使用公钥验证签名失败 python hmac

【问题标题】:verify signature with public key fail python hmac使用公钥验证签名失败 python hmac
【发布时间】:2021-11-26 02:47:07
【问题描述】: 
    Publickey = '''-----BEGIN PUBLIC KEY-----
    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVAMXVTMIuttHcP1kvSk9V39S7
    BqDbY+LC9JfwMzyoubo3fdsqBf4EmB1PfBUigcOL5YBqMKGEE6xmVw6SXCTH4JwX
    dqJ4IRiXf76YMt6PB0dMzu/qCmhaGFGkqT6vJM0hHyEbtS/P3FR9ZU+eaOvynLWb
    FvXTzIoctZM1IvDrCwIDAQAB
    -----END PUBLIC KEY-----'''

    public_key_encoded = Publickey[26:-25].replace('\n', '')
    public_key_der = base64.b64decode(public_key_encoded)

    WebhookSignature = "VtniwOFAi4oBKFnvHhY6UZ+wPARf7+yWVbE61Hc7JVdRgqKJ40Yk9k5Gb2Y0S0VLUYOOOhUNUsD7R8GDEr6WH84sAEf8bXa1xYMiyjgeGleTg1MxRJCtrHcxMeMCEXPWmKTeLhn6O+cdvDGq4ZpcTTiQnEvk5xHPcxFrBT637zg="
    WebhookTimestamp = 1611232922428
    WebhookNonce = "5RhaTrZPhknNv0kDSA2UQ67cPMVNS4sA"
    event_body = {"bizType":"PAY","data":"{\"merchantTradeNo\":\"9825382937292\",\"totalFee\":0.88000000,\"transactTime\":1619508939664,\"currency\":\"EUR\",\"commission\":0,\"openUserId\":\"1211HS10K81f4273ac031\",\"productType\":\"Food\",\"productName\":\"Ice Cream\",\"tradeType\":\"WEB\",\"transactionId\":\"M_R_282737362839373\"}","bizId":29383937493038367292,"bizStatus":"PAY_SUCCESS"}
    payload_to_sign = str(WebhookTimestamp) + "\n" + WebhookNonce + "\n" + json.dumps(event_body) + "\n"
    print(payload_to_sign)
    decodeSignature = base64.b64decode(WebhookSignature)

    hmac_code = hmac.new(public_key_der, payload_to_sign.encode('utf-8'), hashlib.sha256)
    final_hash = hmac_code.digest()
    print(hmac.compare_digest(final_hash, decodeSignature))

我正在尝试使用 python 验证 webhook。用公钥对payload进行散列后,结果与签名不同。

【问题讨论】:

  • java代码// input: pubKeyStr, decodedSignature, payload PEMParser pubParser = new PEMParser(new StringReader(pubKeyStr)) SubjectPublicKeyInfo pubKeyObj = (SubjectPublicKeyInfo) pubParser.readObject(); AsymmetricKeyParameter pubKey = PublicKeyFactory.createKey(pubKeyObj); byte[] payloadBytes = payload.getBytes(StandardCharsets.UTF_8); RSADigestSigner verifier = new RSADigestSigner(new SHA256Digest()); verifier.init(false, pubKey); verifier.update(payloadBytes, 0, payloadBytes.length); return verifier.verifySignature(decodedSignature);

标签: python hmac


【解决方案1】:

解决方案是 不能将 hmac 用于非对称密钥,而是使用 crypto 和 openssl

key = crypto.load_publickey(crypto.FILETYPE_PEM, open("public_cert_new.pem","rb").read())
x509 = crypto.X509()
x509.set_pubkey(key)

crypto.verify(x509, base64.b64decode(WebhookSignature), payload_to_sign, 'sha256')

【讨论】:

    猜你喜欢
    • 1970-01-01
    • 2012-07-26
    • 1970-01-01
    • 2013-05-28
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2015-03-08
    • 2019-08-11
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode