[Cryptography-dev] A RSA signature verification use case
Ricardo Newbery
ric at digitalmarbles.com
Mon Feb 8 19:37:11 EST 2016
Greetings Cryptographers :)
I'm trying to do some sort of RSA verification as described here:
https://wopi.readthedocs.org/en/latest/scenarios/proofkeys.html#using-the-rsa-modulus-and-exponent-to-retrieve-the-public-key
https://wopi.readthedocs.org/en/latest/scenarios/proofkeys.html#verifying-the-proof-keys
Those instructions show example code using the Crypto library (included below).
1) A valid request contains several attributes that are used to construct a hash (called `expected_proof`).
2) The same request also contains a signed version of the proof (called `signed_proof`) and some attributes to be used to construct the public key (I have no idea why the public key is not just available directly in this case).
3) The public key is then used to validate the signed_proof against the expected_proof.
----------------------------------------------
from base64 import b64decode
from Crypto.PublicKey import RSA
from Crypto.Util import asn1
def generate_key(modulus_b64, exp_b64):
mod = int(b64decode(modulus_b64).encode('hex'), 16)
exp = int(b64decode(exp_b64).encode('hex'), 16)
seq = asn1.DerSequence()
seq.append(mod)
seq.append(exp)
der = seq.encode()
return RSA.importKey(der)
# proof_key_attributes are from the discovery XML
public_key = generate_key(proof_key_attributes['modulus'], proof_key_attributes['exponent'])
from Crypto.Hash import SHA256
from Crypto.Signature import PKCS1_v1_5
def try_verification(expected_proof, signed_proof, public_key):
verifier = PKCS1_v1_5.new(public_key)
h = SHA256.new(expected_proof)
return verifier.verify(h, signed_proof)
# verify the proof
is_valid = try_verification(expected_proof, signed_proof, public_key)
----------------------------------------------
Soo...
Again, it's using Crypto. I'm interested in how to do the equivalent in `cryptography`. I'm studying the docs but since it looks like I'm diving into hazmat territory, I figure I would ask here first.
Thanks.
More information about the Cryptography-dev
mailing list