Question

我正在尝试编写程序符号，然后验证文件的内容。但是，第一次验证将始终返回true，一旦将数据写入文件然后再次加载，验证通常会失败，但有时会成功。

即使代码失败，两个print signature和print hash.hexdigest()调用的输出在视觉上也是相同的。

我的测试代码是：

from Crypto.Hash import SHA256
from Crypto.PublicKey import RSA
from Crypto.Signature import PKCS1_PSS
def generate():
    key_file = open("TestPrivateKey")
    private_key = RSA.importKey(key_file)
    public_key = private_key.publickey()

    seed_file = open("Seed")

    plaintext = seed_file.read()

    hash = SHA256.new(plaintext)
    signer = PKCS1_PSS.new(private_key)
    signature =  signer.sign(hash)

    plaintext_file = open("plaintext", 'w')
    plaintext_file.write(plaintext)
    signature_file = open("signature", 'w')
    signature_file.write(signature)
    print signature
    print hash.hexdigest()

    verifier = PKCS1_PSS.new(public_key)

    print verifier.verify(hash, signature)

def verification_test():
    plaintext_file = open("plaintext")
    signature_file = open("signature", 'rb')

    plaintext = plaintext_file.read()
    public_key = RSA.importKey(open("TestPublicKey"))
    signature = signature_file.read()
    print signature

    hash = SHA256.new(plaintext)
    print hash.hexdigest()

    verifier = PKCS1_PSS.new(public_key)
    return verifier.verify(hash, signature)


if __name__ == '__main__':
    generate()
    print verification_test()

有谁知道我犯了什么错误？当签名被写入文件然后重新读回时，必定会发生一些事情，但我无法弄清楚它是什么。

编辑：在运行此脚本之前，我运行初始化函数：

from Crypto.PublicKey import RSA

def create_keys():
    private_key = RSA.generate(4096)
    file = open("TestPrivateKey", 'w')
    file.write(private_key.exportKey())
    file = open("TestPublicKey", 'w')
    file.write(private_key.publickey().exportKey())

def create_seed():
    file = open("Seed", 'w')
    file.write("Test")

Answer 1

我发现你的代码存在两个问题。

首先，您将任意二进制数据写入为文本打开的文件：

signature_file = open("signature", 'w')  #bad
signature_file.write(signature)

应该是：

signature_file = open("signature", 'wb')  #good
signature_file.write(signature)

其次，您永远不会关闭您的文件。试试这个：

with open("signature", 'wb') as signature_file:
    signature_file.write(signature)

和所有其他打开的文件类似。

from Crypto.Hash import SHA256
from Crypto.PublicKey import RSA
from Crypto.Signature import PKCS1_PSS
def generate():
    with open("TestPrivateKey") as key_file:
        private_key = RSA.importKey(key_file)
    public_key = private_key.publickey()

    with open("Seed") as seed_file:
        plaintext = seed_file.read()

    hash = SHA256.new(plaintext)
    signer = PKCS1_PSS.new(private_key)
    signature =  signer.sign(hash)

    with open("plaintext", 'w') as plaintext_file:
        plaintext_file.write(plaintext)
    with open("signature", 'wb') as signature_file:
        signature_file.write(signature)
    #print signature
    print hash.hexdigest()

    verifier = PKCS1_PSS.new(public_key)

    print verifier.verify(hash, signature)

def verification_test():
    with open("plaintext") as plaintext_file:
        plaintext = plaintext_file.read()
    with open("signature", 'rb') as signature_file:
        signature = signature_file.read()

    with open("TestPublicKey") as public_key_file:
        public_key = RSA.importKey(public_key_file)
    #print signature

    hash = SHA256.new(plaintext)
    print hash.hexdigest()

    verifier = PKCS1_PSS.new(public_key)
    return verifier.verify(hash, signature)


if __name__ == '__main__':
    generate()
    print verification_test()

Pycrypto无法有效地验证从文件加载的签名

1 个答案: