我正在尝试通过 pyopenssl 使用 OpenSSL API • 在Python 中使用我认为的PKCS#1 1.5 填充和SHA1 摘要来计算RSA 签名。
它给出了错误的结果。这是最小化的示例。
#!/usr/bin/env python3
from binascii import hexlify, unhexlify
from pprint import pprint
key_pem = (
b"-----BEGIN PRIVATE KEY-----\n"
b"MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDRgJ0gr3uHa/UB\n"
b"0CQiPu2/YQByMLYvko3SbI/seMNvkq+iawYTVl62Q1SoZ9rZldNFlEvqaePiKYaJ\n"
b"PB4ZXMcEqnonD5YATq92SpxkvPngu4t2FvPPS86C6FvKbnIxfgHbR64vWQTrEOj4\n"
b"s48GFFJ+5QSzl6J7/HB0WpEHdGjTaMM5kp54DvO1VX3mbOEQyoq4itm2m+eyREic\n"
b"Ye3KHGykGZJJTcrTCf+qJXOWecvNpuVIny9IGyWy1CDnGNX5Qj7ckA91/WVPm7d0\n"
b"qsbrKWuDKxwp0dV8p64+wWGkDJcj87HQcroU3tCsDJN4iF8KpCGQ097UyA9xdXTw\n"
b"kk5riQZdAgMBAAECggEABiLVt1Dcdd1wGiL+A/DC5uGQ8UdC9sa8l6atWng5BSoP\n"
b"MdsfnO5hLMZxEtOj4c6VFwseZBnA3m1n7toPaZ/Bhn31wPIgaxbi5byOsxaj3PSx\n"
b"Q36tmms2e7gRhC7S8mcl58XEMMfTMI1YvXwI2t06g1Py3M26qRX+NzI14DmFHnf7\n"
b"+EdiI5vfms/Whu6r3ekCkjIcPo67icP3RdaKaXzW7r9TwBPcyvriREjxCq+/sav8\n"
b"ZwCUc9Zo91eh11G7tT8QrTXdxZHuVRTOxWEdgSAo5ZZ77nPHIWvNOvnI5ZEkMNG3\n"
b"IFEuqtvwEHoTSQCsgaIQXhe/zOG65Cs5mQZWn7h9kQKBgQDwy0L6SFJisPrYUFyJ\n"
b"U+IdnxfgVltOEVT/Oaiq7it7BoxMAuJbm03acmkFRuran7ZJz6D3NK3YKVX6HFAB\n"
b"R9JJx4BjSfXL1By7gZ9ZUkbTVHWSqsXztKYGsxC7cOC0VuUvW40Xn6c7+3mJae/0\n"
b"TLoFfoMda8M8cTHAQISuODtiuQKBgQDeu3vuNO+vRE/Mfl1SqLgVLrJ3HqNpv/E3\n"
b"I+6kR957o8kXJGVRGPhUAeTuZMq0+W9/RFClg/D2nTfXk/XWw1bC1RsC3qYv64Gr\n"
b"1kCXPhs0ykyB1gqJiCHXuKIP+wS1QtVNThzIy7E5ArXhTXvf/4Wu9KAfrxmGy29q\n"
b"PCo2obd+xQKBgQCCTeyT1llG8PD96Bb7dbpSP0rDatgEGhr99qzQuwwqijOX2qO1\n"
b"4QgzY2Bzq5nh7zXNIZ/AxvAgntXZAENHPh+NL3nJwTdTMxjNW2rpAj4zlGv/j4yJ\n"
b"wkNqMrKmTII89R0XEJr8orf0HLT7aKmicXblDD5VyIAhkDvVBtUGFoYEeQKBgEZ0\n"
b"shhBAIzFpCSA2I58Nnbk5alOtMyP3gLeR/AJl/QudD7w0Wfc6TjRvJQ4p/KlcMKm\n"
b"Xohs+z1XsEFuWXbNJdXNyZSXz6Qa8FLmHFp7V+nUEG2FwqGMwX/WtNUvR2b7NDQX\n"
b"AH34CSCKnfQeKZBK6QPV+Aztu7prAdxuGcBcWYotAoGAfoZYElXiuzytY9XALgrr\n"
b"mkn5hBglH3w7PgRpPXiEz9JtRKsPkd+LGOHnb61iS0c7d/ZqInKd2EvXHW0G50g1\n"
b"1A6iCWIZ1BB/EeTm1PXpfkHO+nS996vJsDAgpER+XiVI0ZYZ7wO3fUbAmawJIv6m\n"
b"NhoqVkkXl5bpYs7UiMxwZKA=\n"
b"-----END PRIVATE KEY-----\n"
)
challenge = unhexlify("f78b704e 49176ec7 8c53265f 626cd69d 5bd07b9a".replace(' ', ''))
assert len(challenge) == 20
import OpenSSL.crypto as openssl
k = openssl.load_privatekey(openssl.FILETYPE_PEM, key_pem)
signature = openssl.sign(k, challenge, 'sha1')
pprint(hexlify(signature))
# --->
# (b'308a810a90a30513c93167ed2674f97cef1c4bc6df8160a1ea5480763d34ac3043c576fa2fa1'
# b'71e48bdd0bbb13bcf38bbd4483b3cba215f347439e3e169bb02e49b5b47679ec2dad328174cd'
# b'f893b2c71465b3eba858b00cc92aa536af2f5c85307cc331a19c4acd54923f23e0b9bf5009b2'
# b'6d2a4469378e352eaf29f7ce333b8cabca39d9b8858b73e93b745b30ee74264623ef790e6a61'
# b'a1e7ffb360aa9505f7fc868881d8440ff6765f233dac259a11d49c221ab7549e16df07bdc99e'
# b'dbbe953ca7e9b1164a115932a9e4c4e3c3509008127298f9d5baae405d97e179c949b013b983'
# b'76c04d92b7fdf0056f60c9c6df2932c122a7bce0afcf334c13e982b3')
#-- wrong! should be:
# 21 B3 AD 47 7A 3F 83 A6 CA 00 E7 D9 89 DB 11 C0
# 90 6F 5D 27 9C 43 BB BD 5D 4A 02 4E 1C 11 F3 6C
# 3A DC D8 25 B1 8D 16 AC 64 8D 34 7B 9F 1F 77 AC
# 29 F6 4F B3 C8 A7 42 78 D3 1E 2C 9E E8 09 9F 58
# A4 65 0F 45 9F 33 CC B5 01 38 7E A7 D7 31 B9 C7
# 46 D4 82 8C 47 68 B1 F5 86 BD 1E 01 7D 03 3B 88
# 57 0C F6 80 FC 7D 47 88 24 D9 EF F8 19 2D B3 73
# 31 B0 9D 5E 8F 9F 77 9E 33 2B E7 EE AA 51 90 05
# 29 75 A2 88 08 25 7A 9E 31 9E 5B ED 28 14 3E 54
# EC 63 AB 08 3B 61 8C 60 93 83 74 63 1F CD E7 10
# E2 B5 1D EC 61 15 40 83 A2 1E E2 80 B8 90 B3 A2
# 7D 10 BB 8E D8 1D 42 DD F2 52 E2 08 C1 7C 27 FB
# 97 C0 DF BD 28 20 C7 B9 94 D3 71 85 2D 1E 3F 75
# FF 33 EE 8F 44 D7 1A A3 A7 37 2F BD 84 4B D4 2D
# C6 72 75 C7 F4 CE 56 3C 98 6F C4 F8 1B DD 37 13
# B0 E2 BA AA 69 75 25 4D 2B A4 3C A1 D2 C3 88 69
#
我知道在 C 中使用[看起来像]完全相同的代码是错误的。这个 C 版本确实复制了“正确”签名(我在协议(protocol)转储中看到的签名)。
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/rsa.h>
#include <openssl/pem.h>
#include <stdio.h>
#include <stdint.h>
static const char key_pem[] = {
"-----BEGIN PRIVATE KEY-----\n"
"MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDRgJ0gr3uHa/UB\n"
"0CQiPu2/YQByMLYvko3SbI/seMNvkq+iawYTVl62Q1SoZ9rZldNFlEvqaePiKYaJ\n"
"PB4ZXMcEqnonD5YATq92SpxkvPngu4t2FvPPS86C6FvKbnIxfgHbR64vWQTrEOj4\n"
"s48GFFJ+5QSzl6J7/HB0WpEHdGjTaMM5kp54DvO1VX3mbOEQyoq4itm2m+eyREic\n"
"Ye3KHGykGZJJTcrTCf+qJXOWecvNpuVIny9IGyWy1CDnGNX5Qj7ckA91/WVPm7d0\n"
"qsbrKWuDKxwp0dV8p64+wWGkDJcj87HQcroU3tCsDJN4iF8KpCGQ097UyA9xdXTw\n"
"kk5riQZdAgMBAAECggEABiLVt1Dcdd1wGiL+A/DC5uGQ8UdC9sa8l6atWng5BSoP\n"
"MdsfnO5hLMZxEtOj4c6VFwseZBnA3m1n7toPaZ/Bhn31wPIgaxbi5byOsxaj3PSx\n"
"Q36tmms2e7gRhC7S8mcl58XEMMfTMI1YvXwI2t06g1Py3M26qRX+NzI14DmFHnf7\n"
"+EdiI5vfms/Whu6r3ekCkjIcPo67icP3RdaKaXzW7r9TwBPcyvriREjxCq+/sav8\n"
"ZwCUc9Zo91eh11G7tT8QrTXdxZHuVRTOxWEdgSAo5ZZ77nPHIWvNOvnI5ZEkMNG3\n"
"IFEuqtvwEHoTSQCsgaIQXhe/zOG65Cs5mQZWn7h9kQKBgQDwy0L6SFJisPrYUFyJ\n"
"U+IdnxfgVltOEVT/Oaiq7it7BoxMAuJbm03acmkFRuran7ZJz6D3NK3YKVX6HFAB\n"
"R9JJx4BjSfXL1By7gZ9ZUkbTVHWSqsXztKYGsxC7cOC0VuUvW40Xn6c7+3mJae/0\n"
"TLoFfoMda8M8cTHAQISuODtiuQKBgQDeu3vuNO+vRE/Mfl1SqLgVLrJ3HqNpv/E3\n"
"I+6kR957o8kXJGVRGPhUAeTuZMq0+W9/RFClg/D2nTfXk/XWw1bC1RsC3qYv64Gr\n"
"1kCXPhs0ykyB1gqJiCHXuKIP+wS1QtVNThzIy7E5ArXhTXvf/4Wu9KAfrxmGy29q\n"
"PCo2obd+xQKBgQCCTeyT1llG8PD96Bb7dbpSP0rDatgEGhr99qzQuwwqijOX2qO1\n"
"4QgzY2Bzq5nh7zXNIZ/AxvAgntXZAENHPh+NL3nJwTdTMxjNW2rpAj4zlGv/j4yJ\n"
"wkNqMrKmTII89R0XEJr8orf0HLT7aKmicXblDD5VyIAhkDvVBtUGFoYEeQKBgEZ0\n"
"shhBAIzFpCSA2I58Nnbk5alOtMyP3gLeR/AJl/QudD7w0Wfc6TjRvJQ4p/KlcMKm\n"
"Xohs+z1XsEFuWXbNJdXNyZSXz6Qa8FLmHFp7V+nUEG2FwqGMwX/WtNUvR2b7NDQX\n"
"AH34CSCKnfQeKZBK6QPV+Aztu7prAdxuGcBcWYotAoGAfoZYElXiuzytY9XALgrr\n"
"mkn5hBglH3w7PgRpPXiEz9JtRKsPkd+LGOHnb61iS0c7d/ZqInKd2EvXHW0G50g1\n"
"1A6iCWIZ1BB/EeTm1PXpfkHO+nS996vJsDAgpER+XiVI0ZYZ7wO3fUbAmawJIv6m\n"
"NhoqVkkXl5bpYs7UiMxwZKA=\n"
"-----END PRIVATE KEY-----\n"
};
static const uint8_t challenge[20] = {
0xf7,0x8b,0x70,0x4e, 0x49,0x17,0x6e,0xc7, 0x8c,0x53,0x26,0x5f,
0x62,0x6c,0xd6,0x9d, 0x5b,0xd0,0x7b,0x9a
};
void report_openssl_errors() {
uint32_t errcode;
while (0 != (errcode = ERR_get_error())) {
printf("! %s\n", ERR_error_string(errcode, 0));
}
}
int main() {
BIO* biomemfile = BIO_new_mem_buf(key_pem, sizeof(key_pem));
RSA* pkey = PEM_read_bio_RSAPrivateKey(biomemfile, 0, 0, 0);
if (!pkey) { report_openssl_errors(); }
uint8_t sig[256];
int sigsize;
RSA_sign(NID_sha1,
challenge, sizeof(challenge),
sig, &sigsize,
pkey);
if (sigsize == -1) { report_openssl_errors(); }
// hex dump
for(int i = 0; i < sigsize; ++i) {
printf("%02X ", sig[i]);
if (i % 16 == 7) printf(" ");
if (i % 16 == 15) printf("\n");
}
printf("\n");
}
// --->
// 21 B3 AD 47 7A 3F 83 A6 CA 00 E7 D9 89 DB 11 C0
// 90 6F 5D 27 9C 43 BB BD 5D 4A 02 4E 1C 11 F3 6C
// 3A DC D8 25 B1 8D 16 AC 64 8D 34 7B 9F 1F 77 AC
// 29 F6 4F B3 C8 A7 42 78 D3 1E 2C 9E E8 09 9F 58
// A4 65 0F 45 9F 33 CC B5 01 38 7E A7 D7 31 B9 C7
// 46 D4 82 8C 47 68 B1 F5 86 BD 1E 01 7D 03 3B 88
// 57 0C F6 80 FC 7D 47 88 24 D9 EF F8 19 2D B3 73
// 31 B0 9D 5E 8F 9F 77 9E 33 2B E7 EE AA 51 90 05
// 29 75 A2 88 08 25 7A 9E 31 9E 5B ED 28 14 3E 54
// EC 63 AB 08 3B 61 8C 60 93 83 74 63 1F CD E7 10
// E2 B5 1D EC 61 15 40 83 A2 1E E2 80 B8 90 B3 A2
// 7D 10 BB 8E D8 1D 42 DD F2 52 E2 08 C1 7C 27 FB
// 97 C0 DF BD 28 20 C7 B9 94 D3 71 85 2D 1E 3F 75
// FF 33 EE 8F 44 D7 1A A3 A7 37 2F BD 84 4B D4 2D
// C6 72 75 C7 F4 CE 56 3C 98 6F C4 F8 1B DD 37 13
// B0 E2 BA AA 69 75 25 4D 2B A4 3C A1 D2 C3 88 69
//
// -- that's correct!
<小时/>
有了复制器,问题就很简单了......我错过了什么?
两个输出应该匹配。挑战字符串和 pkey 相同。
<小时/>•我也尝试了cryptography
API,它的输出与pyopenssl的没有什么不同
最佳答案
好吧,事实证明我也可以仅使用 openssl(1)
pkeyutl/dgst 重现这两个签名:
printf "$challenge" \
| openssl pkeyutl -sign -pkeyopt digest:sha1 -inkey key.pem \
| hexdump -C
00000000 21 b3 ad 47 7a 3f 83 a6 ca 00 e7 d9 89 db 11 c0 |!..Gz?..........|
00000010 90 6f 5d 27 9c 43 bb bd 5d 4a 02 4e 1c 11 f3 6c |.o]'.C..]J.N...l|
...
并且(我称之为“错误”签名):
printf "$challenge" \
| openssl dgst -sha1 -sign key.pem \
| hexdump -C
00000000 30 8a 81 0a 90 a3 05 13 c9 31 67 ed 26 74 f9 7c |0........1g.&t.||
00000010 ef 1c 4b c6 df 81 60 a1 ea 54 80 76 3d 34 ac 30 |..K...`..T.v=4.0|
有趣的是,openssl rsautl
给出了第三个签名值(!);如果您省略 -pkeyoptdigest:sha1
,则这会匹配 pkeyutl
输出:
printf "$challenge" \
| openssl rsautl -inkey key.pem -sign -pkcs \
| hexdump -C
00000000 54 4b b4 27 af 0e 0f 1f d6 a4 31 10 ae 45 7c 77 |TK.'......1..E|w|
00000010 ec 0a 6b cd ae a6 bf 4e c1 88 a9 3f d7 db f2 91 |..k....N...?....|
我发现......这种疯狂的许多解释:
关于python - 为什么在 C 和 Python 中使用 OpenSSL API 时会得到不同的签名?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/56511536/