Signature verification - Printable Version

Signature verification - Printable Version

+- Python Forum (https://python-forum.io)
+-- Forum: Python Coding (https://python-forum.io/forum-7.html)
+--- Forum: General Coding Help (https://python-forum.io/forum-8.html)
+--- Thread: Signature verification (/thread-14220.html)

Pages: 1 2

Signature verification - saisankalpj - Nov-20-2018

https://gist.github.com/lkdocs/6519372
While following the code in above link i am getting false when i am using this code.The public key i am passing is in string format with the header "BEGIN PUBLIC KEY" and footer "END PUBLIC KEY".Is the string format the issue?

RE: Signature verification - j.crater - Nov-20-2018

Post the code in Python code tags. Or at least the part of code where error happens, along with full error traceback message (in error tags).

RE: Signature verification - gontajones - Nov-20-2018

Which steps did you follow?

1 - Create a key-pair with ssh-keygen
2 - Generate a signature for some "data.txt" with openssl dgst -sign ~/.ssh/id_rsa data.txt > signature
3 - Encode signature and "data.txt" with base64.b64encode().
4 - Call verify_sign("~/.ssh/id_rsa.pub", signature_b64, data_b64)

RE: Signature verification - saisankalpj - Nov-20-2018

(Nov-20-2018, 05:01 PM)gontajones Wrote: Which steps did you follow?

1 - Create a key-pair with ssh-keygen
2 - Generate a signature for some "data.txt" with openssl dgst -sign ~/.ssh/id_rsa data.txt > signature
3 - Encode signature and "data.txt" with base64.b64encode().
4 - Call verify_sign("~/.ssh/id_rsa.pub", signature_b64, data_b64)

def verify_sign(public_key_loc, signature, data):
    '''
    Verifies with a public key from whom the data came that it was indeed 
    signed by their private key
    param: public_key_loc Path to public key
    param: signature String signature to be verified
    return: Boolean. True if the signature is valid; False otherwise. 
    '''
    from Crypto.PublicKey import RSA 
    from Crypto.Signature import PKCS1_v1_5 
    from Crypto.Hash import SHA512
    from base64 import b64decode 
    pub_key = open(public_key_loc, "r").read() 
    rsakey = RSA.importKey(pub_key) 
    signer = PKCS1_v1_5.new(rsakey) 
    digest = SHA512.new() 
    # Assumes the data is base64 encoded to begin with
    digest.update(b64decode(data)) 
    if signer.verify(digest, b64decode(signature)):
        return True
    return False

This is what i have followed

RE: Signature verification - gontajones - Nov-20-2018

Yep, I run this code in my step 4 and it returned True.

RE: Signature verification - saisankalpj - Nov-20-2018

(Nov-20-2018, 05:12 PM)gontajones Wrote: Yep, I run this code in my step 4 and it returned True.

Yeah but the problem for me is in line 17 i am hard coding the key as “BEGIN PUBLIC KEY ”+ hardcoded key value+”END PUBLIC KEY”. But i am getting false

RE: Signature verification - gontajones - Nov-20-2018

(Nov-20-2018, 05:26 PM)saisankalpj Wrote:
(Nov-20-2018, 05:12 PM)gontajones Wrote: Yep, I run this code in my step 4 and it returned True.

Yeah but the problem for me is in line 17 i am hard coding the key as “BEGIN PUBLIC KEY ”+ hardcoded key value+”END PUBLIC KEY”. But i am getting false

The key that you are mentioning is a private key, the function needs the public key (and it reads it from file).
Your public key file should looks like:

Output:
ssh-rsa AAAAB3N...ns3bhHGhjR6XCJcFik9K/ne+uhSy40Ij user@linux

Another question, how are you generating the signature?

RE: Signature verification - saisankalpj - Nov-20-2018

(Nov-20-2018, 05:41 PM)gontajones Wrote:
(Nov-20-2018, 05:26 PM)saisankalpj Wrote: Yeah but the problem for me is in line 17 i am hard coding the key as “BEGIN PUBLIC KEY ”+ hardcoded key value+”END PUBLIC KEY”. But i am getting false

The key that you are mentioning is a private key, the function needs the public key (and it reads it from file).
Your public key file should looks like:
Output:
ssh-rsa AAAAB3N...ns3bhHGhjR6XCJcFik9K/ne+uhSy40Ij user@linux
Another question, how are you generating the signature?

The signature is being taken from a server response and my public key looks like
public_key = """-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8qHggSumaJ85aR1m/wb2
F7wg+e+1CFo08Dx0QG19Ii6zXXCjkmLHfkz44/1J33OQV2u1BJJ/6B70uXDYeHNx
xcEDbWOH54geTKriaLg+fGVhq/T7B3gUhIZhGz/8u8mtBDEDtoxwAxn7yLvR3P3a
dB5M3Ghp+2o7heAYdtLqxtfTe8cCHZ8ZLAVfwXNby0GJrq54909jxKjgUdBWU+ci
z4HrgrxjMbLxP2Epq0UzAEzxxqlUz/KjloehiyXr6FKH9eLqj8KSj0hcnW3QOgDK
hZI1lr2GCMvyXjB8wiesTxk5DNM0NAOCTrh1uDqZ4F1+rrOoMYDvs0VbNEAJlSfl
eQIDAQAB
-----END PUBLIC KEY-----"""

RE: Signature verification - gontajones - Nov-20-2018

Hummm...my bad about saying that you were mentioning a private key, sorry.

This is a RSA public key? It should be.
Try with:
-----BEGIN RSA PUBLIC KEY----- ... -----END RSA PUBLIC KEY-----

RE: Signature verification - saisankalpj - Nov-20-2018

(Nov-20-2018, 06:03 PM)gontajones Wrote: Hummm...my bad about saying that you were mentioning a private key, sorry.

This is a RSA public key? It should be.
Try with:
-----BEGIN RSA PUBLIC KEY----- ... -----END RSA PUBLIC KEY-----

Ok will check tomorrow and tell u ? Any other suggestion from you?