Python RSA, ECDSA384 signature/verification __python

Source: Internet
Author: User
Tags openssl openssl rsa serialization

Working with RSA and ECDSA signatures, organize the scripting code and share it with people in need. RSA supports a variety of bit digits, ECDSA temporarily supports only ECDSA384. The PYTHON2,ECDSA of the RSA script is written in Python3. RSA

#!/usr/bin/python from cryptography.exceptions import invalidsignature from cryptography.hazmat.backends Import
Default_backend from cryptography.hazmat.primitives.serialization import Load_pem_private_key, \ Load_pem_public_key Import OS import sys from cryptography.hazmat.primitives import hashes from Cryptography.hazmat.primitives.asymmetric im Port padding Import binascii def gen_rsa_key (Bit_nr, Pri_key, Pub_key): #Pub Key and PRI key are generated by opens
    Sl.  Gen_skey = "OpenSSL genrsa-out {} {}". Format (Pri_key, BIT_NR) print (Gen_skey) os.system (gen_skey) Gen_pkey = ' OpenSSL rsa-in {}-pubout-out {} '. Format (Pri_key, Pub_key) print (Gen_pkey) Os.system (Gen_pkey) def rsa_sign (d Ata_file_name, private_key_file_name, signautre_file_name = None, Hash_type = "SHA256"): #Read the raw data data_ File = open (Data_file_name, "RB") data = Data_file.read () data_file.close () #Read privtate key Data Key_f ile = Open (Private_key_file_Name, "RB") Key_data = Key_file.read () key_file.close () Private_key = Load_pem_private_key ( Key_data, Password=none, Backend=default_backend ()) if Ha Sh_type = = "SHA256": hash_t = hashes. SHA256 () elif Hash_type = = "SHA384": hash_t = hashes. SHA384 () else:hash_t = hashes. SHA512 () signature = private_key.sign (data, padding. Pkcs1v15 (), hash_t) if Signautre_file_name!= None: #Write the Signatur E Data Signautre_file = open (Signautre_file_name, "WB") Signautre_file.write (signature) signautre_

    File.close (); Print ("Signautre data:") print (Binascii.b2a_hex (signature)) def rsa_verify (Data_file_name, Signature_bin, Public_key _file, Is_file = True, Hash_type = "SHA256"): #Read the data file Data_file = open (Data_file_name, "RB") daTa = Data_file.read () data_file.close () #Read the signature file Signature_file = open (Signature_bin, "RB")  Signature = Signature_file.read () signature_file.close () Key_file = open (Public_key_file, "RB") Key_data =
                    Key_file.read () key_file.close () Public_key = Load_pem_public_key (Key_data, Backend=default_backend ()) If Hash_type = = "SHA256": hash_t = hashes. SHA256 () elif Hash_type = = "SHA384": hash_t = hashes. SHA384 () else:hash_t = hashes.
                        SHA512 () Verify_ok = False try:public_key.verify (signature, Data, padding. Pkcs1v15 (), hash_t) print ("RSA correct signature:)") except InvalidS
    Ignature:print ("Invalid signature!:(")

 ELSE:VERIFY_OK = True return VERIFY_OK if __name__ = ' __main__ ':   If Len (sys.argv) <= 1:print ("paramter not correct") exit () if sys.argv[1] = = "GEN": if Len (SYS.ARGV) <= 4:print ("My_rsa gen Pri_key_file pub_key_file bit_nr") exit () Pri_ke

    y = sys.argv[2] Pub_key = sys.argv[3] Bit_nr = sys.argv[4] Gen_rsa_key (BIT_NR, Pri_key, Pub_key) If sys.argv[1] = = "Sign": If Len (SYS.ARGV) <= 3:print ("My_rsa sign data pri_key_file sig_file" Print ("or MY_RSA sign data pri_key_file") print ("or MY_RSA sign data pri_key_file sig_file hash"
            ) exit () Data_file = sys.argv[2] Pri_key_file = sys.argv[3] If len (sys.argv) = = 5:
            Sig_file = sys.argv[4] Rsa_sign (data_file, Pri_key_file, Sig_file) elif len (sys.argv) = = 6: Sig_file = sys.argv[4] Hash_type = sys.argv[5] Rsa_sign (data_file, Pri_key_file, Sig_f
        Ile, Hash_type)Else:rsa_sign (data_file, Pri_key_file) if sys.argv[1] = = "Verify": If Len (SYS.ARGV) <= 4
        : Print ("My_rsa Verify data Sig_file pub_key_file") exit () Data_file = sys.argv[2] Sig_data = sys.argv[3] Pub_key_file = sys.argv[4] If len (sys.argv) = = 6:hash_type = sys.ar GV[5] Rsa_verify (data_file, Sig_data, Pub_key_file, True, Hash_type) else:rsa_verify (data

 _file, Sig_data, Pub_key_file)
ECDSA384
#!/usr/bin/python3 import OS import sys cryptography.hazmat.backends import default_backend from Cryptography.hazmat.primitives.asymmetric Import EC, RSA from cryptography.hazmat.primitives import hashes import Codecs from cryptography.hazmat.primitives.serialization import Load_pem_private_key from Cryptography.hazmat.primitives.asymmetric.utils import Decode_dss_signature, encode_dss_signature from cryptography.x509 Import load_pem_x509_certificate from cryptography.exceptions import invalidsignature Import Binascii from cryptography.hazmat.primitives.asymmetric import padding def bit_to_bytes (a): return (A + 7)//8 def Gen_ecdsa_key (Pri_key, cert_file, Ecdsa_type = "SECP384"): #Only support ECDSA384 so far, using OpenSSL GEN_ECDSA
    _pri_key_cmd = "OpenSSL ecparam-genkey-text-out {}-name secp384r1". Format (pri_key) print (gen_ecdsa_pri_key_cmd) Os.system (gen_ecdsa_pri_key_cmd) gen_ecdsa_cert_key_cmd = "OpenSSL req-new-verbose-pubkey-inform PEM-Key {}-x509-nodes-days "\-out {}". Format (Pri_key, cert_file) print (gen_ecdsa_cer T_key_cmd Os.system (gen_ecdsa_cert_key_cmd) #Only support ECDSA384 def ecdsa_sign (Data_file_name, Pri_key_file_name , sig_file_name): #Read the raw data data_file = open (Data_file_name, "RB") data = Data_file.read () data_ File.close () #Read the Pri_key_file pri_key_file = open (Pri_key_file_name, "RB") Key_data = Pri_key_file.read () pri_key_file.close () Digest = hashes. Hash (hashes. SHA384 (), Default_backend ()) digest.update (data) Dgst = Digest.finalize () print ("Data di Gest to sign: {: s} ". Format (Dgst.hex ()) Skey = Load_pem_private_key (Key_data, Password=none, Backen D=default_backend ()) Sig_data = skey.sign (data, EC. ECDSA (hashes. SHA384 ()) sig_r, sig_s = Decode_dss_signature (sig_data) sig_bytes = b' Key_size_in_bytes = Bit_to_bytes (Skey.public_key (). key_size) Sig_r_bytes = Sig_r.to_bytes (Key_size_in_bytes, "b IG ") Sig_bytes + = sig_r_bytes print (" ECDSA signature r: {: S} ". Format (Sig_r_bytes.hex ()) Sig_s_bytes = SIG_S.T O_bytes (Key_size_in_bytes, "big") sig_bytes + = sig_s_bytes print ("ECDSA signature s: {: s}". Format (Sig_s_bytes.hex ( )) Print ("ECDSA signautre: {: S}". Format (Sig_bytes.hex ())) #Write sig to Sig_file sig_file = open (Sig_file_na  Me, "WB") Sig_file.write (sig_bytes) sig_file.close () #Only support ECDSA384 def ecdsa_verify (Data_file, Sig_data, Pub_key_file): Data_f = open (Data_file, "RB") Pay_load = Data_f.read () data_f.close () Sig_f = open (sig _data, "RB") r_s = Sig_f.read () sig_f.close () with open (Pub_key_file, ' RB ') as Fpkey:pem_data = FPK Ey.read () cert = Load_pem_x509_certificate (Pem_data, Default_backend ()) Public_key = Cert.public_key () if ISI Nstance (Public_key, EC. ELlipticcurvepublickey): Sig_r = Int.from_bytes (R_s[:int (len (r_s)/2)], byteorder= ' big ') sig_s = Int.from
            _bytes (R_s[-int len (r_s)/2):], byteorder= ' big ') signature = Encode_dss_signature (Sig_r, sig_s) Try: Public_key.verify (signature, pay_load, EC. ECDSA (hashes. SHA384 ()) print ("ECDSA correct signature detected ...:) \ n ") except Invalidsignature:print (" ECDSA Invalid signature detected ...:( \ n ") else:print (" RSA not yet supported ") exit () if __name__ = = ' __main__ ': If Len (SYS.ARGV) ; = 1:print ("paramter not correct") exit () if sys.argv[1] = = "Gen": If Len (SYS.ARGV) <= 3 : Print ("My_ecdsa gen Pri_key_file Pub_key_file") exit () Pri_key = sys.argv[2] Pu B_key = sys.argv[3] Gen_ecdsa_key (Pri_key, Pub_key) if sys.argv[1] = = "Sign": if LEn (SYS.ARGV) <= 3:print ("MY_ECDSA sign data pri_key_file sig_file") print ("or MY_RSA sign data  Pri_key_file ") print (" or MY_RSA sign data pri_key_file sig_file hash ") exit () data_file
            = sys.argv[2] Pri_key_file = sys.argv[3] If len (sys.argv) = = 5:sig_file = Sys.argv[4]

    Ecdsa_sign (Data_file, Pri_key_file, Sig_file) else:ecdsa_sign (data_file, Pri_key_file)
            If sys.argv[1] = = "Verify": If Len (SYS.ARGV) <= 4:print ("my_rsa Verify data sig_file cert_file")
        Exit () Data_file = sys.argv[2] Sig_data = sys.argv[3] Pub_key_file = sys.argv[4] Ecdsa_verify (Data_file, Sig_data, Pub_key_file)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.