M2Crypto RSA.sign与OpenSSL rsautl -sign [英] M2Crypto RSA.sign vs OpenSSL rsautl -sign
问题描述
M2Crypto和OpenSSL CLI似乎没有创建相同的数字签名.这是我在Python中使用的代码:
M2Crypto and OpenSSL CLI doesn't seem to create the same digital signature. Here is the code that I use in Python:
import M2Crypto
rsa = M2Crypto.RSA.load_key("privkey.pem")
open("sig_m2crypto", "w").write(rsa.sign("md5-digest", "md5"))
这是OpenSSL的命令行:
Here is the command line with OpenSSL:
echo "md5-digest" | openssl rsautl -sign -inkey privkey.pem > sig_openssl
使用相同的输入,sig_m2crypto和sig_openssl的结果始终是不同的.重要的是我无法验证使用M2Crypto和OpenSSL生成的签名,反之亦然.
With the same input, the result of sig_m2crypto and sig_openssl are always different. The significance would be I can not verify signatures generated using M2Crypto with OpenSSL and vice versa.
我的代码中是否缺少任何使它们彼此不兼容的东西?
Is there anything missing in my code that makes them not compatible with each other?
其他信息:我正在Windows 7下使用M2Crypto 0.21.1和OpenSSL 1.0.0.
Additional info: I am using M2Crypto 0.21.1 and OpenSSL 1.0.0 under Windows 7.
推荐答案
尝试一下:
echo -n "test" | openssl md5 -sign privkey.pem > sig_openssel
(-n很重要,因此在字符串后不会添加其他换行符)*
(the -n is important so that no additional newline is added after the string)*
在python端:
import M2Crypto
import hashlib
rsa = M2Crypto.RSA.load_key("privkey.pem")
digest = hashlib.new('md5', 'test').digest()
open("sig_m2crypto", "w").write(rsa.sign(digest, "md5"))
现在您的信号应该相同.
Now you sigs should be identical.
要查看签名文件中的内容,可以使用:
To see what's acutally in the signature file, you can use:
openssl rsautl -inkey privkey.pem -verify -in sig_m2crypto -asn1parse
和
openssl rsautl -inkey privkey.pem -verify -in sig_m2crypto -raw -hexdump
正确的签名包含有关所用摘要的信息,如果您仅使用openssl rsautl -sign ...
The correct signature contains information about the used digest, which isn't contained if you just use openssl rsautl -sign ...
* edit:至少在linux上,就像在Windows上一样,我真的不知道是否需要它.
*edit: at least on linux, as you're on windows i don't really know if you need it.
这篇关于M2Crypto RSA.sign与OpenSSL rsautl -sign的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
