【问题标题】:Add payload and its signature in url base64 encoded and then decode it在 url base64 编码中添加有效负载及其签名,然后对其进行解码
【发布时间】:2018-11-28 13:43:55
【问题描述】:

您将在下面找到我的发送者和接收者代码,他们正在成功签署消息并且它有效

问题

如何将字节放入 url 并将有效负载的值传递到 GET 请求中,并将签名一起以 base64 编码 类似的东西

encoded_var = b64encode(payload.encode()+signature).decode('ACII')
url = "https://example.com/action?variable="+encoded_var

然后在接收者中验证 var 是由发送者签署的,这是一个交易演示,但我仍然无法得到它!感谢任何帮助

import time
import datetime
from Crypto.Signature import PKCS1_v1_5
from Crypto.PublicKey import RSA
from Crypto.Hash import SHA
from base64 import b64encode, b64decode
def sender():
    my_url = 'https://example.com/action?variable='
    payload = datetime.datetime.fromtimestamp(time.time()).strftime('%Y%m%d%H%M%S')
    print(payload)
    with open('mykey.pem', 'rb') as f:
        private_key = RSA.importKey(f.read(), passphrase='')
    print(private_key.can_sign())

    signature = sign(payload.encode(),private_key)

    full_message = b64encode(payload.encode()+signature)
    receiver(full_message)



def receiver(full_message ):
    message_decoded = b64decode(full_message)
    payload = message_decoded[:14].decode()
    #since i know that the lenght of the message is 14
    signature = message_decoded[-128:]
    #and I know that the signature is 128 bytes


    with open("mykey.pub", 'rb') as f:
        public_key = RSA.importKey(f.read(),passphrase='')

    print('VERIF', verify(payload.encode(), signature,public_key))

    return False





def sign(message, priv_key):
    signer = PKCS1_v1_5.new(priv_key)
    digest = SHA.new()
    digest.update(message)
    return signer.sign(digest)



def verify(message, signature, pub_key):
    signer = PKCS1_v1_5.new(pub_key)
    digest = SHA.new()
    digest.update(message)
    return signer.verify(digest, signature)


sender()

【问题讨论】:

    标签: python url rsa signature


    【解决方案1】:

    PS:我仍然想知道在编码字符串中使用“/”和“+”是否是 url 安全的

    好的,在这里发布我的问题的答案: 所以完整的消息是以字节为单位的,如果我用 ASCII 解码完整的消息

     full_message = b64encode(payload.encode()+signature)
     print(full_message)
    

    返回字节

    b'MjAxODExMjgxNjAyMTmsNkL1RwldzchBWFN5hJKr8CZu6sdOtqRloZlmVWnIi7NC6qZrmalls4up8rGdZ2FHGXIvvRtU7M5m + X7A / D48qQRCU9mw9tor9E / TkNvwAmEKmsWaiwTONd78Fgtmu7Ws7qBLBFrnA3wnUM2E + 2HB6RrDe3WrlBWy39A + oRctuw ==' P>

    full_message = b64encode(payload.encode()+signature).decode('ASCII')
    print(full_message)
    

    返回可以附加到 url 的字符串

    MjAxODExMjgxNjAxMzMdxIw7ipGAUSdnQt4mpDOdoVH5uiInkP8MM + cNFC3oapRtytv3k5ecLjB4w / kx8gs73Al + 6T7 / NbXyJbT + F + XYIz7DXSy4Mav2 / AB9 / sGZKU8Ef + Q7Z8 + FJTFn0BaaGFoSyaamLx00gncHtVqPgFjvS3gAmFAdiBTQmoSNI6gmrA == P>

    然后在receiver

    def receiver(full_message ):
        #if I b64decode the whole message and then decode the payload 
        #returns true :)
       
        message_decoded = b64decode(full_message)
        payload = message_decoded[:14].decode()
    
        signature = message_decoded[-128:]
    
    
        ...
    

    【讨论】:

      猜你喜欢
      • 2016-03-21
      • 2015-04-27
      • 2012-04-06
      • 2020-06-26
      • 1970-01-01
      • 2020-09-18
      • 2014-08-16
      • 1970-01-01
      • 1970-01-01
      相关资源
      最近更新 更多