为什么创建二维码并用 pyzbar 扫描后此签名与原始签名不同？

发布于 2025-01-17 04:53:40 字数 3008 浏览 3 评论 0原文

我正在生成数字签名（使用 https://pypi.org/project/rsa/ ）并将其保存在 qrcode 上（使用 https://pypi.org/project/qrcode/ ）这样我就可以将它们分发到纸并稍后扫描。但是，扫描到的字节序列与我最初创建的字节序列不同，因此验证失败。

以下代码

from qrcode import make
from io import BytesIO
import rsa
from pyzbar.pyzbar import decode
from PIL import Image

#loading the private key
with open("privkey.pem", "rb") as f:
        private_key = rsa.PrivateKey.load_pkcs1(f.read())

#first, I sign some data and create a qrcode of it
signature_data = bytes("test", "utf-8")
print(signature_data)
signature = rsa.sign(signature_data, private_key, "SHA-512")
barcode_data = signature_data + b"endm" + signature
print(barcode_data)
image = make(barcode_data)
image.save("test.jpeg",format="jpeg")

#Then, I read the image and scan it
scannedimage = Image.open("test.jpeg")
read = decode(scannedimage)[0][0]
print(read)
print(read==barcode_data)

输出

b'test'
b"testendm$.\x02s\xbf%\x11\xda=m\xbe\xd6j\xc8\x8f\x1a\xb3z2D\xb4\xc6\xc0)e\xfa\x908\xac7\xa0Y\xd3C\xb7\xd0\xca\xea\xf5\x9c0\xab\xe7?\xe2\x8e\x15mr\x90lXuQ\x14\x82\xa4\x07\xa6+\x0e\xa4S\xb99~\xae\xbb\x1f\xaa\xe0\x1f\x87\xa0\xa7\x17`\xc3L\x94\xe7ug&\x1dVo\xa0\x17e+\x166W\x87j\xebs\xac\x0eR\x95\x884\t\xba\xfd\xae M@x\xd7\xe7'v\xb0\x07m,l\xc8\x04\x11\xd3q/\xee\xe5\x12\x85\xcd\x82\x99XR\xe6\x9fd\xef\xb6\x11u\xc2\x9eq\x07\x0f\x12\x06Hkl\x98\x1c\x98\x0f\xe0\xad\x16\x08,d\x9bYA\xe5@\x9dy=\xadr\x03\x11I\t\xcc9\xa4\xec\x10\xf3\x04N\xbfEmF\xed8V\xaa\xb0\x84\x81\xc6\xf52\x1d\xeb\xdf\xeb\xd1e\x8a\xd9\xad\x0e\x9bCS_\xc4\x1c|\x86\x0bv\xce\xaff\xe1\xa7\xfeO\xf6\xdc]\x14\xed; \x9aMX}\xe5bme1\xf7\xa0^\xa5\x8f-\x9c\x00\xa5\xd4R\x01J\t"
b"testendm$.\x02s\xc2\xbf%\x11\xc3\x9a=m\xc2\xbe\xc3\x96j\xc3\x88\xc2\x8f\x1a\xc2\xb3z2D\xc2\xb4\xc3\x86\xc3\x80)e\xc3\xba\xc2\x908\xc2\xac7\xc2\xa0Y\xc3\x93C\xc2\xb7\xc3\x90\xc3\x8a\xc3\xaa\xc3\xb5\xc2\x9c0\xc2\xab\xc3\xa7?\xc3\xa2\xc2\x8e\x15mr\xc2\x90lXuQ\x14\xc2\x82\xc2\xa4\x07\xc2\xa6+\x0e\xc2\xa4S\xc2\xb99~\xc2\xae\xc2\xbb\x1f\xc2\xaa\xc3\xa0\x1f\xc2\x87\xc2\xa0\xc2\xa7\x17`\xc3\x83L\xc2\x94\xc3\xa7ug&\x1dVo\xc2\xa0\x17e+\x166W\xc2\x87j\xc3\xabs\xc2\xac\x0eR\xc2\x95\xc2\x884\t\xc2\xba\xc3\xbd\xc2\xae M@x\xc3\x97\xc3\xa7'v\xc2\xb0\x07m,l\xc3\x88\x04\x11\xc3\x93q/\xc3\xae\xc3\xa5\x12\xc2\x85\xc3\x8d\xc2\x82\xc2\x99XR\xc3\xa6\xc2\x9fd\xc3\xaf\xc2\xb6\x11u\xc3\x82\xc2\x9eq\x07\x0f\x12\x06Hkl\xc2\x98\x1c\xc2\x98\x0f\xc3\xa0\xc2\xad\x16\x08,d\xc2\x9bYA\xc3\xa5@\xc2\x9dy=\xc2\xadr\x03\x11I\t\xc3\x8c9\xc2\xa4\xc3\xac\x10\xc3\xb3\x04N\xc2\xbfEmF\xc3\xad8V\xc2\xaa\xc2\xb0\xc2\x84\xc2\x81\xc3\x86\xc3\xb52\x1d\xc3\xab\xc3\x9f\xc3\xab\xc3\x91e\xc2\x8a\xc3\x99\xc2\xad\x0e\xc2\x9bCS_\xc3\x84\x1c|\xc2\x86\x0bv\xc3\x8e\xc2\xaff\xc3\xa1\xc2\xa7\xc3\xbeO\xc3\xb6\xc3\x9c]\x14\xc3\xad; \xc2\x9aMX}\xc3\xa5bme1\xc3\xb7\xc2\xa0^\xc2\xa5\xc2\x8f-\xc2\x9c"
False

为什么两个字节串不同？我使用的一个模块中是否存在我不知道的转换？

原文

I'm generating a digital signature(using https://pypi.org/project/rsa/) and saving it on a qrcode(using https://pypi.org/project/qrcode/) so I can distribute them on paper and scan them later. However, the byte sequence scanned is different from the one i originally created, why the verification fails.

The following code

from qrcode import make
from io import BytesIO
import rsa
from pyzbar.pyzbar import decode
from PIL import Image

#loading the private key
with open("privkey.pem", "rb") as f:
        private_key = rsa.PrivateKey.load_pkcs1(f.read())

#first, I sign some data and create a qrcode of it
signature_data = bytes("test", "utf-8")
print(signature_data)
signature = rsa.sign(signature_data, private_key, "SHA-512")
barcode_data = signature_data + b"endm" + signature
print(barcode_data)
image = make(barcode_data)
image.save("test.jpeg",format="jpeg")

#Then, I read the image and scan it
scannedimage = Image.open("test.jpeg")
read = decode(scannedimage)[0][0]
print(read)
print(read==barcode_data)

outputs

b'test'
b"testendm$.\x02s\xbf%\x11\xda=m\xbe\xd6j\xc8\x8f\x1a\xb3z2D\xb4\xc6\xc0)e\xfa\x908\xac7\xa0Y\xd3C\xb7\xd0\xca\xea\xf5\x9c0\xab\xe7?\xe2\x8e\x15mr\x90lXuQ\x14\x82\xa4\x07\xa6+\x0e\xa4S\xb99~\xae\xbb\x1f\xaa\xe0\x1f\x87\xa0\xa7\x17`\xc3L\x94\xe7ug&\x1dVo\xa0\x17e+\x166W\x87j\xebs\xac\x0eR\x95\x884\t\xba\xfd\xae M@x\xd7\xe7'v\xb0\x07m,l\xc8\x04\x11\xd3q/\xee\xe5\x12\x85\xcd\x82\x99XR\xe6\x9fd\xef\xb6\x11u\xc2\x9eq\x07\x0f\x12\x06Hkl\x98\x1c\x98\x0f\xe0\xad\x16\x08,d\x9bYA\xe5@\x9dy=\xadr\x03\x11I\t\xcc9\xa4\xec\x10\xf3\x04N\xbfEmF\xed8V\xaa\xb0\x84\x81\xc6\xf52\x1d\xeb\xdf\xeb\xd1e\x8a\xd9\xad\x0e\x9bCS_\xc4\x1c|\x86\x0bv\xce\xaff\xe1\xa7\xfeO\xf6\xdc]\x14\xed; \x9aMX}\xe5bme1\xf7\xa0^\xa5\x8f-\x9c\x00\xa5\xd4R\x01J\t"
b"testendm$.\x02s\xc2\xbf%\x11\xc3\x9a=m\xc2\xbe\xc3\x96j\xc3\x88\xc2\x8f\x1a\xc2\xb3z2D\xc2\xb4\xc3\x86\xc3\x80)e\xc3\xba\xc2\x908\xc2\xac7\xc2\xa0Y\xc3\x93C\xc2\xb7\xc3\x90\xc3\x8a\xc3\xaa\xc3\xb5\xc2\x9c0\xc2\xab\xc3\xa7?\xc3\xa2\xc2\x8e\x15mr\xc2\x90lXuQ\x14\xc2\x82\xc2\xa4\x07\xc2\xa6+\x0e\xc2\xa4S\xc2\xb99~\xc2\xae\xc2\xbb\x1f\xc2\xaa\xc3\xa0\x1f\xc2\x87\xc2\xa0\xc2\xa7\x17`\xc3\x83L\xc2\x94\xc3\xa7ug&\x1dVo\xc2\xa0\x17e+\x166W\xc2\x87j\xc3\xabs\xc2\xac\x0eR\xc2\x95\xc2\x884\t\xc2\xba\xc3\xbd\xc2\xae M@x\xc3\x97\xc3\xa7'v\xc2\xb0\x07m,l\xc3\x88\x04\x11\xc3\x93q/\xc3\xae\xc3\xa5\x12\xc2\x85\xc3\x8d\xc2\x82\xc2\x99XR\xc3\xa6\xc2\x9fd\xc3\xaf\xc2\xb6\x11u\xc3\x82\xc2\x9eq\x07\x0f\x12\x06Hkl\xc2\x98\x1c\xc2\x98\x0f\xc3\xa0\xc2\xad\x16\x08,d\xc2\x9bYA\xc3\xa5@\xc2\x9dy=\xc2\xadr\x03\x11I\t\xc3\x8c9\xc2\xa4\xc3\xac\x10\xc3\xb3\x04N\xc2\xbfEmF\xc3\xad8V\xc2\xaa\xc2\xb0\xc2\x84\xc2\x81\xc3\x86\xc3\xb52\x1d\xc3\xab\xc3\x9f\xc3\xab\xc3\x91e\xc2\x8a\xc3\x99\xc2\xad\x0e\xc2\x9bCS_\xc3\x84\x1c|\xc2\x86\x0bv\xc3\x8e\xc2\xaff\xc3\xa1\xc2\xa7\xc3\xbeO\xc3\xb6\xc3\x9c]\x14\xc3\xad; \xc2\x9aMX}\xc3\xa5bme1\xc3\xb7\xc2\xa0^\xc2\xa5\xc2\x8f-\xc2\x9c"
False

Why are the two bytestrings different? Is there a conversion I don't know about in one module I use?

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

方觉久 2025-01-24 04:53:40

我强烈建议您在签名之前对要签名的任何内容进行 Base64 编码。这是数字签名的标准方法，可确保签名数据的一致性。
pyzbar.decode 函数的输出是“已解码”对象的数组，您无法检索其中的正确元素。

下面是更正后的代码：

from qrcode import make
from io import BytesIO
import rsa
from pyzbar.pyzbar import decode
from PIL import Image
from base64 import b64encode, b64decode

#loading the private key
with open("privkey.pem", "rb") as f:
        private_key = rsa.PrivateKey.load_pkcs1(f.read())

#first, I sign some data and create a qrcode of it
signature_data = bytes("test", "utf-8")
# Ideally, you'd want to base64 encode signature_data
print(signature_data)
signature = rsa.sign(signature_data, private_key, "SHA-512")
barcode_data = b64encode(signature_data + b"endm" + signature)
print(barcode_data)
image = make(barcode_data)
image.save("test.jpeg",format="jpeg")

#Then, I read the image and scan it
scannedimage = Image.open("test.jpeg")
read = decode(scannedimage)[0].data
print(read)
print(read==barcode_data)

I would highly recommend that you encode whatever you want to sign in base64 before signing. This is a standard approach for digital signatures, ensuring consistency of the signed data.
The output of the pyzbar.decode function is an array of "Decoded" objects, of which you're not retrieving the correct element.

Below the corrected code:

from qrcode import make
from io import BytesIO
import rsa
from pyzbar.pyzbar import decode
from PIL import Image
from base64 import b64encode, b64decode

#loading the private key
with open("privkey.pem", "rb") as f:
        private_key = rsa.PrivateKey.load_pkcs1(f.read())

#first, I sign some data and create a qrcode of it
signature_data = bytes("test", "utf-8")
# Ideally, you'd want to base64 encode signature_data
print(signature_data)
signature = rsa.sign(signature_data, private_key, "SHA-512")
barcode_data = b64encode(signature_data + b"endm" + signature)
print(barcode_data)
image = make(barcode_data)
image.save("test.jpeg",format="jpeg")

#Then, I read the image and scan it
scannedimage = Image.open("test.jpeg")
read = decode(scannedimage)[0].data
print(read)
print(read==barcode_data)

回复收藏 0 原文

~没有更多了~