我在后端使用 PyNacl 进行数字签名。 我应该在前端使用哪个库？

Question

I have created an API that validates data based on PyNacl at the backend. I am accepting length 64 hexadecimal-encoded sender and recipient account numbers for my simple Crypto API and validating the signature based on PyNacl library. I was wondering what Javascript library to use on my frontend so that the data I send using my React-based, it is coherent to my backend API. I looked at tweetnacl , but am not sure if they have the same working pattern. Can you give me some information about whether or not I can use tweetnacl, or will I have to create a python script that uses PyNacl to generate Signing Keys / Verify Keys, and signs the message?

Thanks.

Answer 1

Update! We have been successful at passing files between TweetLua and PyNaCl, The person writing the Lua side of the code had an "off by one" error (silly? but aren't most of our errors.), Once we got the right pieces in their proper places. it was a snap.

I know the use of Lua instead of JavaScript isn't a perfect match to this question, but I hope that people who find this will get some use all the same. It boils down to: Yes, TweetNaCl and PyNaCl are compatible, just as you'd expect.

Important element in this process:

• TweetNaCl takes the MAC, Nonce, P_key, and K_key as separate arguments when boxing and unboxing.
• PyNaCl does NOT. Capture the sender's P_key, import it, make a box, and then pass the remaining cyphertext through as a unit. PyNaCl will pull out the Nonce and MAC for you.

Lua encryption:

local function main(flag, files, keys)

   local pt = chunkpt(flag, files) # We broke large files down
    
   files.fout_size = companyfilesize(flag, pt)
   files.fout = assert(io.open(flag.outfile, "wb"))
   local current = files.fout:seek()
   files.fout:seek("set", files.fout_size - 1)
   files.fout:write("x")
   files.fout:seek("set", current)
    
   local err

   local ct = {}
   local nonce = {}
   local mac = {}

   local root
   local nonceroot
   local macroot

   local n = #pt
   for i = n, 1, -1 do
      nonce[i] = nacl.randombytes(NONCE_LEN)
      if i == n then
         ct[i], err = nacl.box(pt[i], nonce[i], keys.p_rx, keys.k)
         if err ~= nil then error("boxing error") end

      else
         ct[i], err = nacl.box(pt[i] .. nonce[i + 1] .. mac[i + 1], nonce[i],
         keys.p_rx, keys.k)
         if err ~= nil then error("boxing error") end
      end
      mac[i] = ct[i]:sub(1, MAC_LEN)
      ct[i] = ct[i]:sub(MAC_LEN + 1, -1)
   end

   files.fout:seek("set", 0)

   local header = header_info
   files.fout:write(header)
   files.fout:write(keys.p_tx) 
   files.fout:write(nonce[1])
   files.fout:write(mac[1])
   files.fout:write(ct[1])    

   files.fin:close()
   files.fout:close()

   return 0
end

Python decryption:

    def decrypt_box():
        with open("encrypted_file.companybox", 'rb') as f:
            header = f.read(16) # We use this for internal info
            senderPubKey = f.read(32) 
            cyphertext = f.read()
            f.close()

        # Import the secret key for use in the decryption
        imported_private_key = nacl.public.PrivateKey(BOB_SECRET_KEY)
        # Import the public key we just found in the file
        imported_public_key  = nacl.public.PublicKey(senderPubKey)

        # Make a box with the 2 keys
        plain_box = Box(imported_private_key, imported_public_key)

        # Pass the remaining text (that includes the Nonce and MAC) to decode
        plain = plain_box.decrypt(cyphertext)

        print(plain.decode('utf-8'))

Previous response: So far as I can tell, no, TweetNaCl and PyNaCl are not compatible. My group is attempting to encrypt a file with c# TweetNaCl and decrypt with python, and I always end up with a general nacl.exceptions.CryptoError: An error occurred trying to decrypt the message . If you / someone else figures out a solution, I'd love to hear it!