Working with RSA and ECDSA signatures, organize the scripting code and share it with people in need. RSA supports a variety of bit digits, ECDSA temporarily supports only ECDSA384. The PYTHON2,ECDSA of the RSA script is written in Python3. RSA
#!/usr/bin/python from cryptography.exceptions import invalidsignature from cryptography.hazmat.backends Import
Default_backend from cryptography.hazmat.primitives.serialization import Load_pem_private_key, \ Load_pem_public_key Import OS import sys from cryptography.hazmat.primitives import hashes from Cryptography.hazmat.primitives.asymmetric im Port padding Import binascii def gen_rsa_key (Bit_nr, Pri_key, Pub_key): #Pub Key and PRI key are generated by opens
Sl. Gen_skey = "OpenSSL genrsa-out {} {}". Format (Pri_key, BIT_NR) print (Gen_skey) os.system (gen_skey) Gen_pkey = ' OpenSSL rsa-in {}-pubout-out {} '. Format (Pri_key, Pub_key) print (Gen_pkey) Os.system (Gen_pkey) def rsa_sign (d Ata_file_name, private_key_file_name, signautre_file_name = None, Hash_type = "SHA256"): #Read the raw data data_ File = open (Data_file_name, "RB") data = Data_file.read () data_file.close () #Read privtate key Data Key_f ile = Open (Private_key_file_Name, "RB") Key_data = Key_file.read () key_file.close () Private_key = Load_pem_private_key ( Key_data, Password=none, Backend=default_backend ()) if Ha Sh_type = = "SHA256": hash_t = hashes. SHA256 () elif Hash_type = = "SHA384": hash_t = hashes. SHA384 () else:hash_t = hashes. SHA512 () signature = private_key.sign (data, padding. Pkcs1v15 (), hash_t) if Signautre_file_name!= None: #Write the Signatur E Data Signautre_file = open (Signautre_file_name, "WB") Signautre_file.write (signature) signautre_
File.close (); Print ("Signautre data:") print (Binascii.b2a_hex (signature)) def rsa_verify (Data_file_name, Signature_bin, Public_key _file, Is_file = True, Hash_type = "SHA256"): #Read the data file Data_file = open (Data_file_name, "RB") daTa = Data_file.read () data_file.close () #Read the signature file Signature_file = open (Signature_bin, "RB") Signature = Signature_file.read () signature_file.close () Key_file = open (Public_key_file, "RB") Key_data =
Key_file.read () key_file.close () Public_key = Load_pem_public_key (Key_data, Backend=default_backend ()) If Hash_type = = "SHA256": hash_t = hashes. SHA256 () elif Hash_type = = "SHA384": hash_t = hashes. SHA384 () else:hash_t = hashes.
SHA512 () Verify_ok = False try:public_key.verify (signature, Data, padding. Pkcs1v15 (), hash_t) print ("RSA correct signature:)") except InvalidS
Ignature:print ("Invalid signature!:(")
ELSE:VERIFY_OK = True return VERIFY_OK if __name__ = ' __main__ ': If Len (sys.argv) <= 1:print ("paramter not correct") exit () if sys.argv[1] = = "GEN": if Len (SYS.ARGV) <= 4:print ("My_rsa gen Pri_key_file pub_key_file bit_nr") exit () Pri_ke
y = sys.argv[2] Pub_key = sys.argv[3] Bit_nr = sys.argv[4] Gen_rsa_key (BIT_NR, Pri_key, Pub_key) If sys.argv[1] = = "Sign": If Len (SYS.ARGV) <= 3:print ("My_rsa sign data pri_key_file sig_file" Print ("or MY_RSA sign data pri_key_file") print ("or MY_RSA sign data pri_key_file sig_file hash"
) exit () Data_file = sys.argv[2] Pri_key_file = sys.argv[3] If len (sys.argv) = = 5:
Sig_file = sys.argv[4] Rsa_sign (data_file, Pri_key_file, Sig_file) elif len (sys.argv) = = 6: Sig_file = sys.argv[4] Hash_type = sys.argv[5] Rsa_sign (data_file, Pri_key_file, Sig_f
Ile, Hash_type)Else:rsa_sign (data_file, Pri_key_file) if sys.argv[1] = = "Verify": If Len (SYS.ARGV) <= 4
: Print ("My_rsa Verify data Sig_file pub_key_file") exit () Data_file = sys.argv[2] Sig_data = sys.argv[3] Pub_key_file = sys.argv[4] If len (sys.argv) = = 6:hash_type = sys.ar GV[5] Rsa_verify (data_file, Sig_data, Pub_key_file, True, Hash_type) else:rsa_verify (data
_file, Sig_data, Pub_key_file)
ECDSA384
#!/usr/bin/python3 import OS import sys cryptography.hazmat.backends import default_backend from Cryptography.hazmat.primitives.asymmetric Import EC, RSA from cryptography.hazmat.primitives import hashes import Codecs from cryptography.hazmat.primitives.serialization import Load_pem_private_key from Cryptography.hazmat.primitives.asymmetric.utils import Decode_dss_signature, encode_dss_signature from cryptography.x509 Import load_pem_x509_certificate from cryptography.exceptions import invalidsignature Import Binascii from cryptography.hazmat.primitives.asymmetric import padding def bit_to_bytes (a): return (A + 7)//8 def Gen_ecdsa_key (Pri_key, cert_file, Ecdsa_type = "SECP384"): #Only support ECDSA384 so far, using OpenSSL GEN_ECDSA
_pri_key_cmd = "OpenSSL ecparam-genkey-text-out {}-name secp384r1". Format (pri_key) print (gen_ecdsa_pri_key_cmd) Os.system (gen_ecdsa_pri_key_cmd) gen_ecdsa_cert_key_cmd = "OpenSSL req-new-verbose-pubkey-inform PEM-Key {}-x509-nodes-days "\-out {}". Format (Pri_key, cert_file) print (gen_ecdsa_cer T_key_cmd Os.system (gen_ecdsa_cert_key_cmd) #Only support ECDSA384 def ecdsa_sign (Data_file_name, Pri_key_file_name , sig_file_name): #Read the raw data data_file = open (Data_file_name, "RB") data = Data_file.read () data_ File.close () #Read the Pri_key_file pri_key_file = open (Pri_key_file_name, "RB") Key_data = Pri_key_file.read () pri_key_file.close () Digest = hashes. Hash (hashes. SHA384 (), Default_backend ()) digest.update (data) Dgst = Digest.finalize () print ("Data di Gest to sign: {: s} ". Format (Dgst.hex ()) Skey = Load_pem_private_key (Key_data, Password=none, Backen D=default_backend ()) Sig_data = skey.sign (data, EC. ECDSA (hashes. SHA384 ()) sig_r, sig_s = Decode_dss_signature (sig_data) sig_bytes = b' Key_size_in_bytes = Bit_to_bytes (Skey.public_key (). key_size) Sig_r_bytes = Sig_r.to_bytes (Key_size_in_bytes, "b IG ") Sig_bytes + = sig_r_bytes print (" ECDSA signature r: {: S} ". Format (Sig_r_bytes.hex ()) Sig_s_bytes = SIG_S.T O_bytes (Key_size_in_bytes, "big") sig_bytes + = sig_s_bytes print ("ECDSA signature s: {: s}". Format (Sig_s_bytes.hex ( )) Print ("ECDSA signautre: {: S}". Format (Sig_bytes.hex ())) #Write sig to Sig_file sig_file = open (Sig_file_na Me, "WB") Sig_file.write (sig_bytes) sig_file.close () #Only support ECDSA384 def ecdsa_verify (Data_file, Sig_data, Pub_key_file): Data_f = open (Data_file, "RB") Pay_load = Data_f.read () data_f.close () Sig_f = open (sig _data, "RB") r_s = Sig_f.read () sig_f.close () with open (Pub_key_file, ' RB ') as Fpkey:pem_data = FPK Ey.read () cert = Load_pem_x509_certificate (Pem_data, Default_backend ()) Public_key = Cert.public_key () if ISI Nstance (Public_key, EC. ELlipticcurvepublickey): Sig_r = Int.from_bytes (R_s[:int (len (r_s)/2)], byteorder= ' big ') sig_s = Int.from
_bytes (R_s[-int len (r_s)/2):], byteorder= ' big ') signature = Encode_dss_signature (Sig_r, sig_s) Try: Public_key.verify (signature, pay_load, EC. ECDSA (hashes. SHA384 ()) print ("ECDSA correct signature detected ...:) \ n ") except Invalidsignature:print (" ECDSA Invalid signature detected ...:( \ n ") else:print (" RSA not yet supported ") exit () if __name__ = = ' __main__ ': If Len (SYS.ARGV) ; = 1:print ("paramter not correct") exit () if sys.argv[1] = = "Gen": If Len (SYS.ARGV) <= 3 : Print ("My_ecdsa gen Pri_key_file Pub_key_file") exit () Pri_key = sys.argv[2] Pu B_key = sys.argv[3] Gen_ecdsa_key (Pri_key, Pub_key) if sys.argv[1] = = "Sign": if LEn (SYS.ARGV) <= 3:print ("MY_ECDSA sign data pri_key_file sig_file") print ("or MY_RSA sign data Pri_key_file ") print (" or MY_RSA sign data pri_key_file sig_file hash ") exit () data_file
= sys.argv[2] Pri_key_file = sys.argv[3] If len (sys.argv) = = 5:sig_file = Sys.argv[4]
Ecdsa_sign (Data_file, Pri_key_file, Sig_file) else:ecdsa_sign (data_file, Pri_key_file)
If sys.argv[1] = = "Verify": If Len (SYS.ARGV) <= 4:print ("my_rsa Verify data sig_file cert_file")
Exit () Data_file = sys.argv[2] Sig_data = sys.argv[3] Pub_key_file = sys.argv[4] Ecdsa_verify (Data_file, Sig_data, Pub_key_file)