0

我有一些用 openssl 生成的密钥:

openssl genpkey -algorithm Ed25519 -out private_key.pem

我想用它们在 Python 中生成 ed25519 签名。我找到了模块ed25519但我看不到将如上生成的 PEM 文件加载到ed25519.SigningKey.

我该怎么做?

4

1 回答 1

-2

https://pypi.org/project/ed25519/建议改用https://github.com/pyca/pynacl

参考:https ://pypi.org/project/ed25519/

不推荐用于新应用:

使用 pynacl 而不是对于新应用程序,我建议您使用 [pynacl ( https://github.com/pyca/pynacl ) 而不是这个存储库。PyNaCl 更大,构建时间更长(它包含完整的 NaCl/libsodium 库,而不仅仅是 ed25519 部分),但它由勤奋和尽责的 PyCA 团队维护得很好,而我已经让这个存储库萎靡不振。PyNaCl 也快 10-20 倍。

要使用 ed25519 创建签名,请参阅https://pynacl.readthedocs.io/en/stable/signing/#example

签名者的观点(SigningKey)

import nacl.encoding
import nacl.signing

# Generate a new random signing key
signing_key = nacl.signing.SigningKey.generate()

# Sign a message with the signing key
signed = signing_key.sign(b"Attack at Dawn")

# Obtain the verify key for a given signing key
verify_key = signing_key.verify_key

# Serialize the verify key to send it to a third party
verify_key_hex = verify_key.encode(encoder=nacl.encoding.HexEncoder)

验证者的观点(VerifyKey)

import nacl.signing

# Create a VerifyKey object from a hex serialized public key
verify_key = nacl.signing.VerifyKey(verify_key_hex,
                                    encoder=nacl.encoding.HexEncoder)

# Check the validity of a message's signature
# The message and the signature can either be passed separately or
# concatenated together.  These are equivalent:
verify_key.verify(signed)
verify_key.verify(signed.message, signed.signature)

# Alter the signed message text
forged = signed[:-1] + bytes([int(signed[-1]) ^ 1])
# Will raise nacl.exceptions.BadSignatureError, since the signature check
# is failing
verify_key.verify(forged)
于 2019-10-07T22:58:54.203 回答