https://gist.github.com/lkdocs/6519372
While following the code in above link i am getting false when i am using this code.The public key i am passing is in string format with the header "BEGIN PUBLIC KEY" and footer "END PUBLIC KEY".Is the string format the issue?
Post the code in Python code tags. Or at least the part of code where error happens, along with full error traceback message (in error tags).
Which steps did you follow?
1 - Create a key-pair with ssh-keygen
2 - Generate a signature for some "data.txt" with openssl dgst -sign ~/.ssh/id_rsa data.txt > signature
3 - Encode signature and "data.txt" with base64.b64encode().
4 - Call verify_sign("~/.ssh/id_rsa.pub", signature_b64, data_b64)
(Nov-20-2018, 05:01 PM)gontajones Wrote: [ -> ]Which steps did you follow?
1 - Create a key-pair with ssh-keygen
2 - Generate a signature for some "data.txt" with openssl dgst -sign ~/.ssh/id_rsa data.txt > signature
3 - Encode signature and "data.txt" with base64.b64encode().
4 - Call verify_sign("~/.ssh/id_rsa.pub", signature_b64, data_b64)
def verify_sign(public_key_loc, signature, data):
'''
Verifies with a public key from whom the data came that it was indeed
signed by their private key
param: public_key_loc Path to public key
param: signature String signature to be verified
return: Boolean. True if the signature is valid; False otherwise.
'''
from Crypto.PublicKey import RSA
from Crypto.Signature import PKCS1_v1_5
from Crypto.Hash import SHA512
from base64 import b64decode
pub_key = open(public_key_loc, "r").read()
rsakey = RSA.importKey(pub_key)
signer = PKCS1_v1_5.new(rsakey)
digest = SHA512.new()
# Assumes the data is base64 encoded to begin with
digest.update(b64decode(data))
if signer.verify(digest, b64decode(signature)):
return True
return FalseThis is what i have followed
Yep, I run this code in my step 4 and it returned True.
(Nov-20-2018, 05:12 PM)gontajones Wrote: [ -> ]Yep, I run this code in my step 4 and it returned True.
Yeah but the problem for me is in line 17 i am hard coding the key as “BEGIN PUBLIC KEY ”+ hardcoded key value+”END PUBLIC KEY”. But i am getting false
(Nov-20-2018, 05:26 PM)saisankalpj Wrote: [ -> ] (Nov-20-2018, 05:12 PM)gontajones Wrote: [ -> ]Yep, I run this code in my step 4 and it returned True.
Yeah but the problem for me is in line 17 i am hard coding the key as “BEGIN PUBLIC KEY ”+ hardcoded key value+”END PUBLIC KEY”. But i am getting false
The key that you are mentioning is a private key, the function needs the public key (and it reads it from file).
Your public key file should looks like:
Output:
ssh-rsa AAAAB3N...ns3bhHGhjR6XCJcFik9K/ne+uhSy40Ij user@linux
Another question, how are you generating the signature?
(Nov-20-2018, 05:41 PM)gontajones Wrote: [ -> ] (Nov-20-2018, 05:26 PM)saisankalpj Wrote: [ -> ]Yeah but the problem for me is in line 17 i am hard coding the key as “BEGIN PUBLIC KEY ”+ hardcoded key value+”END PUBLIC KEY”. But i am getting false
The key that you are mentioning is a private key, the function needs the public key (and it reads it from file).
Your public key file should looks like:
Output:
ssh-rsa AAAAB3N...ns3bhHGhjR6XCJcFik9K/ne+uhSy40Ij user@linux
Another question, how are you generating the signature?
The signature is being taken from a server response and my public key looks like
public_key = """-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8qHggSumaJ85aR1m/wb2
F7wg+e+1CFo08Dx0QG19Ii6zXXCjkmLHfkz44/1J33OQV2u1BJJ/6B70uXDYeHNx
xcEDbWOH54geTKriaLg+fGVhq/T7B3gUhIZhGz/8u8mtBDEDtoxwAxn7yLvR3P3a
dB5M3Ghp+2o7heAYdtLqxtfTe8cCHZ8ZLAVfwXNby0GJrq54909jxKjgUdBWU+ci
z4HrgrxjMbLxP2Epq0UzAEzxxqlUz/KjloehiyXr6FKH9eLqj8KSj0hcnW3QOgDK
hZI1lr2GCMvyXjB8wiesTxk5DNM0NAOCTrh1uDqZ4F1+rrOoMYDvs0VbNEAJlSfl
eQIDAQAB
-----END PUBLIC KEY-----"""
Hummm...my bad about saying that you were mentioning a private key, sorry.
This is a RSA public key? It should be.
Try with:
-----BEGIN RSA PUBLIC KEY----- ... -----END RSA PUBLIC KEY-----
(Nov-20-2018, 06:03 PM)gontajones Wrote: [ -> ]Hummm...my bad about saying that you were mentioning a private key, sorry.
This is a RSA public key? It should be.
Try with:
-----BEGIN RSA PUBLIC KEY----- ... -----END RSA PUBLIC KEY-----
Ok will check tomorrow and tell u ? Any other suggestion from you?