0

我正在尝试使用 jws.sign 对 JSON 编码对象进行签名,因此尝试了此处给出的示例: https ://python-jose.readthedocs.io/en/latest/jws/index.html

但问题是 jws.sign 在上面示例中给出的算法 HS256 上运行良好,但在算法 RS256 上失败并出现以下错误:

signed = jws.sign({'a': 'b'}, 'secret', algorithm='RS256') Traceback(最近一次调用最后):文件“/usr/local/lib/python3.7/dist-packages /jose/backends/cryptography_backend.py”,第 231 行,在init中 self.prepared_key = load_pem_public_key(key, self.cryptography_backend()) 文件“/usr/local/lib/python3.7/dist-packages/cryptography/hazmat/primitives/serialization/base.py”,第 23 行,在 load_pem_public_key 返回backend.load_pem_public_key(data) 文件“/usr/local/lib/python3.7/dist-packages/cryptography/hazmat/backends/openssl/backend.py”,第 1273 行,在 load_pem_public_key self._handle_key_loading_error() 文件“/usr /local/lib/python3.7/dist-packages/cryptography/hazmat/backends/openssl/backend.py”,第 1526 行,在 _handle_key_loading_error 中引发 ValueError(“无法反序列化密钥数据。”) ValueError:无法反序列化密钥数据.

任何线索都会有所帮助

4

1 回答 1

1

我的情况和你一样,找了好几天,终于明白是什么问题了,想出了下面的解决方法。让我解释。

  1. 不起作用的例子
from jose import jws
signed = jws.sign({'a': 'b'}, 'secret', algorithm='RS256')

输出:

jose.exceptions.JWSError: Could not deserialize key data.

  1. 问题

    用作密钥的“秘密”适用于 HS256 算法,但不适用于RS256算法。

  2. 需要改进

    • 访问 RSA 密钥生成器网站,例如:https ://cryptotools.net/rsagen并生成密钥。(保留网站上的默认设置。)

    • 将私钥和公钥复制到代码中的单独变量中。我们需要公钥来验证。

    • 注意:保留换行符 AFTER-----BEGIN RSA PRIVATE KEY-----和 BEFORE -----END RSA PRIVATE KEY-----它们是必须的,如果您错过了它们,那么您将再次收到反序列化错误。

生成新的 RSA 私钥。

  1. 工作示例
from jose import jws

private_key = '''
-----BEGIN RSA PRIVATE KEY-----
MIICWwIBAAKBgQCUn8GgYNd49UCmHZl0cmbHQucMJEPZQoCzisBZ3D80jlhea6di
dPrPHNhb9JNNOY2W4Ip6AfggbpFeemUhPhD88yz8Y9ntNzH0ztEC6JV5lSyhOKLn
f+pccfXvHwakXXIRpHKoCqIUPDKtiyo6S9zjfihkHkh+jDY7dgvaQJAvkQIDAQAB
AoGAdUiAntPtFbnME4qGH1tr+dC0zWMM27TcJVLYKdFhW1L9Lz2a8FpJ1gj4P9CI
MUe6kRaOkGtfaBB4zOqfRZVaB13OMSn3JnXeP4VpzFpFYKJCeKfrnbiIFMqzarfg
Kk8FSVHxSs3pZQtLhmUxx1CfjOUgIj0UKhfnhyLmh4zc80ECQQDUglcCfssFioVe
PSWOoi6LXwGxky2StoiUg/AH6RDtDZDhJi5pHgwtPWJkqvKTmoJvgp8A7Qvn8eCl
5A2xuN3JAkEAswpiamr8gme09Z9f5dbTd62fKMq+n5eVa/C9Uqt1FGTCOcjELp6z
z4km7rgz7DNS1R0E3q2Y8c5SRvPbNokHiQJAaKeD2Cu/Kgxs39s3KsY+K87vE5eK
wwz3uEQ9qneiKUwcBHV8N7JfhswLL85sRjq6b9YhHiCfU2vwGWJ1SAfl2QJAA40t
Lpc4sw2DlWu350M/ppwXECQVa+0B1cZMuxsTk3f8MlE9Mv+K6Y766rlUrlbGSdvt
gM1Iv2MsVqP3sTk+oQJABkHcGx+31fcKJoWgx+yjMuN2eo13hQD/Ie4hUXnM6nF2
vzqiaNCgAA4udqFRVGjqa5Lb8rdbALFzja2fuSH4eQ==
-----END RSA PRIVATE KEY-----
'''
signed = jws.sign({'name': 'Jai Seeta Ram'}, private_key, algorithm='RS256')

print("Output 1:", signed)

public_key = '''
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCUn8GgYNd49UCmHZl0cmbHQucM
JEPZQoCzisBZ3D80jlhea6didPrPHNhb9JNNOY2W4Ip6AfggbpFeemUhPhD88yz8
Y9ntNzH0ztEC6JV5lSyhOKLnf+pccfXvHwakXXIRpHKoCqIUPDKtiyo6S9zjfihk
Hkh+jDY7dgvaQJAvkQIDAQAB
-----END PUBLIC KEY-----
'''
print("Output 2: ", jws.verify(signed, public_key, algorithms='RS256'))

输出:

Output 1: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoiSmFpIFNlZXRhIFJhbSJ9.aEEq-ZBA88DL96XO5rLunRUIhd3zCtb1r0ItPnP1d2yKFJ4agkykzYvHVvHa1muKUPwi9HEbxvKf4GXHtl2VF_xOJPJUsRfTGYbMwsrZ1KomdDmdEtiqEa-59spXAGMUCpFXNED7pChnHeNGEaxiOXqa_N7zqIf1NEV75ku_83w
Output 2:  b'{"name":"Jai Seeta Ram"}'
于 2021-11-02T07:42:20.140 回答