我试图有一个程序签名,然后稍后验证文件的内容。然而,虽然第一次验证总是返回true,但一旦数据被写入文件然后再次加载,验证通常会失败,但有时会成功。
即使代码失败,两个print signature和print hash.hexdigest()调用的输出在视觉上是相同的。
from Crypto.Hash import SHA256
from Crypto.PublicKey import RSA
from Crypto.Signature import PKCS1_PSS
def generate():
key_file = open("TestPrivateKey")
private_key = RSA.importKey(key_file)
public_key = private_key.publickey()
seed_file = open("Seed")
plaintext = seed_file.read()
hash = SHA256.new(plaintext)
signer = PKCS1_PSS.new(private_key)
signature = signer.sign(hash)
plaintext_file = open("plaintext", 'w')
plaintext_file.write(plaintext)
signature_file = open("signature", 'w')
signature_file.write(signature)
print signature
print hash.hexdigest()
verifier = PKCS1_PSS.new(public_key)
print verifier.verify(hash, signature)
def verification_test():
plaintext_file = open("plaintext")
signature_file = open("signature", 'rb')
plaintext = plaintext_file.read()
public_key = RSA.importKey(open("TestPublicKey"))
signature = signature_file.read()
print signature
hash = SHA256.new(plaintext)
print hash.hexdigest()
verifier = PKCS1_PSS.new(public_key)
return verifier.verify(hash, signature)
if __name__ == '__main__':
generate()
print verification_test()
from Crypto.PublicKey import RSA
def create_keys():
private_key = RSA.generate(4096)
file = open("TestPrivateKey", 'w')
file.write(private_key.exportKey())
file = open("TestPublicKey", 'w')
file.write(private_key.publickey().exportKey())
def create_seed():
file = open("Seed", 'w')
file.write("Test")
我注意到你的代码有两个问题。
首先,将任意二进制数据写入为文本打开的文件:
signature_file = open("signature", 'w') #bad
signature_file.write(signature)
signature_file = open("signature", 'wb') #good
signature_file.write(signature)
第二,你从不关闭你的文件。试试这个:
with open("signature", 'wb') as signature_file:
signature_file.write(signature)
,对于所有其他打开的文件也是如此。
from Crypto.Hash import SHA256
from Crypto.PublicKey import RSA
from Crypto.Signature import PKCS1_PSS
def generate():
with open("TestPrivateKey") as key_file:
private_key = RSA.importKey(key_file)
public_key = private_key.publickey()
with open("Seed") as seed_file:
plaintext = seed_file.read()
hash = SHA256.new(plaintext)
signer = PKCS1_PSS.new(private_key)
signature = signer.sign(hash)
with open("plaintext", 'w') as plaintext_file:
plaintext_file.write(plaintext)
with open("signature", 'wb') as signature_file:
signature_file.write(signature)
#print signature
print hash.hexdigest()
verifier = PKCS1_PSS.new(public_key)
print verifier.verify(hash, signature)
def verification_test():
with open("plaintext") as plaintext_file:
plaintext = plaintext_file.read()
with open("signature", 'rb') as signature_file:
signature = signature_file.read()
with open("TestPublicKey") as public_key_file:
public_key = RSA.importKey(public_key_file)
#print signature
hash = SHA256.new(plaintext)
print hash.hexdigest()
verifier = PKCS1_PSS.new(public_key)
return verifier.verify(hash, signature)
if __name__ == '__main__':
generate()
print verification_test()