我有一些用openssl生成的密钥:
openssl genpkey -algorithm Ed25519 -out private_key.pem
,我想用它们在Python中生成ed25519签名。我找到了模块ed25519,但是找不到将上述生成的PEM文件加载到ed25519.SigningKey中的方法。
我该怎么办?
答案 0 :(得分:1)
https://pypi.org/project/ed25519/建议改用https://github.com/pyca/pynacl。
参考:https://pypi.org/project/ed25519/
不建议用于新应用程序:
使用pynacl代替对于新应用程序,建议您使用[pynacl (https://github.com/pyca/pynacl),而不是此存储库。氯化钠是 更大,建造时间更长(包含完整的 NaCl / libsodium库,不仅是ed25519部分),而且它是 由勤奋尽责的PyCA团队维护良好, 我已允许该存储库停止运行。 PyNaCl约为10-20 快十倍。
要使用ed25519创建签名,请参见https://pynacl.readthedocs.io/en/stable/signing/#example
签名者的观点(SigningKey)
import nacl.encoding
import nacl.signing
# Generate a new random signing key
signing_key = nacl.signing.SigningKey.generate()
# Sign a message with the signing key
signed = signing_key.sign(b"Attack at Dawn")
# Obtain the verify key for a given signing key
verify_key = signing_key.verify_key
# Serialize the verify key to send it to a third party
verify_key_hex = verify_key.encode(encoder=nacl.encoding.HexEncoder)
验证者的观点(VerifyKey)
import nacl.signing
# Create a VerifyKey object from a hex serialized public key
verify_key = nacl.signing.VerifyKey(verify_key_hex,
encoder=nacl.encoding.HexEncoder)
# Check the validity of a message's signature
# The message and the signature can either be passed separately or
# concatenated together. These are equivalent:
verify_key.verify(signed)
verify_key.verify(signed.message, signed.signature)
# Alter the signed message text
forged = signed[:-1] + bytes([int(signed[-1]) ^ 1])
# Will raise nacl.exceptions.BadSignatureError, since the signature check
# is failing
verify_key.verify(forged)