Python 使用 pycrypto (RSA) 签署和验证数据
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/4232389/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Signing and verifying data using pycrypto (RSA)
提问by Noah McIlraith
I am trying to familiarize myself with the pycrypto module, but the lack of clear documentation makes things difficult.
我试图让自己熟悉 pycrypto 模块,但缺乏清晰的文档使事情变得困难。
To start with, I would like to understand signing and verifying data. Could someone please provide an example for how this would be written?
首先,我想了解签名和验证数据。有人可以提供一个例子来说明这将如何编写吗?
采纳答案by unutbu
This is a fleshed-out version of the example in the documentation:
import Crypto.Hash.MD5 as MD5
import Crypto.PublicKey.RSA as RSA
import Crypto.PublicKey.DSA as DSA
import Crypto.PublicKey.ElGamal as ElGamal
import Crypto.Util.number as CUN
import os
plaintext = 'The rain in Spain falls mainly on the Plain'
# Here is a hash of the message
hash = MD5.new(plaintext).digest()
print(repr(hash))
# '\xb1./J\xa883\x974\xa4\xac\x1e\x1b!\xc8\x11'
for alg in (RSA, DSA, ElGamal):
# Generates a fresh public/private key pair
key = alg.generate(384, os.urandom)
if alg == DSA:
K = CUN.getRandomNumber(128, os.urandom)
elif alg == ElGamal:
K = CUN.getPrime(128, os.urandom)
while CUN.GCD(K, key.p - 1) != 1:
print('K not relatively prime with {n}'.format(n=key.p - 1))
K = CUN.getPrime(128, os.urandom)
# print('GCD({K},{n})=1'.format(K=K,n=key.p-1))
else:
K = ''
# You sign the hash
signature = key.sign(hash, K)
print(len(signature), alg.__name__)
# (1, 'Crypto.PublicKey.RSA')
# (2, 'Crypto.PublicKey.DSA')
# (2, 'Crypto.PublicKey.ElGamal')
# You share pubkey with Friend
pubkey = key.publickey()
# You send message (plaintext) and signature to Friend.
# Friend knows how to compute hash.
# Friend verifies the message came from you this way:
assert pubkey.verify(hash, signature)
# A different hash should not pass the test.
assert not pubkey.verify(hash[:-1], signature)
回答by jeffmax
According to the documentation at:
根据文档:
https://www.dlitz.net/software/pycrypto/api/current/Crypto.PublicKey.RSA._RSAobj-class.html
https://www.dlitz.net/software/pycrypto/api/current/Crypto.PublicKey.RSA._RSAobj-class.html
you should not use Crypto.PublicKey.RSA.sign function from PyCrypto in real code:
您不应在实际代码中使用 PyCrypto 中的 Crypto.PublicKey.RSA.sign 函数:
Attention: this function performs the plain, primitive RSA decryption (textbook). In real applications, you always need to use proper cryptographic padding, and you should not directly sign data with this method. Failure to do so may lead to security vulnerabilities. It is recommended to use modules Crypto.Signature.PKCS1_PSS or Crypto.Signature.PKCS1_v1_5 instead.
注意:此函数执行普通的原始 RSA 解密(教科书)。在实际应用中,您总是需要使用适当的加密填充,并且您不应直接使用此方法对数据进行签名。不这样做可能会导致安全漏洞。建议使用模块 Crypto.Signature.PKCS1_PSS 或 Crypto.Signature.PKCS1_v1_5 代替。
I ended up using the RSA modulethat implements PKCS1_v1_5. The documentation for signingwas pretty straight forward. Others have recommended use M2Crypto.
我最终使用了实现 PKCS1_v1_5的RSA 模块。该用于签名的文件是非常直接的。其他人建议使用 M2Crypto。
回答by Dennis
Below is the helper classI created to perform all necessary RSA functions (encryption, decryption, signing, verifying signature & generating new keys)
下面是我创建的辅助类,用于执行所有必要的 RSA 功能(加密、解密、签名、验证签名和生成新密钥)
rsa.py
rsa.py
from Crypto.PublicKey import RSA
from Crypto.Cipher import PKCS1_OAEP
from Crypto.Signature import PKCS1_v1_5
from Crypto.Hash import SHA512, SHA384, SHA256, SHA, MD5
from Crypto import Random
from base64 import b64encode, b64decode
hash = "SHA-256"
def newkeys(keysize):
random_generator = Random.new().read
key = RSA.generate(keysize, random_generator)
private, public = key, key.publickey()
return public, private
def importKey(externKey):
return RSA.importKey(externKey)
def getpublickey(priv_key):
return priv_key.publickey()
def encrypt(message, pub_key):
#RSA encryption protocol according to PKCS#1 OAEP
cipher = PKCS1_OAEP.new(pub_key)
return cipher.encrypt(message)
def decrypt(ciphertext, priv_key):
#RSA encryption protocol according to PKCS#1 OAEP
cipher = PKCS1_OAEP.new(priv_key)
return cipher.decrypt(ciphertext)
def sign(message, priv_key, hashAlg="SHA-256"):
global hash
hash = hashAlg
signer = PKCS1_v1_5.new(priv_key)
if (hash == "SHA-512"):
digest = SHA512.new()
elif (hash == "SHA-384"):
digest = SHA384.new()
elif (hash == "SHA-256"):
digest = SHA256.new()
elif (hash == "SHA-1"):
digest = SHA.new()
else:
digest = MD5.new()
digest.update(message)
return signer.sign(digest)
def verify(message, signature, pub_key):
signer = PKCS1_v1_5.new(pub_key)
if (hash == "SHA-512"):
digest = SHA512.new()
elif (hash == "SHA-384"):
digest = SHA384.new()
elif (hash == "SHA-256"):
digest = SHA256.new()
elif (hash == "SHA-1"):
digest = SHA.new()
else:
digest = MD5.new()
digest.update(message)
return signer.verify(digest, signature)
Sample Usage
示例用法
import rsa
from base64 import b64encode, b64decode
msg1 = "Hello Tony, I am Jarvis!"
msg2 = "Hello Toni, I am Jarvis!"
keysize = 2048
(public, private) = rsa.newkeys(keysize)
encrypted = b64encode(rsa.encrypt(msg1, public))
decrypted = rsa.decrypt(b64decode(encrypted), private)
signature = b64encode(rsa.sign(msg1, private, "SHA-512"))
verify = rsa.verify(msg1, b64decode(signature), public)
print(private.exportKey('PEM'))
print(public.exportKey('PEM'))
print("Encrypted: " + encrypted)
print("Decrypted: '%s'" % decrypted)
print("Signature: " + signature)
print("Verify: %s" % verify)
rsa.verify(msg2, b64decode(signature), public)
