将有效负载及其签名添加到以base64编码的url中，然后对其进行解码

Question

在下面，您将找到我的发送方和接收方代码，它们正在成功签名邮件，并且可以正常工作

问题

如何将字节放入url并将有效负载的值传递给GET请求，并将签名一起编码为base64

encoded_var = b64encode(payload.encode()+signature).decode('ACII')
url = "https://example.com/action?variable="+encoded_var

然后在接收器中验证它们是否已从发送者处签名了var，这是用于交易的演示程序，但我仍然无法获得它！ 任何帮助都感激不尽

import time
import datetime
from Crypto.Signature import PKCS1_v1_5
from Crypto.PublicKey import RSA
from Crypto.Hash import SHA
from base64 import b64encode, b64decode
def sender():
    my_url = 'https://example.com/action?variable='
    payload = datetime.datetime.fromtimestamp(time.time()).strftime('%Y%m%d%H%M%S')
    print(payload)
    with open('mykey.pem', 'rb') as f:
        private_key = RSA.importKey(f.read(), passphrase='')
    print(private_key.can_sign())

    signature = sign(payload.encode(),private_key)

    full_message = b64encode(payload.encode()+signature)
    receiver(full_message)



def receiver(full_message ):
    message_decoded = b64decode(full_message)
    payload = message_decoded[:14].decode()
    #since i know that the lenght of the message is 14
    signature = message_decoded[-128:]
    #and I know that the signature is 128 bytes


    with open("mykey.pub", 'rb') as f:
        public_key = RSA.importKey(f.read(),passphrase='')

    print('VERIF', verify(payload.encode(), signature,public_key))

    return False





def sign(message, priv_key):
    signer = PKCS1_v1_5.new(priv_key)
    digest = SHA.new()
    digest.update(message)
    return signer.sign(digest)



def verify(message, signature, pub_key):
    signer = PKCS1_v1_5.new(pub_key)
    digest = SHA.new()
    digest.update(message)
    return signer.verify(digest, signature)


sender()

Answer 1

PS：我仍然想知道它是否是网址安全的，尽管编码字符串中带有“ /”和“ +”

好吧，在这里发布我的问题的答案：如果我以ASCII解码完整消息，则完整消息以字节为单位

 full_message = b64encode(payload.encode()+signature)
 print(full_message)

返回字节

b'MjAxODExMjgxNjAyMTmsNkL1RwldzchBWFN5hJKr8CZu6sdOtqRloZlmVWnIi7NC6qZrmalls4up8rGdZ2FHGXIvvRtU7M5m + X7A / D48qQRCU9mw9tor9E / TkNvwAmEKmsWaiwTONd78Fgtmu7Ws7qBLBFrnA3wnUM2E + 2HB6RrDe3WrlBWy39A + oRctuw ==”

full_message = b64encode(payload.encode()+signature).decode('ASCII')
print(full_message)

返回可以附加到URL的字符串

MjAxODExMjgxNjAxMzMdxIw7ipGAUSdnQt4mpDOdoVH5uiInkP8MM + cNFC3oapRtytv3k5ecLjB4w / kx8gs73Al + 6T7 / NbXyJbT + F + XYIz7DXSy4Mav2 / AB9 / sGZKU8Ef + Q7Z8 + FJTFn0BaaGFoSyaamLx00gncHtVqPgFjvS3gAmFAdiBTQmoSNI6gmrA ==

然后在receiver

def receiver(full_message ):
    #if I b64decode the whole message and then decode the payload 
    #returns true :)

    message_decoded = b64decode(full_message)
    payload = message_decoded[:14].decode()

    signature = message_decoded[-128:]


    ...