Python中使用cryptography.hazmat.primitives.serialization进行数字签名和验证操作的步骤详解
发布时间:2024-01-15 01:39:44
在Python中使用cryptography.hazmat.primitives.serialization进行数字签名和验证操作的步骤如下:
1. 导入所需的模块和类
from cryptography.hazmat.primitives import serialization from cryptography.hazmat.primitives.asymmetric import padding from cryptography.hazmat.primitives.hashes import SHA256 from cryptography.hazmat.backends import default_backend
2. 生成密钥对
from cryptography.hazmat.primitives.asymmetric import rsa
private_key = rsa.generate_private_key(
public_exponent=65537,
key_size=2048,
backend=default_backend()
)
public_key = private_key.public_key()
3. 将私钥和公钥保存到文件
private_pem = private_key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.PKCS8,
encryption_algorithm=serialization.NoEncryption()
)
with open('private_key.pem', 'wb') as f:
f.write(private_pem)
public_pem = public_key.public_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PublicFormat.SubjectPublicKeyInfo
)
with open('public_key.pem', 'wb') as f:
f.write(public_pem)
4. 加载私钥和公钥
with open('private_key.pem', 'rb') as f:
private_pem = f.read()
private_key = serialization.load_pem_private_key(private_pem, password=None, backend=default_backend())
with open('public_key.pem', 'rb') as f:
public_pem = f.read()
public_key = serialization.load_pem_public_key(public_pem, backend=default_backend())
5. 签名
message = b"Hello World"
signature = private_key.sign(
message,
padding.PSS(
mgf=padding.MGF1(SHA256()),
salt_length=padding.PSS.MAX_LENGTH
),
SHA256()
)
6. 验证签名
try:
public_key.verify(
signature,
message,
padding.PSS(
mgf=padding.MGF1(SHA256()),
salt_length=padding.PSS.MAX_LENGTH
),
SHA256()
)
print("Signature is valid")
except InvalidSignature:
print("Signature is invalid")
以上是使用cryptography.hazmat.primitives.serialization进行数字签名和验证的步骤。下面是一个完整的示例代码:
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import padding
from cryptography.hazmat.primitives.hashes import SHA256
from cryptography.exceptions import InvalidSignature
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.asymmetric import rsa
# 生成密钥对
private_key = rsa.generate_private_key(
public_exponent=65537,
key_size=2048,
backend=default_backend()
)
public_key = private_key.public_key()
# 保存私钥和公钥到文件
private_pem = private_key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.PKCS8,
encryption_algorithm=serialization.NoEncryption()
)
with open('private_key.pem', 'wb') as f:
f.write(private_pem)
public_pem = public_key.public_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PublicFormat.SubjectPublicKeyInfo
)
with open('public_key.pem', 'wb') as f:
f.write(public_pem)
# 加载私钥和公钥
with open('private_key.pem', 'rb') as f:
private_pem = f.read()
private_key = serialization.load_pem_private_key(private_pem, password=None, backend=default_backend())
with open('public_key.pem', 'rb') as f:
public_pem = f.read()
public_key = serialization.load_pem_public_key(public_pem, backend=default_backend())
# 签名
message = b"Hello World"
signature = private_key.sign(
message,
padding.PSS(
mgf=padding.MGF1(SHA256()),
salt_length=padding.PSS.MAX_LENGTH
),
SHA256()
)
# 验证签名
try:
public_key.verify(
signature,
message,
padding.PSS(
mgf=padding.MGF1(SHA256()),
salt_length=padding.PSS.MAX_LENGTH
),
SHA256()
)
print("Signature is valid")
except InvalidSignature:
print("Signature is invalid")
在这个示例代码中,我们生成了一个RSA密钥对,并将私钥和公钥保存到了文件中。然后我们又分别加载了私钥和公钥。在签名时,我们使用私钥对消息进行签名,然后使用公钥验证签名的有效性。最后,根据验证结果输出相应的信息。