更改为 mpi
完成!
I read M2Crypto source,find have
m2PyObject.change hex to mpi
done!
我知道这是一个古老的问题,但它仍然在该主题的搜索中出现率很高,所以我添加了我的两分钱。我的 PyVEP 项目正是需要此功能,您可以找到我在这里编写的函数: https://github.com/mozilla/PyVEP/blob/master/vep/jwt.py#L242
I know this is an ancient question, but it still shows up highly in searches on this topic so I'm adding my two cents. I needed exactly this functionality for the PyVEP project and you can find the function I wrote here: https://github.com/mozilla/PyVEP/blob/master/vep/jwt.py#L242