将有效负载及其签名添加到以base64编码的url中,然后对其进行解码
[英]Add payload and its signature in url base64 encoded and then decode it
问题描述
Below you will find my code of sender and receiver they are signing the message successfully and it works 
在下面,您将找到我的发送方和接收方代码,它们正在成功签名邮件,并且可以正常工作
The Problem 问题
How can I put the bytes into an url and pass the value of the payload into a GET request with the signature together encoded in base64 Something like 如何将字节放入url并将有效负载的值传递给GET请求,并将签名一起编码为base64
encoded_var = b64encode(payload.encode()+signature).decode('ACII')
url = "https://example.com/action?variable="+encoded_var
And then verify them in the receiver that the var is signed from the sender, It is a demo for transactions but I still cant get it! 然后在接收器中验证它们是否已从发送者处签名了var,这是用于交易的演示程序,但我仍然无法获得它! Any help is apreciated 任何帮助都感激不尽
import time
import datetime
from Crypto.Signature import PKCS1_v1_5
from Crypto.PublicKey import RSA
from Crypto.Hash import SHA
from base64 import b64encode, b64decode
def sender():
my_url = 'https://example.com/action?variable='
payload = datetime.datetime.fromtimestamp(time.time()).strftime('%Y%m%d%H%M%S')
print(payload)
with open('mykey.pem', 'rb') as f:
private_key = RSA.importKey(f.read(), passphrase='')
print(private_key.can_sign())
signature = sign(payload.encode(),private_key)
full_message = b64encode(payload.encode()+signature)
receiver(full_message)
def receiver(full_message ):
message_decoded = b64decode(full_message)
payload = message_decoded[:14].decode()
#since i know that the lenght of the message is 14
signature = message_decoded[-128:]
#and I know that the signature is 128 bytes
with open("mykey.pub", 'rb') as f:
public_key = RSA.importKey(f.read(),passphrase='')
print('VERIF', verify(payload.encode(), signature,public_key))
return False
def sign(message, priv_key):
signer = PKCS1_v1_5.new(priv_key)
digest = SHA.new()
digest.update(message)
return signer.sign(digest)
def verify(message, signature, pub_key):
signer = PKCS1_v1_5.new(pub_key)
digest = SHA.new()
digest.update(message)
return signer.verify(digest, signature)
sender()
1 个解决方案
解决方案1
0 已采纳 2018-11-28 14:05:41
PS: I still wonder if it is url safe though with the '/' and '+' in the encoded strings PS:我仍然想知道它是否是网址安全的,尽管编码字符串中带有“ /”和“ +”
Okay Posting the answer for my problem here: So full message is in bytes, if i decode the full message in ASCII 好吧,在这里发布我的问题的答案:如果我以ASCII解码完整消息,则完整消息以字节为单位
full_message = b64encode(payload.encode()+signature)
print(full_message)
returns bytes 返回字节
b'MjAxODExMjgxNjAyMTmsNkL1RwldzchBWFN5hJKr8CZu6sdOtqRloZlmVWnIi7NC6qZrmalls4up8rGdZ2FHGXIvvRtU7M5m+x7a/D48qQRCU9mw9tor9E/TkNvwAmEKmsWaiwTONd78Fgtmu7Ws7qBLBFrnA3wnUM2E+2HB6RrDe3WrlBWy39A+oRctuw=='
full_message = b64encode(payload.encode()+signature).decode('ASCII')
print(full_message)
returns string which can be attached to the url 返回可以附加到URL的字符串
MjAxODExMjgxNjAxMzMdxIw7ipGAUSdnQt4mpDOdoVH5uiInkP8MM+cNFC3oapRtytv3k5ecLjB4w/kx8gs73Al+6T7/NbXyJbT+F+XYIz7DXSy4Mav2/aB9/sGZKU8Ef+Q7Z8+FJTFn0BaaGFoSyaamLx00gncHtVqPgFjvS3gAmFAdiBTQmoSNI6gmrA==
then in the receiver 然后在receiver
def receiver(full_message ):
#if I b64decode the whole message and then decode the payload
#returns true :)
message_decoded = b64decode(full_message)
payload = message_decoded[:14].decode()
signature = message_decoded[-128:]
...
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.