Nodejs 加密到 Python jwt 转换
[英]Nodejs crypto to Python jwt convert
问题描述
I'm doing an integration with a gateway and they provided me with a mechanism to create signature of some payload and I'm trying to convert this Nodejs code into python
我正在与网关进行集成,他们为我提供了一种创建某些有效负载签名的机制,我正在尝试将此 Nodejs 代码转换为 python
here is the payload we want to sign:这是我们要签名的有效载荷:
actual = {"IntraTransferRqHeader": {"CorporateID": "XXX", "CorpReferenceNumber": "47165454456"},
"IntraTransferRqBody": {"AccountNumber": "05100004061100",
"DebitCurrency": "SAR", "BeneficiaryAccountNumber": "30008776337526",
"TransferAmount": "100.23",
"TransferCurrency": "SAR",
"Description": "Transfer fund to beneficiary", "AMLPurposeCode": "BC"}};
and here is the Nodejs provided code这是Nodejs提供的代码
const cert = fs.readFileSync('/etc/ssl/nginx/snbcsr.key', "utf8");
var privateKey = crypto.createPrivateKey({
'key': cert,
'format': 'pem',
});
var signerObject = crypto.createSign("RSA-SHA256");
signerObject.update(JSON.stringify(actual).trim());
var signature = signerObject.sign({ key: privateKey }, "base64");
and here is what i did to make the same signature这是我为制作相同的签名所做的
private_key_pem = "/etc/ssl/nginx/snbcsr.key"
with open(private_key_pem, "rb") as key_file:
private_key = serialization.load_pem_private_key(key_file.read(), password=None, backend=default_backend())
signature = jwt.encode(actual, private_key, algorithm="RS256")
and i still get signature error.我仍然收到签名错误。 I don't know Nodejs and i don't know what am i doing wrong here我不知道Nodejs,我不知道我在这里做错了什么
1 个解决方案
解决方案1
0 2022-01-19 12:51:03
You shouldn't confuse JWT with plain signing.您不应将 JWT 与普通签名混淆。
Given the Node.js code给定 Node.js 代码
const fs = require('fs');
const crypto = require('crypto');
const cert = fs.readFileSync('key.pem', 'utf8');
var privateKey = crypto.createPrivateKey({
'key': cert,
'format': 'pem',
});
const payload = 'foople';
const signerObject = crypto.createSign('RSA-SHA256');
signerObject.update(payload);
const signature = signerObject.sign({key: privateKey}, 'base64');
console.log(signature);
the equivalent Python code, using the cryptography library's signing primitives , is 使用cryptography库的签名原语的等效 Python 代码是
import base64
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.asymmetric.padding import PKCS1v15
from cryptography.hazmat.primitives.hashes import SHA256
from cryptography.hazmat.primitives.serialization import load_pem_private_key
bk = default_backend()
with open("./key.pem", "rb") as key_file:
private_key = load_pem_private_key(key_file.read(), password=None, backend=bk)
payload = b'foople'
signature = base64.b64encode(private_key.sign(
payload,
padding=PKCS1v15(),
algorithm=SHA256(),
)).decode()
Given my freshly-generated mock 512-bit RSA key鉴于我新生成的模拟 512 位 RSA 密钥
-----BEGIN RSA PRIVATE KEY-----
MIIBPAIBAAJBAMd6HFNMreA1zwFpTA7vGFwSJFFZlKYtgJVsnSW3rc9zsisewUIC
U0MnvNucHeKifhniFOoimUr8hTiZMywEmFMCAwEAAQJBAJKYX+arzICgqr+rxZSY
C/vl7UDHp6G0gPHPP3HvmdGBNLst0mqV8GKbNEr1Myb7vQOjbYDno2OVFNL+jeMI
JYkCIQD2r+1dvpSDrSvelBIyymE1D42dQFviyoY8URCefRzJhQIhAM8B7VbcYNo1
Tm0BLCKIPO1CZKmPsYDb2byk8mtakVX3AiEAiDBF9iwh57Qx9PaAOYQbOGT2xKrk
T4eJpkEG0Mi3nNUCIQC6bdPf3E1ld4iP5vRmjSfBzX92rbCAin8Hw82HHWOydQIg
fLfsV/P5F0LseV5KRPVombYNc/bh4oU467kEEPXDX5w=
-----END RSA PRIVATE KEY-----
both programs output两个程序 output
Wvy7cxuaUIpuiadTH2iOm6ayZUNrKY1whZElBIGBWbglEf0yA07wGbhD0qsPTWY7PzMtvuPV2xre+pCQsMwxmw==
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.