我正在尝试复制以下步骤以在 python3 脚本中使用 OpenSSL 对一些数据进行签名。当我从命令行完成工作时,一切正常。当我将其放入脚本时,签名数据无法识别/验证。
如何将签名数据转换为可识别的格式?下面我尝试删除 'b' (表示字节)和单引号以强制通过某些内容,但没有成功。
从命令行执行时,这些步骤工作正常:
创建数据文件
echo -n "This is my data." > data.txt
签署数据文件
openssl dgst -sha256 -sign key.pem -keyform PEM -out signature 数据.txt
对数据文件进行编码
openssl enc -base64 -in signature > sig_base64
*输出:
nTxLMxUTOf5suMOqy9vCHserJ3jzaKPRxGABR1zz3sZsuQHvBD8r9z82wzmvkS7u
ygW4fi6NH9P5znJFaTw3omnZjOL+xWrxvwmK0Lg25a/MNC5xpuY8i12rIsLLZHbu
B4q0G7dj4m3oJNxyhoZjrKPr3V0KssdxuNBlMYdjd3tuhj5MI1cqpRetAcw2nJps
ovC14sPAzTaKHUmMoN+H5t2rVgoeaHhTknhEAlW5FqXMcm/cR/rRru9EoAEe7cmV
rTRiJpCBiKrpHBNPmQJOmF+zrS3tID4XGFV/yUgcU0chlLMoJyv1AdfHdQYzfeGP
EYFuk7NYnjz5kVLoasTS7Q==
#!/usr/local/bin/python3
import cryptography
import base64
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization, hashes
from cryptography.hazmat.primitives.asymmetric import padding
key_file = open("key.pem", "rb")
private_key = serialization.load_pem_private_key(key_file.read(), password = None, backend=default_backend())
data = "This is my data."
dataBytes = bytes(data, encoding='ascii')
signData = private_key.sign(dataBytes,padding.PSS(mgf=padding.MGF1(hashes.SHA256()),salt_length=padding.PSS.MAX_LENGTH),hashes.SHA256())
encodedData = base64.b64encode(signData)
print("-----BEGIN DATA REQUEST-----")
print(data)
print("-----END DATA REQUEST-----")
print("\n")
print("Example 1")
print("-----BEGIN SIGNATURE-----")
print(encodedData)
print("-----END SIGNATURE-----")
print("\n")
print("Example 2")
print("-----BEGIN SIGNATURE-----")
print (encodedData.decode('ascii'))
print("-----END SIGNATURE-----")
print("\n")
print("Example 3")
print("-----BEGIN SIGNATURE-----")
print(str(encodedData).replace("b'","").replace("'",""))
print("-----END SIGNATURE-----")
-----BEGIN DATA REQUEST-----
This is my data.
-----END DATA REQUEST-----
Example 1
-----BEGIN SIGNATURE-----
b'sooabk4NIJwPtTdQvqIpiHxGpc10log56IdSaE9gnwPToYhlIOZBUo5W1Peyfz6lnQojYcG+MGLGtYQNIsHsYJnT6p5cBN3QHf/FIU4SaELTLpmLhEtW3n5a19vbEXi/LBXaUfrCNf1A7TaNh+uM+iMIeNDsgF4GWfJwb+O1jlw1NdUk4hces7CHBYGvk9/sGwntyHYkkOnJpPhy6ZQ2bhVnYS/R2d9Wilptjl7OlDkAb4VB2TXjPPtSzWxMQ+Ch4HF8BdnOGzUo+Yb9lKsP8LnyROMEtEBBaTmh/6xVKwaRi1xqorJS+qWRtivqIN4RPsKz+jlcqg6fCZxi6NW2Qw=='
-----END SIGNATURE-----
Example 2
-----BEGIN SIGNATURE-----
sooabk4NIJwPtTdQvqIpiHxGpc10log56IdSaE9gnwPToYhlIOZBUo5W1Peyfz6lnQojYcG+MGLGtYQNIsHsYJnT6p5cBN3QHf/FIU4SaELTLpmLhEtW3n5a19vbEXi/LBXaUfrCNf1A7TaNh+uM+iMIeNDsgF4GWfJwb+O1jlw1NdUk4hces7CHBYGvk9/sGwntyHYkkOnJpPhy6ZQ2bhVnYS/R2d9Wilptjl7OlDkAb4VB2TXjPPtSzWxMQ+Ch4HF8BdnOGzUo+Yb9lKsP8LnyROMEtEBBaTmh/6xVKwaRi1xqorJS+qWRtivqIN4RPsKz+jlcqg6fCZxi6NW2Qw==
-----END SIGNATURE-----
Example 3
-----BEGIN SIGNATURE-----
sooabk4NIJwPtTdQvqIpiHxGpc10log56IdSaE9gnwPToYhlIOZBUo5W1Peyfz6lnQojYcG+MGLGtYQNIsHsYJnT6p5cBN3QHf/FIU4SaELTLpmLhEtW3n5a19vbEXi/LBXaUfrCNf1A7TaNh+uM+iMIeNDsgF4GWfJwb+O1jlw1NdUk4hces7CHBYGvk9/sGwntyHYkkOnJpPhy6ZQ2bhVnYS/R2d9Wilptjl7OlDkAb4VB2TXjPPtSzWxMQ+Ch4HF8BdnOGzUo+Yb9lKsP8LnyROMEtEBBaTmh/6xVKwaRi1xqorJS+qWRtivqIN4RPsKz+jlcqg6fCZxi6NW2Qw==
-----END SIGNATURE-----
我可以从命令行输出与示例 2 和 3 的脚本输出中看到的唯一区别是来自命令行的签名数据的格式与我的脚本生成的不同(cli 是一个块,而我的代码生成一行)。
我被困住了。无法弄清楚出了什么问题。有什么想法吗?
我使用 OpenSSL 库再次尝试了此操作,并且在示例 3 输出中一切正常(我没有尝试其他):
#!/usr/local/bin/python3
import OpenSSL
from OpenSSL import crypto
import base64
key_file = open("key.pem", "rb")
key = key_file.read()
key_file.close()
pkey = crypto.load_privatekey(crypto.FILETYPE_PEM, key)
data = "This is my data."
dataBytes = bytes(data, encoding='ascii')
signData = OpenSSL.crypto.sign(pkey, dataBytes, "sha256")
encodedData = base64.b64encode(signData)
print("-----BEGIN DATA REQUEST-----")
print(data)
print("-----END DATA REQUEST-----")
print("\n")
print("Example 1")
print("-----BEGIN SIGNATURE-----")
print(encodedData)
print("-----END SIGNATURE-----")
print("\n")
print("Example 2")
print("-----BEGIN SIGNATURE-----")
print (encodedData.decode('ascii'))
print("-----END SIGNATURE-----")
print("\n")
print("Example 3")
print("-----BEGIN SIGNATURE-----")
print(str(encodedData).replace("b'","").replace("'",""))
print("-----END SIGNATURE-----")
-----BEGIN DATA REQUEST-----
This is my data.
-----END DATA REQUEST-----
Example 1
-----BEGIN SIGNATURE-----
b'AOPHhQAQ7QnST30rdaFEMVFJqTDAq886MAe1tigxWrjKwUZYIObeabH3UuYVd7s2N4fT9Z/9fOKSyPiDkB61WcfYIdIJBkCkKX+xHTqBnpZjyFevkdx+P8MjomXI1/hP66Jnk2VK7H/KcW+dxG1/F60d3kRvuLeG6M/1bwVJ3zYC2J6c9216GCwBrCg/WG6rJLweuOQL63pccWYMaxESTM9Br6KpK3fw/12soei19+2btFmEx50mUNeXPDKVwePYVT3il3ArrT96NdSteogMd+qnweZvRomMJu+v8SWZeumMU/+ytEHXQzwlgiED+hLCnzG2RYo+s4khbEdu7o57sQ=='
-----END SIGNATURE-----
Example 2
-----BEGIN SIGNATURE-----
AOPHhQAQ7QnST30rdaFEMVFJqTDAq886MAe1tigxWrjKwUZYIObeabH3UuYVd7s2N4fT9Z/9fOKSyPiDkB61WcfYIdIJBkCkKX+xHTqBnpZjyFevkdx+P8MjomXI1/hP66Jnk2VK7H/KcW+dxG1/F60d3kRvuLeG6M/1bwVJ3zYC2J6c9216GCwBrCg/WG6rJLweuOQL63pccWYMaxESTM9Br6KpK3fw/12soei19+2btFmEx50mUNeXPDKVwePYVT3il3ArrT96NdSteogMd+qnweZvRomMJu+v8SWZeumMU/+ytEHXQzwlgiED+hLCnzG2RYo+s4khbEdu7o57sQ==
-----END SIGNATURE-----
Example 3
-----BEGIN SIGNATURE-----
AOPHhQAQ7QnST30rdaFEMVFJqTDAq886MAe1tigxWrjKwUZYIObeabH3UuYVd7s2N4fT9Z/9fOKSyPiDkB61WcfYIdIJBkCkKX+xHTqBnpZjyFevkdx+P8MjomXI1/hP66Jnk2VK7H/KcW+dxG1/F60d3kRvuLeG6M/1bwVJ3zYC2J6c9216GCwBrCg/WG6rJLweuOQL63pccWYMaxESTM9Br6KpK3fw/12soei19+2btFmEx50mUNeXPDKVwePYVT3il3ArrT96NdSteogMd+qnweZvRomMJu+v8SWZeumMU/+ytEHXQzwlgiED+hLCnzG2RYo+s4khbEdu7o57sQ==
-----END SIGNATURE-----
本文收集自互联网,转载请注明来源。
如有侵权,请联系[email protected] 删除。
我来说两句