Pycrypto 不一致地无法验证从文件加载的签名
我正在尝试让一个程序对文件的内容进行签名,然后再验证这些内容。不过,第一次验证总是返回真,但一旦数据写入文件后再加载回来,验证通常会失败,有时却又能成功。
即使在代码失败的时候,两个 print signature 和 print hash.hexdigest() 的输出看起来是完全一样的。
我的测试代码是:
from Crypto.Hash import SHA256
from Crypto.PublicKey import RSA
from Crypto.Signature import PKCS1_PSS
def generate():
key_file = open("TestPrivateKey")
private_key = RSA.importKey(key_file)
public_key = private_key.publickey()
seed_file = open("Seed")
plaintext = seed_file.read()
hash = SHA256.new(plaintext)
signer = PKCS1_PSS.new(private_key)
signature = signer.sign(hash)
plaintext_file = open("plaintext", 'w')
plaintext_file.write(plaintext)
signature_file = open("signature", 'w')
signature_file.write(signature)
print signature
print hash.hexdigest()
verifier = PKCS1_PSS.new(public_key)
print verifier.verify(hash, signature)
def verification_test():
plaintext_file = open("plaintext")
signature_file = open("signature", 'rb')
plaintext = plaintext_file.read()
public_key = RSA.importKey(open("TestPublicKey"))
signature = signature_file.read()
print signature
hash = SHA256.new(plaintext)
print hash.hexdigest()
verifier = PKCS1_PSS.new(public_key)
return verifier.verify(hash, signature)
if __name__ == '__main__':
generate()
print verification_test()
有没有人知道我犯了什么错误?在签名写入文件后再读取时,一定发生了什么事情,但我就是搞不清楚是什么。
补充:在运行这个脚本之前,我先运行了初始化函数:
from Crypto.PublicKey import RSA
def create_keys():
private_key = RSA.generate(4096)
file = open("TestPrivateKey", 'w')
file.write(private_key.exportKey())
file = open("TestPublicKey", 'w')
file.write(private_key.publickey().exportKey())
def create_seed():
file = open("Seed", 'w')
file.write("Test")
1 个回答
0
我注意到你的代码有两个问题。
首先,你把一些随意的二进制数据写入了一个以文本模式打开的文件:
signature_file = open("signature", 'w') #bad
signature_file.write(signature)
应该改成:
signature_file = open("signature", 'wb') #good
signature_file.write(signature)
第二,你从来没有关闭你的文件。试试这个:
with open("signature", 'wb') as signature_file:
signature_file.write(signature)
其他打开的文件也要这样处理。
from Crypto.Hash import SHA256
from Crypto.PublicKey import RSA
from Crypto.Signature import PKCS1_PSS
def generate():
with open("TestPrivateKey") as key_file:
private_key = RSA.importKey(key_file)
public_key = private_key.publickey()
with open("Seed") as seed_file:
plaintext = seed_file.read()
hash = SHA256.new(plaintext)
signer = PKCS1_PSS.new(private_key)
signature = signer.sign(hash)
with open("plaintext", 'w') as plaintext_file:
plaintext_file.write(plaintext)
with open("signature", 'wb') as signature_file:
signature_file.write(signature)
#print signature
print hash.hexdigest()
verifier = PKCS1_PSS.new(public_key)
print verifier.verify(hash, signature)
def verification_test():
with open("plaintext") as plaintext_file:
plaintext = plaintext_file.read()
with open("signature", 'rb') as signature_file:
signature = signature_file.read()
with open("TestPublicKey") as public_key_file:
public_key = RSA.importKey(public_key_file)
#print signature
hash = SHA256.new(plaintext)
print hash.hexdigest()
verifier = PKCS1_PSS.new(public_key)
return verifier.verify(hash, signature)
if __name__ == '__main__':
generate()
print verification_test()