使用 m2crypto 验证 RSACryptoServiceProvider 消息签名
我收到一条用 .Net RSACryptoServiceProvider 签名的消息,然后将该消息发送到 Python 软件尝试使用 m2crypto(基于 openssl 的库)验证签名。
我有公共证书,它是消息签名所用的私钥对。
在.Net软件发送sing之前,它使用ByteArrayToString将其转换,因为符号是用以下代码生成的:
//Convert plain text into a byte array to sign.
byte[] data = new UTF8Encoding().GetBytes(phrase);
SHA1Managed sha1 = new SHA1Managed();
byte[] hashBytes = sha1.ComputeHash(data);
byte[] sig = csp.SignData(hashBytes, CryptoConfig.MapNameToOID("SHA1"));
所以发送到接收者的签名是
ByteArrayToString(sig)
Python部分是:
def verify(message, signature, cert_path):
msg = hashlib.sha1(message).hexdigest()
certificate = M2Crypto.X509.load_cert(cert_path)
pubkey = certificate.get_pubkey()
pubkey.reset_context(md='sha1')
pubkey.verify_init()
pubkey.verify_update(msg)
sgn = signature.decode('base64')
is_verified = pubkey.verify_final(sgn)
我无法得到验证...我认为可能有Python 部分中的签名编码存在问题,但也许有人可以在这里看到任何其他错误?
当我使用我自己的证书(用 openssl 生成)并从 Python 本身对消息进行签名时,对签名进行编码,发送它,然后解码并验证一切是否正常工作......
我将不胜感激任何评论!
I have got a message signed with .Net RSACryptoServiceProvider, the message is then send to
Python software which tries to verify the sign with m2crypto (openssl-based lib).
I've got public cert that is the pair for the private key the message was signed with.
Before .Net software sends the sing it converts it using ByteArrayToString, because the sign is generated with the following code:
//Convert plain text into a byte array to sign.
byte[] data = new UTF8Encoding().GetBytes(phrase);
SHA1Managed sha1 = new SHA1Managed();
byte[] hashBytes = sha1.ComputeHash(data);
byte[] sig = csp.SignData(hashBytes, CryptoConfig.MapNameToOID("SHA1"));
So the signature sended to the receiver is
ByteArrayToString(sig)
The Python part is:
def verify(message, signature, cert_path):
msg = hashlib.sha1(message).hexdigest()
certificate = M2Crypto.X509.load_cert(cert_path)
pubkey = certificate.get_pubkey()
pubkey.reset_context(md='sha1')
pubkey.verify_init()
pubkey.verify_update(msg)
sgn = signature.decode('base64')
is_verified = pubkey.verify_final(sgn)
And I can not get the verification... I think there might be an issue with signature encoding in the Python part, but maybe someone can see any other bugs here?
When I use my own certificate (generated with openssl) and sign the message from the Python itself, encode the signature, send it, then decode and verify everything is working fine...
I would appreciate any comments!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我无法保证我的答案,因为我从未使用过 m2crypto,但我认为该消息被散列了两次。在
和
MSDN 文档< /a> about
SignData指定:因此,我认为您不应该在生成签名之前对消息进行预哈希处理。
I cannot guarantee my answer since I never used m2crypto but I think that the message is hashed twice. In
and
The MSDN documentation about
SignDataspecifies:Therefore I don't think you should pre-hash the message before producing the signature.