M2Crypto:验证DSA签名 [英] M2Crypto: verifying DSA signatures
问题描述
我在使用Python/M2Crypto验证DSA签名时遇到麻烦.使用标准的java.security.Signature类,并使用Sun的加密提供程序和SHA1withDSA算法名称,以Java语言生成签名.
I'm having trouble verifying DSA signatures using Python/M2Crypto. The signatures are generated in Java, using standard java.security.Signature class, with Sun's crypto provider and SHA1withDSA algorithm designation.
这是一些shell输出:
Here's some shell output:
>>> pk
<M2Crypto.DSA.DSA_pub instance at 0x20b6a28>
>>> sig = '302c02141c4bbb218215ebfec57288059ce814dc430d849502144dd0c581bf2213aff79d17eb37c939e120a97bd2'.decode('hex')
>>> data ='0501...9794'.decode('hex')
>>> pk.verify_asn1(sig, data)
------------------------------------------------------------
Traceback (most recent call last):
...
DSAError: wrong tag
签名值在我看来似乎还可以,它看起来像是正确的ASN.1编码的两个整数序列(0x302c表示一个44字节的序列,而0x0214表示一个20字节的整数),这是DSA的标准编码签名.
The signature value seems OK to me, it looks like a proper ASN.1 encoded sequence of two integers (0x302c designates a 44-byte sequence, and 0x0214 designates a 20-byte integer), which is the standard encoding of DSA signatures.
由于甚至都没有记录DSA_pub.verify_asn1方法,所以我也尝试使用记录的DSA_pub.verify方法,但仍然没有雪茄:
Since the DSA_pub.verify_asn1 method isn't even documented, I also tried using the documented DSA_pub.verify method, but still no cigar:
>>> r = sig[4:24]
>>> s = sig[26:]
>>> md = sha1(data).digest()
>>> pk.verify(md, r, s)
------------------------------------------------------------
Traceback (most recent call last):
...
DSAError: encoding error
文档指出所有参数都应为字节字符串",但是verify方法以某种方式设法引发了编码错误. 我还尝试反转r和s,以检查潜在的字节序问题,但这无济于事.
The docs state that all the parameters should be "byte strings", but the verify method somehow manages to raise an encoding error. I also tried reversing r and s, to check for potential endianness problems but that didn't help.
我在做什么错了?
推荐答案
在测试中找到了解决方案: http://svn.osafoundation.org/m2crypto/trunk/tests/test_dsa.py
Found a solution in the tests: http://svn.osafoundation.org/m2crypto/trunk/tests/test_dsa.py
verify_asn1方法应按以下方式使用:
The verify_asn1 method should be used as follows:
>>> pk.verify_asn1(sha1(data).digest(), sig)
这篇关于M2Crypto:验证DSA签名的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
