0

我正在尝试复制以下步骤以在 python3 脚本中使用 OpenSSL 对一些数据进行签名。当我从命令行完成工作时,一切正常。当我将其放入脚本中时,无法识别/验证签名数据。

如何将签名数据转换为可识别的格式?下面我尝试删除'b'(用于字节)和单引号以强制通过,但没有运气。

从命令行执行时,这些步骤可以正常工作:

命令行:

  1. 创建数据文件

    echo -n "This is my data." > data.txt

  2. 签署数据文件

    openssl dgst -sha256 -sign key.pem -keyform PEM -out signature数据.txt

  3. 编码数据文件

    openssl enc -base64 -in signature > sig_base64

*输出:

nTxLMxUTOf5suMOqy9vCHserJ3jzaKPRxGABR1zz3sZsuQHvBD8r9z82wzmvkS7u
ygW4fi6NH9P5znJFaTw3omnZjOL+xWrxvwmK0Lg25a/MNC5xpuY8i12rIsLLZHbu
B4q0G7dj4m3oJNxyhoZjrKPr3V0KssdxuNBlMYdjd3tuhj5MI1cqpRetAcw2nJps
ovC14sPAzTaKHUmMoN+H5t2rVgoeaHhTknhEAlW5FqXMcm/cR/rRru9EoAEe7cmV
rTRiJpCBiKrpHBNPmQJOmF+zrS3tID4XGFV/yUgcU0chlLMoJyv1AdfHdQYzfeGP
EYFuk7NYnjz5kVLoasTS7Q==

我的剧本

#!/usr/local/bin/python3
import cryptography
import base64
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization, hashes
from cryptography.hazmat.primitives.asymmetric import padding

key_file = open("key.pem", "rb")

private_key = serialization.load_pem_private_key(key_file.read(), password = None, backend=default_backend())

data = "This is my data."
dataBytes = bytes(data, encoding='ascii')

signData = private_key.sign(dataBytes,padding.PSS(mgf=padding.MGF1(hashes.SHA256()),salt_length=padding.PSS.MAX_LENGTH),hashes.SHA256())

encodedData = base64.b64encode(signData)

print("-----BEGIN DATA REQUEST-----")
print(data)
print("-----END DATA REQUEST-----")
print("\n")
print("Example 1")
print("-----BEGIN SIGNATURE-----")
print(encodedData)
print("-----END SIGNATURE-----")
print("\n")
print("Example 2")
print("-----BEGIN SIGNATURE-----")
print (encodedData.decode('ascii'))
print("-----END SIGNATURE-----")
print("\n")
print("Example 3")
print("-----BEGIN SIGNATURE-----")
print(str(encodedData).replace("b'","").replace("'",""))
print("-----END SIGNATURE-----")

我的脚本输出

-----BEGIN DATA REQUEST-----
This is my data.
-----END DATA REQUEST-----


Example 1
-----BEGIN SIGNATURE-----
b'sooabk4NIJwPtTdQvqIpiHxGpc10log56IdSaE9gnwPToYhlIOZBUo5W1Peyfz6lnQojYcG+MGLGtYQNIsHsYJnT6p5cBN3QHf/FIU4SaELTLpmLhEtW3n5a19vbEXi/LBXaUfrCNf1A7TaNh+uM+iMIeNDsgF4GWfJwb+O1jlw1NdUk4hces7CHBYGvk9/sGwntyHYkkOnJpPhy6ZQ2bhVnYS/R2d9Wilptjl7OlDkAb4VB2TXjPPtSzWxMQ+Ch4HF8BdnOGzUo+Yb9lKsP8LnyROMEtEBBaTmh/6xVKwaRi1xqorJS+qWRtivqIN4RPsKz+jlcqg6fCZxi6NW2Qw=='
-----END SIGNATURE-----


Example 2
-----BEGIN SIGNATURE-----
sooabk4NIJwPtTdQvqIpiHxGpc10log56IdSaE9gnwPToYhlIOZBUo5W1Peyfz6lnQojYcG+MGLGtYQNIsHsYJnT6p5cBN3QHf/FIU4SaELTLpmLhEtW3n5a19vbEXi/LBXaUfrCNf1A7TaNh+uM+iMIeNDsgF4GWfJwb+O1jlw1NdUk4hces7CHBYGvk9/sGwntyHYkkOnJpPhy6ZQ2bhVnYS/R2d9Wilptjl7OlDkAb4VB2TXjPPtSzWxMQ+Ch4HF8BdnOGzUo+Yb9lKsP8LnyROMEtEBBaTmh/6xVKwaRi1xqorJS+qWRtivqIN4RPsKz+jlcqg6fCZxi6NW2Qw==
-----END SIGNATURE-----


Example 3
-----BEGIN SIGNATURE-----
sooabk4NIJwPtTdQvqIpiHxGpc10log56IdSaE9gnwPToYhlIOZBUo5W1Peyfz6lnQojYcG+MGLGtYQNIsHsYJnT6p5cBN3QHf/FIU4SaELTLpmLhEtW3n5a19vbEXi/LBXaUfrCNf1A7TaNh+uM+iMIeNDsgF4GWfJwb+O1jlw1NdUk4hces7CHBYGvk9/sGwntyHYkkOnJpPhy6ZQ2bhVnYS/R2d9Wilptjl7OlDkAb4VB2TXjPPtSzWxMQ+Ch4HF8BdnOGzUo+Yb9lKsP8LnyROMEtEBBaTmh/6xVKwaRi1xqorJS+qWRtivqIN4RPsKz+jlcqg6fCZxi6NW2Qw==
-----END SIGNATURE-----

我可以从命令行输出与脚本输出的示例 2 和 3 中看到的唯一区别是命令行中签名数据的格式与我的脚本生成的不同(cli 是一个块,而我的代码产生一行)。

我被困住了。无法弄清楚出了什么问题。有什么想法吗?

4

1 回答 1

0

我使用 OpenSSL 库再次尝试了此操作,并且在示例 3 输出中一切正常(我没有尝试其他输出):

脚本

#!/usr/local/bin/python3
import OpenSSL
from OpenSSL import crypto
import base64


key_file = open("key.pem", "rb")
key = key_file.read()
key_file.close()

pkey = crypto.load_privatekey(crypto.FILETYPE_PEM, key)

data = "This is my data."
dataBytes = bytes(data, encoding='ascii')

signData = OpenSSL.crypto.sign(pkey, dataBytes, "sha256")

encodedData = base64.b64encode(signData)

print("-----BEGIN DATA REQUEST-----")
print(data)
print("-----END DATA REQUEST-----")
print("\n")
print("Example 1")
print("-----BEGIN SIGNATURE-----")
print(encodedData)
print("-----END SIGNATURE-----")
print("\n")
print("Example 2")
print("-----BEGIN SIGNATURE-----")
print (encodedData.decode('ascii'))
print("-----END SIGNATURE-----")
print("\n")
print("Example 3")
print("-----BEGIN SIGNATURE-----")
print(str(encodedData).replace("b'","").replace("'",""))
print("-----END SIGNATURE-----")

输出

-----BEGIN DATA REQUEST-----
This is my data.
-----END DATA REQUEST-----


Example 1
-----BEGIN SIGNATURE-----
b'AOPHhQAQ7QnST30rdaFEMVFJqTDAq886MAe1tigxWrjKwUZYIObeabH3UuYVd7s2N4fT9Z/9fOKSyPiDkB61WcfYIdIJBkCkKX+xHTqBnpZjyFevkdx+P8MjomXI1/hP66Jnk2VK7H/KcW+dxG1/F60d3kRvuLeG6M/1bwVJ3zYC2J6c9216GCwBrCg/WG6rJLweuOQL63pccWYMaxESTM9Br6KpK3fw/12soei19+2btFmEx50mUNeXPDKVwePYVT3il3ArrT96NdSteogMd+qnweZvRomMJu+v8SWZeumMU/+ytEHXQzwlgiED+hLCnzG2RYo+s4khbEdu7o57sQ=='
-----END SIGNATURE-----


Example 2
-----BEGIN SIGNATURE-----
AOPHhQAQ7QnST30rdaFEMVFJqTDAq886MAe1tigxWrjKwUZYIObeabH3UuYVd7s2N4fT9Z/9fOKSyPiDkB61WcfYIdIJBkCkKX+xHTqBnpZjyFevkdx+P8MjomXI1/hP66Jnk2VK7H/KcW+dxG1/F60d3kRvuLeG6M/1bwVJ3zYC2J6c9216GCwBrCg/WG6rJLweuOQL63pccWYMaxESTM9Br6KpK3fw/12soei19+2btFmEx50mUNeXPDKVwePYVT3il3ArrT96NdSteogMd+qnweZvRomMJu+v8SWZeumMU/+ytEHXQzwlgiED+hLCnzG2RYo+s4khbEdu7o57sQ==
-----END SIGNATURE-----


Example 3
-----BEGIN SIGNATURE-----
AOPHhQAQ7QnST30rdaFEMVFJqTDAq886MAe1tigxWrjKwUZYIObeabH3UuYVd7s2N4fT9Z/9fOKSyPiDkB61WcfYIdIJBkCkKX+xHTqBnpZjyFevkdx+P8MjomXI1/hP66Jnk2VK7H/KcW+dxG1/F60d3kRvuLeG6M/1bwVJ3zYC2J6c9216GCwBrCg/WG6rJLweuOQL63pccWYMaxESTM9Br6KpK3fw/12soei19+2btFmEx50mUNeXPDKVwePYVT3il3ArrT96NdSteogMd+qnweZvRomMJu+v8SWZeumMU/+ytEHXQzwlgiED+hLCnzG2RYo+s4khbEdu7o57sQ==
-----END SIGNATURE-----
于 2018-10-04T20:36:37.783 回答