使用 crypto++ 验证使用 openssl 生成的数据签名

发布于 2024-10-17 01:21:28 字数 1593 浏览 4 评论 0原文

我有一个服务器，在 python 下运行，使用 m2crypto 签署消息 sha256 摘要我使用 openssl CLI 生成的公共和私有 RSA 密钥。在服务器端一切正常
Python代码：

privateKey = M2Crypto.RSA.load_key(sys.argv[2])
signedDigest = privateKey.sign(digest, 'sha256')

我仔细检查签名是否良好：

pubKey = M2Crypto.RSA.load_pub_key("key.pub.pem")
if pubKey.verify(digest,signedDigest,'sha256')(等等....)

我将签名的sha256摘要存储在文件中并将其与原始消息一起发送给客户端。
在客户端，在 c++ vc6 下运行，我加载签名的 sha256 摘要（作为二进制）以及已签名的消息。现在的目的是验证该消息以及签名的 sha256。我有 cryptopp 作为静态链接，我知道它工作得很好，因为我可以计算 sha256，并与来自 python 的 sha256 进行比较，结果相同。这是代码：

RSA::PublicKey pubKey;
pubKey.Load( FileSource(LicenseControl::pubKeyPath, true));
RSASS PKCS1v15，SHA >::验证者verifier(pubKey);
//shaDigest是新计算的sha256，signatureByte是从服务器接收到的消息的签名
结果= verifier.VerifyMessage（shaDigest，CryptoPP :: SHA256 :: DIGESTSIZE，signatureByte，512）;

编译并运行，但始终返回 false。为了确保签名有效，我直接使用 openssl CLI（而不是通过 m2crypto python 包装器）对其进行了验证：

openssl dgst -sha256 -verify key.pub.pem -signature 签名original_file
已验证正常

这确认签名的 sha256 摘要正确，并且可用于使用公钥成功验证消息。我知道 DER 和 PEM 格式（对于 openssl 使用 PEM，对于 cryptopp 使用 DER）。所以我相信公钥是正确的。现在我的问题是如何使用 cryptopp 库来验证签名？？？我已经看过这个文档，但经过几天的研究，它对我来说仍然看起来像中文。我尝试过类似的事情

RSASS< PSSR, SHA >::验证者verifier(pubKey);

使用 PSSR 在 python 代码中加密，但没有运气...... 我现在考虑仅使用公钥解密签名的 sha256 摘要，并将其与从接收文件计算的新 sha256 摘要进行比较。但即使这么简单，我也没有在文档中找到...... 知道如何正确使用验证器吗？
如何使用公钥解密？如果上一个问题无法解决

原文

I have a server, running under python, signing a message sha256 digest using m2crypto
I use a public and private RSA key generated by openssl CLI. On the server side everythgin is OK
Python code :

privateKey = M2Crypto.RSA.load_key(sys.argv[2])
signedDigest = privateKey.sign(digest, 'sha256')

I double check that signature is good :

pubKey = M2Crypto.RSA.load_pub_key("key.pub.pem")
if pubKey.verify(digest, signedDigest, 'sha256') (etc....)

I store the signed sha256 digest in a file and send it with the original message to the client.
On the client side, running under c++ vc6, I load the signed sha256 digest (as binary), and the message that was signed. The aim is now to verify the message , together with the signed sha256. I have cryptopp as static link, and I know it works fine, because I can compute sha256, and compare with sha256 from python having same result. Here is the code :

RSA::PublicKey pubKey;
pubKey.Load( FileSource(LicenseControl::pubKeyPath, true));
RSASS< PKCS1v15, SHA >::Verifier verifier(pubKey);
//shaDigest is newly computed sha256, signatureByte is the signature of the message received from the server
result = verifier.VerifyMessage( shaDigest, CryptoPP::SHA256::DIGESTSIZE, signatureByte, 512);

This compiles and run, but always return false. To ensure that signature is valid, I have verified it using directly openssl CLI (not through m2crypto python wrapper) :

openssl dgst -sha256 -verify key.pub.pem -signature sign original_file
Verified OK

This confirms that signed sha256 digest is ok, and that it can be used to verify message successfully using the public key. I am aware of DER and PEM format (using PEM for openssl, DER for cryptopp). So I believe the public key is correct.
Now my problem is How to use cryptopp library to verify the signature ???
I have been through the doc, but after days on it, it still looks like chinese to me. I hav tried thing like

RSASS< PSSR, SHA >::Verifier verifier(pubKey);

using PSSR to encrypt in python code, but no luck...
I am now considering to only decrypt with public key the signed sha256 digest and compare it myself to the newly sha256 digest computed from the receive file. But even that simple, I hevn't found in the doc...
Any idea how to use verifier properly ?
How to decrypt using public key ? in case previous question can not be solved

分享到QQ

分享到微博