Signature verification

saisankalpj · Nov-20-2018, 04:38 PM

https://gist.github.com/lkdocs/6519372
While following the code in above link i am getting false when i am using this code.The public key i am passing is in string format with the header "BEGIN PUBLIC KEY" and footer "END PUBLIC KEY".Is the string format the issue?

**j.crater** · Nov-20-2018, 05:01 PM

Post the code in Python code tags. Or at least the part of code where error happens, along with full error traceback message (in error tags).

gontajones · Nov-20-2018, 05:01 PM

Which steps did you follow?

1 - Create a key-pair with ssh-keygen
2 - Generate a signature for some "data.txt" with openssl dgst -sign ~/.ssh/id_rsa data.txt > signature
3 - Encode signature and "data.txt" with base64.b64encode().
4 - Call verify_sign("~/.ssh/id_rsa.pub", signature_b64, data_b64)

saisankalpj · (This post was last modified: Nov-20-2018, 05:11 PM by saisankalpj.)

(Nov-20-2018, 05:01 PM)gontajones Wrote: Which steps did you follow?

1 - Create a key-pair with ssh-keygen
2 - Generate a signature for some "data.txt" with openssl dgst -sign ~/.ssh/id_rsa data.txt > signature
3 - Encode signature and "data.txt" with base64.b64encode().
4 - Call verify_sign("~/.ssh/id_rsa.pub", signature_b64, data_b64)

def verify_sign(public_key_loc, signature, data):
    '''
    Verifies with a public key from whom the data came that it was indeed 
    signed by their private key
    param: public_key_loc Path to public key
    param: signature String signature to be verified
    return: Boolean. True if the signature is valid; False otherwise. 
    '''
    from Crypto.PublicKey import RSA 
    from Crypto.Signature import PKCS1_v1_5 
    from Crypto.Hash import SHA512
    from base64 import b64decode 
    pub_key = open(public_key_loc, "r").read() 
    rsakey = RSA.importKey(pub_key) 
    signer = PKCS1_v1_5.new(rsakey) 
    digest = SHA512.new() 
    # Assumes the data is base64 encoded to begin with
    digest.update(b64decode(data)) 
    if signer.verify(digest, b64decode(signature)):
        return True
    return False

This is what i have followed

gontajones · Nov-20-2018, 05:12 PM

Yep, I run this code in my step 4 and it returned True.

saisankalpj · Nov-20-2018, 05:26 PM

(Nov-20-2018, 05:12 PM)gontajones Wrote: Yep, I run this code in my step 4 and it returned True.

Yeah but the problem for me is in line 17 i am hard coding the key as “BEGIN PUBLIC KEY ”+ hardcoded key value+”END PUBLIC KEY”. But i am getting false

gontajones · (This post was last modified: Nov-20-2018, 05:41 PM by gontajones.)

(Nov-20-2018, 05:26 PM)saisankalpj Wrote:
(Nov-20-2018, 05:12 PM)gontajones Wrote: Yep, I run this code in my step 4 and it returned True.

Yeah but the problem for me is in line 17 i am hard coding the key as “BEGIN PUBLIC KEY ”+ hardcoded key value+”END PUBLIC KEY”. But i am getting false

The key that you are mentioning is a private key, the function needs the public key (and it reads it from file).
Your public key file should looks like:

Output:
ssh-rsa AAAAB3N...ns3bhHGhjR6XCJcFik9K/ne+uhSy40Ij user@linux

Another question, how are you generating the signature?

saisankalpj · Nov-20-2018, 05:50 PM

(Nov-20-2018, 05:41 PM)gontajones Wrote:
(Nov-20-2018, 05:26 PM)saisankalpj Wrote: Yeah but the problem for me is in line 17 i am hard coding the key as “BEGIN PUBLIC KEY ”+ hardcoded key value+”END PUBLIC KEY”. But i am getting false

The key that you are mentioning is a private key, the function needs the public key (and it reads it from file).
Your public key file should looks like:
Output:
ssh-rsa AAAAB3N...ns3bhHGhjR6XCJcFik9K/ne+uhSy40Ij user@linux
Another question, how are you generating the signature?

The signature is being taken from a server response and my public key looks like
public_key = """-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8qHggSumaJ85aR1m/wb2
F7wg+e+1CFo08Dx0QG19Ii6zXXCjkmLHfkz44/1J33OQV2u1BJJ/6B70uXDYeHNx
xcEDbWOH54geTKriaLg+fGVhq/T7B3gUhIZhGz/8u8mtBDEDtoxwAxn7yLvR3P3a
dB5M3Ghp+2o7heAYdtLqxtfTe8cCHZ8ZLAVfwXNby0GJrq54909jxKjgUdBWU+ci
z4HrgrxjMbLxP2Epq0UzAEzxxqlUz/KjloehiyXr6FKH9eLqj8KSj0hcnW3QOgDK
hZI1lr2GCMvyXjB8wiesTxk5DNM0NAOCTrh1uDqZ4F1+rrOoMYDvs0VbNEAJlSfl
eQIDAQAB
-----END PUBLIC KEY-----"""

gontajones · Nov-20-2018, 06:03 PM

Hummm...my bad about saying that you were mentioning a private key, sorry.

This is a RSA public key? It should be.
Try with:
-----BEGIN RSA PUBLIC KEY----- ... -----END RSA PUBLIC KEY-----

saisankalpj · Nov-20-2018, 06:25 PM

(Nov-20-2018, 06:03 PM)gontajones Wrote: Hummm...my bad about saying that you were mentioning a private key, sorry.

This is a RSA public key? It should be.
Try with:
-----BEGIN RSA PUBLIC KEY----- ... -----END RSA PUBLIC KEY-----

Ok will check tomorrow and tell u ? Any other suggestion from you?

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	How can I get Python Bulk Email Verification Script With API?	zainalee	1	3,068	Jun-06-2021, 09:19 AM Last Post: snippsat
	Python Bulk Email Verification Script With API	Aj1128	0	3,126	Nov-28-2020, 11:38 AM Last Post: Aj1128
	List items verification for Integer type	vintysaw	4	3,829	Jan-17-2020, 01:56 PM Last Post: perfringo
	Remove Email Signature	NewBeie	4	11,169	Jan-01-2020, 06:44 PM Last Post: PythonPaul2016
	[cryptography.io] How to convert DER signature to ECDSA	fstefanov	1	3,951	Jul-04-2019, 08:59 AM Last Post: fstefanov
	Signature verification	saisankalpj	8	6,772	Nov-20-2018, 09:32 AM Last Post: saisankalpj
	With Python I cannot calculate an AWS signature for Rest APIs	Johno	4	7,804	Oct-06-2016, 11:05 AM Last Post: Johno

Signature verification

User Panel Messages

Announcements