Python Forum
Signature verification - Printable Version

+- Python Forum (https://python-forum.io)
+-- Forum: Python Coding (https://python-forum.io/forum-7.html)
+--- Forum: General Coding Help (https://python-forum.io/forum-8.html)
+--- Thread: Signature verification (/thread-12979.html)



Signature verification - saisankalpj - Sep-21-2018

I have a signature, data and public key is
Public Key: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsFWkb/eSl6I3DRVhaonW3DFy8EnL0yaPiDzCcOLuYfBjN9zZIR1wXmnMJFle1K89qHGg42wgweVTIwA1XFTfoUKSziwsjF6FscZX5H56ZYyS/wWiO3rWWynlfbSZt+ga71+ndsu+A0Dy7Nn7ZgP8kRsu4UM5vE7QQTRERNiUKpzScN1cgZUFUqSddQmkwTEN8hH1mFX1Mum54NGqWIlmQxQDrOyogmMXIaaakhabcmuIPMULVVDVwUJC9sSDsc/j05qcZn3kkiEBRyiYB6ZLY2W7WfiV+dB7/icPONsYSD0FxHWEGNnbqtiGoNf9WZWtaP+o8WMR9sB3GKGVnbLvbQIDAQAB
How do i verify the signature is correct or not


RE: Signature verification - ODIS - Sep-21-2018

Crypto library example: https://gist.github.com/lkdocs/6519372


RE: Signature verification - saisankalpj - Sep-22-2018

(Sep-21-2018, 08:05 PM)ODIS Wrote: Crypto library example: https://gist.github.com/lkdocs/6519372

I tried this logic but the digest.update(b64decode(data)) is making digest as None. Any idea regarding this??


RE: Signature verification - ODIS - Sep-22-2018

Can you post full example of your try including also the signature and data?


RE: Signature verification - saisankalpj - Sep-23-2018

(Sep-22-2018, 09:10 PM)ODIS Wrote: Can you post full example of your try including also the signature and data?
I cant post the example due to restrictions
But public key is
-----BEGIN PUBLIC KEY——-
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsFWkb/eSl6I3DRVhaonW3DFy8EnL0yaPiDzCcOLuYfBjN9zZIR1wXmnMJFle1K89qHGg42wgweVTIwA1XFTfoUKSziwsjF6FscZX5H56ZYyS/wWiO3rWWynlfbSZt+ga71+ndsu+A0Dy7Nn7ZgP8kRsu4UM5vE7QQTRERNiUKpzScN1cgZUFUqSddQmkwTEN8hH1mFX1Mum54NGqWIlmQxQDrOyogmMXIaaakhabcmuIPMULVVDVwUJC9sSDsc/j05qcZn3kkiEBRyiYB6ZLY2W7WfiV+dB7/icPONsYSD0FxHWEGNnbqtiGoNf9WZWtaP+o8WMR9sB3GKGVnbLvbQIDAQAB
-----END PUBLIC KEY-----
Signature and data i am passing apart from public key to the method u specified.
But digest.update(b64decode(data)) seems to provide none


RE: Signature verification - ODIS - Sep-23-2018

Restrictions? :) I'm fortunately not restricted to create some test keys. digest.update() method is not returning anything - the method updates the digest object. Here you have complete example:

from Crypto.Hash import SHA512
from Crypto.PublicKey import RSA
from Crypto.Signature import PKCS1_v1_5
from base64 import b64decode

private_key = """-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEA8qHggSumaJ85aR1m/wb2F7wg+e+1CFo08Dx0QG19Ii6zXXCj
kmLHfkz44/1J33OQV2u1BJJ/6B70uXDYeHNxxcEDbWOH54geTKriaLg+fGVhq/T7
B3gUhIZhGz/8u8mtBDEDtoxwAxn7yLvR3P3adB5M3Ghp+2o7heAYdtLqxtfTe8cC
HZ8ZLAVfwXNby0GJrq54909jxKjgUdBWU+ciz4HrgrxjMbLxP2Epq0UzAEzxxqlU
z/KjloehiyXr6FKH9eLqj8KSj0hcnW3QOgDKhZI1lr2GCMvyXjB8wiesTxk5DNM0
NAOCTrh1uDqZ4F1+rrOoMYDvs0VbNEAJlSfleQIDAQABAoIBAQC12HkIloxr0RoY
G/87mB4M/+S/LdbCYclXXBfMycKFQfcQSwFtDzdxA4NubEFXhadivci3mozejYTh
DyBOdkeI7PYCoBwVfUEoONLjpWK/nMQtOriBio/mG0jgQX7Lx4UypQGhaXPx/yFj
+tB5DpERgjwc3OzBj4b4+VGcjMuFJnstWV3ZRdnF/pnK/nLgjqiBTK9xV/L8lwQV
+k3WADaGs9IWKKRQBiB9gfqsflbVNAXOa33ycURlohBBGoAEFf5cTkjuh6YhP4cU
kp/QkDecvB1p3rNmVHAjpKs3XViwUFnHk+/pZBdfjJEdUnE1II6KgnHT/Yl5CmFs
RsWSGlA5AoGBAPzg1+rQjFaXUKb7gHi9xBRf446ppdtCRmlSkpx3eCYystovmhpW
iZZFeLUonzciwsw7b46XKVPMdu+oQzwJbmoW0nkRWegIcB6VXYQeoupcxnfPJmtx
gNl44QxDID4j41XBIP4b4xjlIPOBoXstiwObodUq6liRjYtYOdezFpOjAoGBAPWg
p2EBRbzhPHEXIPC2kVoUsbTZfcWnKPk/pfHl80YAlZtuSMm2bO5Bzzp3vV485zoD
mAZsPiNbqd0o/hiQpj+nUGB/pXG+QoMUKCp71D+NwKZIyH76XNtqUJTiwwH7K/7A
p0zXt6stt6cFQ6QwXlxJh3y+urY+dRjCuXR/XVQzAoGALBKLzxL1womwtsmShHie
Wea0ZELQ8zvDxctsXfS8bfvcDAbL1tdKN3R4KyqfRR670JhzQui5fS9fczliLm5+
XeMIX61UfAoscEgb+lDUl///XxYtXgB0MnLM1jRExE/A6Us1ktQNamNUsNvg5vTz
C3fuZpaKLVGA185SlnNR9f0CgYAwwbgX4FnIeWk3BaFLRuIpYGw5+uYlYt4WQ9Ub
5Epa/ei0lrqqF6Ud0kBhWb1kRHCdqnL162yWNi7MsMNneucVQZAJ56yenGa1gD3M
2RGzn9664z2xPt9Jypu+Qhj1frcn9XQAI93Yg9WtuLTJlbRVW18imvWTEWjLBnQr
tNCA0wKBgDyIfKyFOCmgVY8gRk/mk1AHITL9liS1UYdyxuzYWIVefs5W9OKNBV+p
dLpU++DLTk7K4HT7X99VT42O/Yry9JVQ/BttjSH7F9qDqd8SBsi1nxaVGiCzLvSV
G2vIeTBfeI4hK8gUpUjxaTIJzxiJv+dlnLdGr13tEJS6pEVmuLAJ
-----END RSA PRIVATE KEY-----"""

public_key = """-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8qHggSumaJ85aR1m/wb2
F7wg+e+1CFo08Dx0QG19Ii6zXXCjkmLHfkz44/1J33OQV2u1BJJ/6B70uXDYeHNx
xcEDbWOH54geTKriaLg+fGVhq/T7B3gUhIZhGz/8u8mtBDEDtoxwAxn7yLvR3P3a
dB5M3Ghp+2o7heAYdtLqxtfTe8cCHZ8ZLAVfwXNby0GJrq54909jxKjgUdBWU+ci
z4HrgrxjMbLxP2Epq0UzAEzxxqlUz/KjloehiyXr6FKH9eLqj8KSj0hcnW3QOgDK
hZI1lr2GCMvyXjB8wiesTxk5DNM0NAOCTrh1uDqZ4F1+rrOoMYDvs0VbNEAJlSfl
eQIDAQAB
-----END PUBLIC KEY-----"""

# data for encryption
data = "test"

# let's create the keys objects
private_key = RSA.importKey(private_key)
public_key = RSA.importKey(public_key)

# let's create the signer and verifier
signer = PKCS1_v1_5.new(private_key)
verifier = PKCS1_v1_5.new(public_key)

# data will be hashed before encryption
digest = SHA512.new()
digest.update(b64decode(data))

# encryption
signature = signer.sign(digest)

# verification
if signer.verify(digest, signature):
    print("Verification OK")
else:
    print("Verification FAIL")



RE: Signature verification - saisankalpj - Sep-24-2018

(Sep-23-2018, 06:54 PM)ODIS Wrote: Restrictions? :) I'm fortunately not restricted to create some test keys. digest.update() method is not returning anything - the method updates the digest object. Here you have complete example:

from Crypto.Hash import SHA512
from Crypto.PublicKey import RSA
from Crypto.Signature import PKCS1_v1_5
from base64 import b64decode

private_key = """-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEA8qHggSumaJ85aR1m/wb2F7wg+e+1CFo08Dx0QG19Ii6zXXCj
kmLHfkz44/1J33OQV2u1BJJ/6B70uXDYeHNxxcEDbWOH54geTKriaLg+fGVhq/T7
B3gUhIZhGz/8u8mtBDEDtoxwAxn7yLvR3P3adB5M3Ghp+2o7heAYdtLqxtfTe8cC
HZ8ZLAVfwXNby0GJrq54909jxKjgUdBWU+ciz4HrgrxjMbLxP2Epq0UzAEzxxqlU
z/KjloehiyXr6FKH9eLqj8KSj0hcnW3QOgDKhZI1lr2GCMvyXjB8wiesTxk5DNM0
NAOCTrh1uDqZ4F1+rrOoMYDvs0VbNEAJlSfleQIDAQABAoIBAQC12HkIloxr0RoY
G/87mB4M/+S/LdbCYclXXBfMycKFQfcQSwFtDzdxA4NubEFXhadivci3mozejYTh
DyBOdkeI7PYCoBwVfUEoONLjpWK/nMQtOriBio/mG0jgQX7Lx4UypQGhaXPx/yFj
+tB5DpERgjwc3OzBj4b4+VGcjMuFJnstWV3ZRdnF/pnK/nLgjqiBTK9xV/L8lwQV
+k3WADaGs9IWKKRQBiB9gfqsflbVNAXOa33ycURlohBBGoAEFf5cTkjuh6YhP4cU
kp/QkDecvB1p3rNmVHAjpKs3XViwUFnHk+/pZBdfjJEdUnE1II6KgnHT/Yl5CmFs
RsWSGlA5AoGBAPzg1+rQjFaXUKb7gHi9xBRf446ppdtCRmlSkpx3eCYystovmhpW
iZZFeLUonzciwsw7b46XKVPMdu+oQzwJbmoW0nkRWegIcB6VXYQeoupcxnfPJmtx
gNl44QxDID4j41XBIP4b4xjlIPOBoXstiwObodUq6liRjYtYOdezFpOjAoGBAPWg
p2EBRbzhPHEXIPC2kVoUsbTZfcWnKPk/pfHl80YAlZtuSMm2bO5Bzzp3vV485zoD
mAZsPiNbqd0o/hiQpj+nUGB/pXG+QoMUKCp71D+NwKZIyH76XNtqUJTiwwH7K/7A
p0zXt6stt6cFQ6QwXlxJh3y+urY+dRjCuXR/XVQzAoGALBKLzxL1womwtsmShHie
Wea0ZELQ8zvDxctsXfS8bfvcDAbL1tdKN3R4KyqfRR670JhzQui5fS9fczliLm5+
XeMIX61UfAoscEgb+lDUl///XxYtXgB0MnLM1jRExE/A6Us1ktQNamNUsNvg5vTz
C3fuZpaKLVGA185SlnNR9f0CgYAwwbgX4FnIeWk3BaFLRuIpYGw5+uYlYt4WQ9Ub
5Epa/ei0lrqqF6Ud0kBhWb1kRHCdqnL162yWNi7MsMNneucVQZAJ56yenGa1gD3M
2RGzn9664z2xPt9Jypu+Qhj1frcn9XQAI93Yg9WtuLTJlbRVW18imvWTEWjLBnQr
tNCA0wKBgDyIfKyFOCmgVY8gRk/mk1AHITL9liS1UYdyxuzYWIVefs5W9OKNBV+p
dLpU++DLTk7K4HT7X99VT42O/Yry9JVQ/BttjSH7F9qDqd8SBsi1nxaVGiCzLvSV
G2vIeTBfeI4hK8gUpUjxaTIJzxiJv+dlnLdGr13tEJS6pEVmuLAJ
-----END RSA PRIVATE KEY-----"""

public_key = """-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8qHggSumaJ85aR1m/wb2
F7wg+e+1CFo08Dx0QG19Ii6zXXCjkmLHfkz44/1J33OQV2u1BJJ/6B70uXDYeHNx
xcEDbWOH54geTKriaLg+fGVhq/T7B3gUhIZhGz/8u8mtBDEDtoxwAxn7yLvR3P3a
dB5M3Ghp+2o7heAYdtLqxtfTe8cCHZ8ZLAVfwXNby0GJrq54909jxKjgUdBWU+ci
z4HrgrxjMbLxP2Epq0UzAEzxxqlUz/KjloehiyXr6FKH9eLqj8KSj0hcnW3QOgDK
hZI1lr2GCMvyXjB8wiesTxk5DNM0NAOCTrh1uDqZ4F1+rrOoMYDvs0VbNEAJlSfl
eQIDAQAB
-----END PUBLIC KEY-----"""

# data for encryption
data = "test"

# let's create the keys objects
private_key = RSA.importKey(private_key)
public_key = RSA.importKey(public_key)

# let's create the signer and verifier
signer = PKCS1_v1_5.new(private_key)
verifier = PKCS1_v1_5.new(public_key)

# data will be hashed before encryption
digest = SHA512.new()
digest.update(b64decode(data))

# encryption
signature = signer.sign(digest)

# verification
if signer.verify(digest, signature):
    print("Verification OK")
else:
    print("Verification FAIL")
I did everything as told by u but the problem is that the public key i am passing is in string format,which means i am hard coding and sending the key but i was told to convert it to pem format as this method returns true if only in pem .can u suggest anything regarding this


RE: Signature verification - ODIS - Sep-30-2018

I'm sorry, I don't understand what you're trying to say about the public key. Try to present a full example with some test keys and I would like to try to help.


RE: Signature verification - saisankalpj - Nov-20-2018

(Sep-21-2018, 08:05 PM)ODIS Wrote: Crypto library example: https://gist.github.com/lkdocs/6519372
I am getting false when i am using this code.The public key i am passing is in string format with the header "BEGIN PUBLIC KEY" and footer "END PUBLIC KEY".Is the string format the issue?