在Python中使用SHA256withRSA的数字签名验证失败

时间:2019-01-02 07:24:54

标签: hash cryptography public-key xml-signature rsa-sha256

我正在尝试使用给定的证书文件来验证数字签名,以供离线aadhaar KYC验证应用程序使用。

此说明在验证文档中给出。

下载后的Aadhaar无纸化离线e-KYC具有以下XML:

<OKY v=""n=""r=""i=""d=""e=""m=""g=""a=""s="" />

上述xml的XSD 

<?xml version="1.0" encoding="UTF-8"?>
<xs:schemaxmlns:xs="http: www.w3.org="" 2001="" xmlschema"="" attributeformdefault="unqualified" elementformdefault="qualified" targetnamespace="http://www.uidai.gov.in/offlinePaperlesseKYC/1.0">
<xs:element name="OKY">
<xs:complextype>
<xs:attribute name="v" type="xs:string"/>
<xs:attribute name="n" type="xs:string"/>
<xs:attribute name="i" type="xs:string"/>
<xs:attribute name="d" type="xs:string"/>
<xs:attribute name="e" type="xs:string"/>
<xs:attribute name="m" type="xs:string"/>
<xs:attribute name="g" type="xs:string"/>
<xs:attribute name="a" type="xs:string"/>
<xs:attribute name="r" type="xs:string"/>
<xs:attribute name="s" type="xs:string"/>
</xs:complextype>
</xs:element>
</xs:schema>
  
      

  1. 读取整个XML,并从其中分离s =“ xxxx”标签。

    2.   

  2. 使用基于“ SHA256withRSA”的哈希和加密技术的签名验证算法

    3.   

  3. “ s”标记中存在的签名值,剩余的XML(无“ s”标记)和UIDAI公钥(在此处可用)将被馈送到算法中以验证数字签名。

    4.   

该组织提供的C#代码段示例。 (PS:这也不起作用

using System;
using System.Security.Cryptography.X509Certificates;
using System.Xml;

namespace test
{
class MainClass
{
    public static void Main(string[] args)
    {
        // link -> https://drive.google.com/file/d/1aSv3HJUFf5_42Z-FqpdVHEk5b3VA3T3D/view


        string XMLFilePath = "offlineaadhaar.xml"; //Get the XML file

// link -> https://drive.google.com/file/d/1FW4ciIhZqJuelOcGF2x6VaBCSDO9J-gM/view


string KeyFilePath = "okyc-publickey.cer"; //Get the public key certificate file

        XmlDocument ObjXmlDocument = new XmlDocument();
        ObjXmlDocument.Load(XMLFilePath); //Load the XML
        XmlAttributeCollection SignatureElement = ObjXmlDocument.DocumentElement.Attributes; //Get the all XML attribute
        string SignatureValue = SignatureElement.GetNamedItem("s").InnerXml; // Get Signature value

        SignatureElement.RemoveNamedItem("s");//Remove the signature "s" attribute from XML and get the new XML to validate

        /*----------------Read and parse the public key as string-----------------------*/
        X509Certificate2 ObjX509Certificate2 = new X509Certificate2(KeyFilePath, "public"); //Initialize the public ket certificate file

        Org.BouncyCastle.X509.X509Certificate objX509Certificate;
        Org.BouncyCastle.X509.X509CertificateParser objX509CertificateParser = new Org.BouncyCastle.X509.X509CertificateParser();

        objX509Certificate = objX509CertificateParser.ReadCertificate(ObjX509Certificate2.GetRawCertData());
        /*----------------End-----------------------*/

        /* Init alg */
        Org.BouncyCastle.Crypto.ISigner signer = Org.BouncyCastle.Security.SignerUtilities.GetSigner("SHA256withRSA");

        /* Populate key */
        signer.Init(false, objX509Certificate.GetPublicKey());

        /* Get the signature into bytes */
        var expectedSig = Convert.FromBase64String(SignatureValue);

        /* Get the bytes to be signed from the string */
        var msgBytes = System.Text.Encoding.UTF8.GetBytes(ObjXmlDocument.InnerXml);


        /* Calculate the signature and see if it matches */
        signer.BlockUpdate(msgBytes, 0, msgBytes.Length);
        bool Flag = signer.VerifySignature(expectedSig);            
        if (Flag)
        {
            Console.WriteLine("XML Validate Successfully");
        }
        else
        {
            Console.WriteLine("XML Validation Failed");
        }
    }
}
}

我试图用Python实现,但XML验证失败。我不确定证书文件是否错误或代码中是否有错误。

这是我的Python代码:

import xml
import xml.etree.cElementTree as etree
from xml.etree import ElementTree
import OpenSSL
from cryptography import x509
from cryptography.hazmat.backends import default_backend
from Crypto.PublicKey import RSA
from base64 import b64encode, b64decode
from M2Crypto import BIO, RSA, EVP

xmlDoc = open('adhar.xml', 'r').read()
Tr = etree.XML(xmlDoc)
Tr.keys()
# ['s', 'r', 'a', 'g', 'm', 'e', 'd', 'i', 'n', 'v']

sign = Tr.get('s')
len(sign)
# 344

del Tr.attrib['s']

from M2Crypto import X509

x509 =X509.load_cert('ekyc_public_key.cer')
#x509 =X509.load_cert(cert4)
rsa = x509.get_pubkey().get_rsa()
pubkey = EVP.PKey()
pubkey.assign_rsa(rsa)

xmlstr = etree.tostring(Tr, encoding='utf8', method='xml')
#rstr=str(xmlstr)[45:][:-1]
#rstr = rstr.encode(encoding='utf-8')


# if you need a different digest than the default 'sha1':
pubkey.reset_context(md='sha256')
pubkey.verify_init()

# hashlib.sha256(message_without_sign).digest()
pubkey.verify_update(xmlstr)
if(pubkey.verify_final(b64decode(sign)) != 1):
    print('Digital Signeture not validated')
else: 
    print('Digital Signeture validated')

1 个答案:

答案 0 :(得分:1)

问题中的描述不足以完全指定签名生成/验证。当然需要澄清协议;最好是要求正式的描述。指定XML digsig并非毫无道理;您需要标准化的规范化,字符集等。最后,签名是按字节而不是XML /文本计算的。

"SHA256withRSA"不是签名算法;这是PKCS#1 v1.5签名方案的Java名称(相当糟糕)。

这些不是好兆头;您应该询问该协议是否已由专家验证。

相关问题
最新问题