如何将公用密钥与pyOpenSSL一起使用以验证签名的消息?
[英]How use public key with pyOpenSSL for verify a signed message?
问题描述
I try to use pyOpenSSL for signed a data, I create key pair (private and publique) and certificate. 
我尝试使用pyOpenSSL签名数据,创建密钥对(私有和公开)和证书。
I'm a beginner with this technology, I use OpenSSl, but if you have suggestions for generate a signed message with private and public key in python, I'm take ! 我是使用此技术的初学者,我使用OpenSSl,但是如果您有关于使用python中的私钥和公钥生成签名消息的建议,我接受! I want to use RSA and DSA algorithm for my tests. 我想在测试中使用RSA和DSA算法。
I find m2Crypto , pyCrypto and other. 我发现m2Crypto , pyCrypto和其他。 I do not know what is the best for this. 我不知道什么是最好的。 gnupg for python and pyOpenSSl are more recent visibly. 显然,适用于python和pyOpenSSl gnupg较新。
I used function for signed a message with my private key, and I verify the data. 我使用函数通过私钥对消息签名,然后验证了数据。 But when I see the function for verify the signature, in parameters I need : private key, signature, data and digest type. 但是,当我看到用于验证签名的功能时,需要输入参数:私钥,签名,数据和摘要类型。
I do not know where I am wrong in this code, I find some examples, but I do not understand how this can work because the first parameters for the verify function is a X509 object "certificate is a X509 instance corresponding to the private key which generated the signature." 我不知道我在此代码中的错误之处,找到了一些示例,但我不明白这是如何工作的,因为verify函数的第一个参数是X509对象,“ certificate是对应于私钥的X509实例,生成签名。” and the second is the signature generated with the private key.. 第二个是使用私钥生成的签名。
This code work perfectly with the private key : 此代码与私钥完美配合:
from OpenSSL import crypto
_k = crypto.PKey()
_cert = crypto.X509()
# Create keys
_k.generate_key(crypto.TYPE_RSA, 2048)
# Add argument for create certificate
_cert.gmtime_adj_notBefore(0)
_cert.gmtime_adj_notAfter(0*365*24*60*60) #10 years expiry date
_cert.set_pubkey(_k)
_cert.sign(_k, 'sha256')
# Create key's file
with open("public_key.pem",'w') as f:
f.write(crypto.dump_publickey(crypto.FILETYPE_PEM, _k))
with open("private_key.pem",'w') as f:
f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, _k))
with open("certificate.pem",'w') as f:
f.write(crypto.dump_certificate(crypto.FILETYPE_PEM, _cert))
#-------------------------------------------------------------------------------
# Open key and load in var
with open("private_key.pem",'r') as f:
priv_key = crypto.load_privatekey(crypto.FILETYPE_PEM, f.read())
with open("public_key.pem",'r') as f:
pub_key = crypto.load_publickey(crypto.FILETYPE_PEM, f.read())
with open("certificate.pem",'r') as f:
cert = crypto.load_certificate(crypto.FILETYPE_PEM, f.read())
# sign message 'hello world' with private key and certificate
sign = crypto.sign(priv_key, "hello world", 'sha256')
print crypto.verify(cert, sign, "hello world", 'sha256')
So, my question is, how use the public key for verify the data ? 因此,我的问题是,如何使用公共密钥来验证数据? If Bob give a public key to alice, How it checks the message with this public key ? 如果Bob将公用密钥提供给alice,它将如何使用该公用密钥检查消息?
You have a idea ? 你有主意吗?
Thanks a lot, Romain 非常感谢,罗曼
2 个解决方案
解决方案1
1 已采纳
I found a answer in this post . 我在这篇文章中找到了答案。
from OpenSSL.crypto import load_publickey, FILETYPE_PEM, verify, X509
# ... code ...
x509 = X509()
x509.set_pubkey(pub_key)
# ... code ...
print verify(x509, sign, sha, 'sha256')
I'm wondering.. When I get a message, I use the public key for authenticating the transmitter, but why I have to use the signature to do the verification ? 我想知道。当收到消息时,我使用公用密钥对发送方进行身份验证,但是为什么我必须使用签名来进行验证? To generate the signature, I need the private key .. Is there something I did not understand in the use of the library ? 要生成签名,我需要私钥..在使用库时是否有我不了解的东西?
解决方案2
0
ok I understood my mistake : Cryptography Digital signatures 好的,我理解我的错误: 密码学数字签名
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.