The flow of creating digital signatures and verification in Python

0437

This flow demonstrates how to create and verify a digital signature using the cryptography library in Python. This process ensures the authenticity and integrity of the message, confirming that it was signed by the holder of the private key and has not been altered.
There are main 3 steps.

  1. Generate Key Pair:

    • Private Key: Created using RSA, with a public exponent of 65537 and a key size of 2048 bits.
    • Public Key: Derived from the private key.
    • Storage: Both keys are saved to files in PEM format.

  2. Sign the Message:

    • Message: The data to be signed.
    • Hash Function: SHA-256 is used to hash the message.
    • Padding: PSS (Probabilistic Signature Scheme) with MGF1 (Mask Generation Function) and a maximum salt length is used for padding.
    • Signature: The message is signed using the private key, and the signature is saved to a file.

  3. Verify the Signature:

    • Public Key: Loaded from the PEM file.
    • Signature: Loaded from the file.
    • Message: The original message that was signed.
    • Verification: The public key, along with the message and the signature, is used to verify the authenticity of the signature. If the signature is valid, it means the message was signed by the corresponding private key.

Step 1: Install the Required Library

First, ensure you have the cryptography library installed. You can install it using pip: 

pip <span>install </span>cryptography
pip <span>install </span>cryptography
pip install cryptography

Enter fullscreen mode Exit fullscreen mode

Step 2: Generate a Key Pair

A key pair consists of a private key (used for signing) and a public key (used for verification). 

<span>from</span> <span>cryptography.hazmat.primitives.asymmetric</span> <span>import</span> <span>rsa</span>
<span>from</span> <span>cryptography.hazmat.primitives</span> <span>import</span> <span>serialization</span>
<span># Generate private key </span><span>private_key</span> <span>=</span> <span>rsa</span><span>.</span><span>generate_private_key</span><span>(</span>
    <span>public_exponent</span><span>=</span><span>65537</span><span>,</span>
    <span>key_size</span><span>=</span><span>2048</span><span>,</span>
<span>)</span>
<span># Generate public key from the private key </span><span>public_key</span> <span>=</span> <span>private_key</span><span>.</span><span>public_key</span><span>()</span>
<span># Save the private key to a file </span><span>with</span> <span>open</span><span>(</span><span>"</span><span>private_key.pem</span><span>"</span><span>,</span> <span>"</span><span>wb</span><span>"</span><span>)</span> <span>as</span> <span>f</span><span>:</span>
    <span>f</span><span>.</span><span>write</span><span>(</span><span>private_key</span><span>.</span><span>private_bytes</span><span>(</span>
        <span>encoding</span><span>=</span><span>serialization</span><span>.</span><span>Encoding</span><span>.</span><span>PEM</span><span>,</span>
        <span>format</span><span>=</span><span>serialization</span><span>.</span><span>PrivateFormat</span><span>.</span><span>PKCS8</span><span>,</span>
        <span>encryption_algorithm</span><span>=</span><span>serialization</span><span>.</span><span>NoEncryption</span><span>()</span>
    <span>))</span>
<span># Save the public key to a file </span><span>with</span> <span>open</span><span>(</span><span>"</span><span>public_key.pem</span><span>"</span><span>,</span> <span>"</span><span>wb</span><span>"</span><span>)</span> <span>as</span> <span>f</span><span>:</span>
    <span>f</span><span>.</span><span>write</span><span>(</span><span>public_key</span><span>.</span><span>public_bytes</span><span>(</span>
        <span>encoding</span><span>=</span><span>serialization</span><span>.</span><span>Encoding</span><span>.</span><span>PEM</span><span>,</span>
        <span>format</span><span>=</span><span>serialization</span><span>.</span><span>PublicFormat</span><span>.</span><span>SubjectPublicKeyInfo</span>
    <span>))</span>
<span>from</span> <span>cryptography.hazmat.primitives.asymmetric</span> <span>import</span> <span>rsa</span>
<span>from</span> <span>cryptography.hazmat.primitives</span> <span>import</span> <span>serialization</span>

<span># Generate private key </span><span>private_key</span> <span>=</span> <span>rsa</span><span>.</span><span>generate_private_key</span><span>(</span>
    <span>public_exponent</span><span>=</span><span>65537</span><span>,</span>
    <span>key_size</span><span>=</span><span>2048</span><span>,</span>
<span>)</span>

<span># Generate public key from the private key </span><span>public_key</span> <span>=</span> <span>private_key</span><span>.</span><span>public_key</span><span>()</span>

<span># Save the private key to a file </span><span>with</span> <span>open</span><span>(</span><span>"</span><span>private_key.pem</span><span>"</span><span>,</span> <span>"</span><span>wb</span><span>"</span><span>)</span> <span>as</span> <span>f</span><span>:</span>
    <span>f</span><span>.</span><span>write</span><span>(</span><span>private_key</span><span>.</span><span>private_bytes</span><span>(</span>
        <span>encoding</span><span>=</span><span>serialization</span><span>.</span><span>Encoding</span><span>.</span><span>PEM</span><span>,</span>
        <span>format</span><span>=</span><span>serialization</span><span>.</span><span>PrivateFormat</span><span>.</span><span>PKCS8</span><span>,</span>
        <span>encryption_algorithm</span><span>=</span><span>serialization</span><span>.</span><span>NoEncryption</span><span>()</span>
    <span>))</span>

<span># Save the public key to a file </span><span>with</span> <span>open</span><span>(</span><span>"</span><span>public_key.pem</span><span>"</span><span>,</span> <span>"</span><span>wb</span><span>"</span><span>)</span> <span>as</span> <span>f</span><span>:</span>
    <span>f</span><span>.</span><span>write</span><span>(</span><span>public_key</span><span>.</span><span>public_bytes</span><span>(</span>
        <span>encoding</span><span>=</span><span>serialization</span><span>.</span><span>Encoding</span><span>.</span><span>PEM</span><span>,</span>
        <span>format</span><span>=</span><span>serialization</span><span>.</span><span>PublicFormat</span><span>.</span><span>SubjectPublicKeyInfo</span>
    <span>))</span>
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives import serialization

# Generate private key private_key = rsa.generate_private_key(
    public_exponent=65537,
    key_size=2048,
)

# Generate public key from the private key public_key = private_key.public_key()

# Save the private key to a file with open("private_key.pem", "wb") as f:
    f.write(private_key.private_bytes(
        encoding=serialization.Encoding.PEM,
        format=serialization.PrivateFormat.PKCS8,
        encryption_algorithm=serialization.NoEncryption()
    ))

# Save the public key to a file with open("public_key.pem", "wb") as f:
    f.write(public_key.public_bytes(
        encoding=serialization.Encoding.PEM,
        format=serialization.PublicFormat.SubjectPublicKeyInfo
    ))

Enter fullscreen mode Exit fullscreen mode

Step 3: Sign a Message

To create a digital signature, you’ll use the private key to sign a message. 

<span>from</span> <span>cryptography.hazmat.primitives</span> <span>import</span> <span>hashes</span>
<span>from</span> <span>cryptography.hazmat.primitives.asymmetric</span> <span>import</span> <span>padding</span>
<span># Message to be signed </span><span>message</span> <span>=</span> <span>b</span><span>"</span><span>Hello, this is a secret message!</span><span>"</span>
<span># Sign the message </span><span>signature</span> <span>=</span> <span>private_key</span><span>.</span><span>sign</span><span>(</span>
    <span>message</span><span>,</span>
    <span>padding</span><span>.</span><span>PSS</span><span>(</span>
        <span>mgf</span><span>=</span><span>padding</span><span>.</span><span>MGF1</span><span>(</span><span>hashes</span><span>.</span><span>SHA256</span><span>()),</span>
        <span>salt_length</span><span>=</span><span>padding</span><span>.</span><span>PSS</span><span>.</span><span>MAX_LENGTH</span>
    <span>),</span>
    <span>hashes</span><span>.</span><span>SHA256</span><span>()</span>
<span>)</span>
<span># Save the signature to a file </span><span>with</span> <span>open</span><span>(</span><span>"</span><span>signature.bin</span><span>"</span><span>,</span> <span>"</span><span>wb</span><span>"</span><span>)</span> <span>as</span> <span>f</span><span>:</span>
    <span>f</span><span>.</span><span>write</span><span>(</span><span>signature</span><span>)</span>
<span>from</span> <span>cryptography.hazmat.primitives</span> <span>import</span> <span>hashes</span>
<span>from</span> <span>cryptography.hazmat.primitives.asymmetric</span> <span>import</span> <span>padding</span>

<span># Message to be signed </span><span>message</span> <span>=</span> <span>b</span><span>"</span><span>Hello, this is a secret message!</span><span>"</span>

<span># Sign the message </span><span>signature</span> <span>=</span> <span>private_key</span><span>.</span><span>sign</span><span>(</span>
    <span>message</span><span>,</span>
    <span>padding</span><span>.</span><span>PSS</span><span>(</span>
        <span>mgf</span><span>=</span><span>padding</span><span>.</span><span>MGF1</span><span>(</span><span>hashes</span><span>.</span><span>SHA256</span><span>()),</span>
        <span>salt_length</span><span>=</span><span>padding</span><span>.</span><span>PSS</span><span>.</span><span>MAX_LENGTH</span>
    <span>),</span>
    <span>hashes</span><span>.</span><span>SHA256</span><span>()</span>
<span>)</span>

<span># Save the signature to a file </span><span>with</span> <span>open</span><span>(</span><span>"</span><span>signature.bin</span><span>"</span><span>,</span> <span>"</span><span>wb</span><span>"</span><span>)</span> <span>as</span> <span>f</span><span>:</span>
    <span>f</span><span>.</span><span>write</span><span>(</span><span>signature</span><span>)</span>
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import padding

# Message to be signed message = b"Hello, this is a secret message!"

# Sign the message signature = private_key.sign(
    message,
    padding.PSS(
        mgf=padding.MGF1(hashes.SHA256()),
        salt_length=padding.PSS.MAX_LENGTH
    ),
    hashes.SHA256()
)

# Save the signature to a file with open("signature.bin", "wb") as f:
    f.write(signature)

Enter fullscreen mode Exit fullscreen mode

Step 4: Verify the Signature

To verify the signature, use the public key to check if it matches the message. 

<span># Load the public key </span><span>with</span> <span>open</span><span>(</span><span>"</span><span>public_key.pem</span><span>"</span><span>,</span> <span>"</span><span>rb</span><span>"</span><span>)</span> <span>as</span> <span>f</span><span>:</span>
    <span>public_key</span> <span>=</span> <span>serialization</span><span>.</span><span>load_pem_public_key</span><span>(</span><span>f</span><span>.</span><span>read</span><span>())</span>
<span># Load the signature </span><span>with</span> <span>open</span><span>(</span><span>"</span><span>signature.bin</span><span>"</span><span>,</span> <span>"</span><span>rb</span><span>"</span><span>)</span> <span>as</span> <span>f</span><span>:</span>
    <span>signature</span> <span>=</span> <span>f</span><span>.</span><span>read</span><span>()</span>
<span># Message to be verified </span><span>message</span> <span>=</span> <span>b</span><span>"</span><span>Hello, this is a secret message!</span><span>"</span>
<span># Verify the signature </span><span>try</span><span>:</span>
    <span>public_key</span><span>.</span><span>verify</span><span>(</span>
        <span>signature</span><span>,</span>
        <span>message</span><span>,</span>
        <span>padding</span><span>.</span><span>PSS</span><span>(</span>
            <span>mgf</span><span>=</span><span>padding</span><span>.</span><span>MGF1</span><span>(</span><span>hashes</span><span>.</span><span>SHA256</span><span>()),</span>
            <span>salt_length</span><span>=</span><span>padding</span><span>.</span><span>PSS</span><span>.</span><span>MAX_LENGTH</span>
        <span>),</span>
        <span>hashes</span><span>.</span><span>SHA256</span><span>()</span>
    <span>)</span>
    <span>print</span><span>(</span><span>"</span><span>The signature is valid.</span><span>"</span><span>)</span>
<span>except</span><span>:</span>
    <span>print</span><span>(</span><span>"</span><span>The signature is invalid.</span><span>"</span><span>)</span>
<span># Load the public key </span><span>with</span> <span>open</span><span>(</span><span>"</span><span>public_key.pem</span><span>"</span><span>,</span> <span>"</span><span>rb</span><span>"</span><span>)</span> <span>as</span> <span>f</span><span>:</span>
    <span>public_key</span> <span>=</span> <span>serialization</span><span>.</span><span>load_pem_public_key</span><span>(</span><span>f</span><span>.</span><span>read</span><span>())</span>

<span># Load the signature </span><span>with</span> <span>open</span><span>(</span><span>"</span><span>signature.bin</span><span>"</span><span>,</span> <span>"</span><span>rb</span><span>"</span><span>)</span> <span>as</span> <span>f</span><span>:</span>
    <span>signature</span> <span>=</span> <span>f</span><span>.</span><span>read</span><span>()</span>

<span># Message to be verified </span><span>message</span> <span>=</span> <span>b</span><span>"</span><span>Hello, this is a secret message!</span><span>"</span>

<span># Verify the signature </span><span>try</span><span>:</span>
    <span>public_key</span><span>.</span><span>verify</span><span>(</span>
        <span>signature</span><span>,</span>
        <span>message</span><span>,</span>
        <span>padding</span><span>.</span><span>PSS</span><span>(</span>
            <span>mgf</span><span>=</span><span>padding</span><span>.</span><span>MGF1</span><span>(</span><span>hashes</span><span>.</span><span>SHA256</span><span>()),</span>
            <span>salt_length</span><span>=</span><span>padding</span><span>.</span><span>PSS</span><span>.</span><span>MAX_LENGTH</span>
        <span>),</span>
        <span>hashes</span><span>.</span><span>SHA256</span><span>()</span>
    <span>)</span>
    <span>print</span><span>(</span><span>"</span><span>The signature is valid.</span><span>"</span><span>)</span>
<span>except</span><span>:</span>
    <span>print</span><span>(</span><span>"</span><span>The signature is invalid.</span><span>"</span><span>)</span>
# Load the public key with open("public_key.pem", "rb") as f:
    public_key = serialization.load_pem_public_key(f.read())

# Load the signature with open("signature.bin", "rb") as f:
    signature = f.read()

# Message to be verified message = b"Hello, this is a secret message!"

# Verify the signature try:
    public_key.verify(
        signature,
        message,
        padding.PSS(
            mgf=padding.MGF1(hashes.SHA256()),
            salt_length=padding.PSS.MAX_LENGTH
        ),
        hashes.SHA256()
    )
    print("The signature is valid.")
except:
    print("The signature is invalid.")

Enter fullscreen mode Exit fullscreen mode

原文链接:The flow of creating digital signatures and verification in Python

展开阅读全文
© 版权声明
文章版权声明 1、本网站名称:拾光赋
2、本站永久网址:https://www.blogs.ink
3、本网站的文章部分内容可能来源于网络,仅供大家学习与参考,如有侵权,请联系站长QQ:805375623进行删除处理。
4、本站一切资源不代表本站立场,并不代表本站赞同其观点和对其真实性负责。
5、本站一律禁止以任何方式发布或转载任何违法的相关信息,访客发现请向站长举报
6、本站资源大多存储在云盘,如发现链接失效,请联系我们我们会第一时间更新。

THE END
Python(EN)
# python# certification
喜欢就支持一下吧
点赞7 分享
I am the luckiest person in the world.
我是世界上最幸运的人
评论 抢沙发

请登录后发表评论

    暂无评论内容

文章目录
kity的头像-拾光赋
文章目录
今日剩余 25.7%
本周剩余 46.5%
本月剩余 44.2%
本年剩余 70.8%
最近评论
杀人蜂的头像-拾光赋

杀人蜂3天前0

我很好奇这个网站能提供什么
Vito的头像-拾光赋

Vito6个月前2

你就是我心中的那首忐忑,总是让我惊心动魄
Jason.Meng的头像-拾光赋钻石会员

Jason.Meng徽章-人气大使-拾光赋6个月前2

总是会在人生的不同阶段反复爱上大佬的文章~
每日一言
I am the luckiest person in the world.
我是世界上最幸运的人