3

我正在尝试对哈希执行致盲和揭盲。

以下: https ://gdata-python-client.googlecode.com/hg/pydocs/gdata.Crypto.PublicKey.RSA.html#RSAobj_c-unblind

我有:

messageHashed = md5.new('MyMessage').digest()
print 'Message MD5:%s' % messageHashed
blindSigned = loadedPublic.blind(messageHashed,123)
print 'Blinded: %s' % blindSigned
blindSigned = loadedPrivate.sign(blindSigned,loadedPrivate.n)
print 'Blinded Signed: %s' % str(blindSigned)

unblind = loadedPrivate.unblind(blindSigned,123)
print '-------------'
print 'Unblinded: %s' % unblind
verify = loadedPrivate.verify(unblind,(loadedPrivate.n,loadedPrivate.d))
print 'Verify: %s' % verify

(我之前已经加载了公钥和私钥,并且工作正常)

现在,我的问题是,当它运行时,我得到这个输出:

M<ssage MD5:?.Z?3??f2??
Blinded: ?YL⽥p??j+Z<I?vxV??{5??
??>[??? ??r?"l
??d?ڸYC????k?U?Q?????C?0?D??*T8?}?P?9~$??'?p??ZR:2? sh͓l??kXvU??d]???$?c聻?b??@?
Blinded Signed: (122872721681409041185513323026772702402844983846953530757782619983060590754290923453963299094289086410649560247540686534912830758097386690290305557644701999751846538319065094741731992734124277081554060855405114566548615303949954231396930615801829673187895538075706631646002356108979884582511973944741160960028L,)
Traceback (most recent call last):
  File "NewClient.py", line 103, in <module>
    unblind = loadedPrivate.unblind(blindSigned,123)
  File "build/bdist.macosx-10.8-intel/egg/Crypto/PublicKey/pubkey.py", line 165, in unblind
  File "build/bdist.macosx-10.8-intel/egg/Crypto/PublicKey/RSA.py", line 247, in _unblind
    object = RSAobj
  File "build/bdist.macosx-10.8-intel/egg/Crypto/PublicKey/_slowmath.py", line 47, in _unblind
OverflowError: cannot fit 'long' into an index-sized integer

即使 unblind 函数记录如下:

unblind(self, M, B)
unblind(M : string|long, B : string|long) : string|long
Unblind message M using blinding factor B.

它似乎不接受它。

谁能指出我正确的方向?我已经在这几个小时了。

4

2 回答 2

3

当我试图复制您的问题时,有两件事很突出:

  • 在我的 Crypto (2.4.1) 版本上,_RSAobj.blind()and_RSAobj.unblind()调用似乎强制类型(即,您需要提供longor stringints 不起作用)。long常数通过在数值的末尾添加 a 来表示(L例如9001L)。
  • _RSAobj.sign()函数返回一个元组。签名在返回值的元素 0 中结束。

所以你的代码看起来像这样:

messageHashed = md5.new('MyMessage').digest()
print 'Message MD5:%s' % messageHashed
blindSigned = loadedPublic.blind(messageHashed,123L)
print 'Blinded: %s' % blindSigned
blindSigned = loadedPrivate.sign(blindSigned,loadedPrivate.n)[0]
print 'Blinded Signed: %s' % str(blindSigned)

unblind = loadedPublic.unblind(blindSigned,123L)
print '-------------'
print 'Unblinded: %s' % unblind
verify = loadedPublic.verify(unblind,(loadedPrivate.n,loadedPrivate.d))
print 'Verify: %s' % verify

这段代码运行,但可能没有做你真正想要做的事情;特别是verify总是会以False.

解盲后得到的是messageHashed使用 p 的有效 RSA 签名,并且_RSAobj.verify(self, M, signature)是正确的函数签名(signature需要是 2 元组,其中第 0 个元素是实际的 RSA 签名)。所以如果你有

verify = loadedPublic.verify(messageHashed, (unblind,))

像宣传的那样工作(即verify最终应该是True)。

于 2013-04-08T01:13:17.417 回答
0

从我的头上看这个,你想提取签名中包含的摘要,以便取出非盲数据。

稍后当我使用机器测试代码时,我会对此进行更好的尝试。

于 2013-04-08T01:08:21.230 回答