将有效负载及其签名添加到以base64编码的url中,然后对其进行解码

时间:2018-11-28 13:43:55

标签: python url rsa signature

在下面,您将找到我的发送方和接收方代码,它们正在对消息成功签名,并且可以正常工作

问题

如何将字节放入url并将有效载荷的值传递给GET请求,并将签名一起编码为base64 

encoded_var = b64encode(payload.encode()+signature).decode('ACII')
url = "https://example.com/action?variable="+encoded_var

然后在接收器中验证它们是否已从发送者处签名了var,这是用于交易的演示程序,但我仍然无法获得它!任何帮助都很重要

import time
import datetime
from Crypto.Signature import PKCS1_v1_5
from Crypto.PublicKey import RSA
from Crypto.Hash import SHA
from base64 import b64encode, b64decode
def sender():
    my_url = 'https://example.com/action?variable='
    payload = datetime.datetime.fromtimestamp(time.time()).strftime('%Y%m%d%H%M%S')
    print(payload)
    with open('mykey.pem', 'rb') as f:
        private_key = RSA.importKey(f.read(), passphrase='')
    print(private_key.can_sign())

    signature = sign(payload.encode(),private_key)

    full_message = b64encode(payload.encode()+signature)
    receiver(full_message)



def receiver(full_message ):
    message_decoded = b64decode(full_message)
    payload = message_decoded[:14].decode()
    #since i know that the lenght of the message is 14
    signature = message_decoded[-128:]
    #and I know that the signature is 128 bytes


    with open("mykey.pub", 'rb') as f:
        public_key = RSA.importKey(f.read(),passphrase='')

    print('VERIF', verify(payload.encode(), signature,public_key))

    return False





def sign(message, priv_key):
    signer = PKCS1_v1_5.new(priv_key)
    digest = SHA.new()
    digest.update(message)
    return signer.sign(digest)



def verify(message, signature, pub_key):
    signer = PKCS1_v1_5.new(pub_key)
    digest = SHA.new()
    digest.update(message)
    return signer.verify(digest, signature)


sender()

1 个答案:

答案 0 :(得分:0)

PS:我仍然想知道它是否是网址安全的,尽管编码字符串中带有'/'和'+'

好的,在这里发布我的问题的答案: 如果我用ASCII解码完整消息,则完整消息以字节为单位

 full_message = b64encode(payload.encode()+signature)
 print(full_message)

返回字节

  

b'MjAxODExMjgxNjAyMTmsNkL1RwldzchBWFN5hJKr8CZu6sdOtqRloZlmVWnIi7NC6qZrmalls4up8rGdZ2FHGXIvvRtU7M5m + X7A / D48qQRCU9mw9tor9E / TkNvwAmEKmsWaiwTONd78Fgtmu7Ws7qBLBFrnA3wnUM2E + 2HB6RrDe3WrlBWy39A + oRctuw =='

full_message = b64encode(payload.encode()+signature).decode('ASCII')
print(full_message)

返回可以附加到网址的字符串

  

MjAxODExMjgxNjAxMzMdxIw7ipGAUSdnQt4mpDOdoVH5uiInkP8MM + cNFC3oapRtytv3k5ecLjB4w / kx8gs73Al + 6T7 / NbXyJbT + F + XYIz7DXSy4Mav2 / AB9 / sGZKU8Ef + Q7Z8 + FJTFn0BaaGFoSyaamLx00gncHtVqPgFjvS3gAmFAdiBTQmoSNI6gmrA ==

然后在receiver 

def receiver(full_message ):
    #if I b64decode the whole message and then decode the payload 
    #returns true :)

    message_decoded = b64decode(full_message)
    payload = message_decoded[:14].decode()

    signature = message_decoded[-128:]


    ...
相关问题
最新问题