尝试使用Python验证SHA1消息签名。我究竟做错了什么?
[英]Trying to verify SHA1 message signature using Python. What am I doing wrong?
问题描述
I'm attempting to verify the SHA1 signature of a message by downloading a certificate from a website and extracting its public key. 
我试图通过从网站下载证书并提取其公钥来验证消息的SHA1签名。 There's a few bits of sample code elsewhere on SO ( here and here ), however I haven't yet figured out what I'm doing wrong. 在SO( 这里和这里 )的其他地方有一些示例代码,但是我还没弄清楚我做错了什么。
import requests
from M2Crypto import BIO, RSA, EVP, X509
def verify_message(cert_url, msg, sig):
cert_text = requests.get(cert_url, verify=True)
cert = X509.load_cert_string(cert_text.content)
pubkey = cert.get_pubkey()
sig = sig.decode('base64')
# Write a few files to disk for debugging purposes
f = open("sig", "wb")
f.write(sig)
f.close()
f = open("msg", "w")
f.write(msg)
f.close()
f = open("mypubkey.pem", "w")
f.write(pubkey.get_rsa().as_pem())
f.close()
pubkey.reset_context(md='sha1')
pubkey.verify_init()
pubkey.verify_update(msg)
assert pubkey.verify_final(sig) == 1
This gives me the following assertion error: 这给了我以下断言错误:
File "/tmp/test.py", line 71, in verify_message
assert pubkey.verify_final(sig) == 1
AssertionError
However, if I use openssl from the command line along with the files generated from the above Python script, it works fine: 但是,如果我从命令行使用openssl以及从上面的Python脚本生成的文件,它可以正常工作:
[jamie@test5 tmp]$ openssl dgst -sha1 -verify mypubkey.pem -signature sig msg
Verified OK
I've hit a brick wall here; 我在这里碰了一堵砖墙; any suggestions would be greatly appreciated. 任何建议将不胜感激。 Thanks! 谢谢!
2 个解决方案
解决方案1
5 已采纳 2013-03-07 09:49:01
你的代码工作正常 - https://gist.github.com/kalloc/5106808我在这里看到其他错误
解决方案2
1 2013-03-12 12:29:52
这段代码在我的最后工作得非常好。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.