使用crypto/ecdsa包中的Verify函数进行验证时,即使数据不同,它也会返回true。

huangapple go评论76阅读模式
英文:

go crypto/ecdsa Verify giving true even when the data is different

问题

我有一些以映射形式表示的数据,并将其转换为[]byte类型并进行签名,但在验证时,即使用于验证和签名的数据不同,它也会返回True值。
以下是我所做的操作:

func main(){
    n, _ := ioutil.ReadFile("privatekey")

    private_key,_ := x509.ParseECPrivateKey(n)
    public_key := private_key.PublicKey


    data := map[string]string{
        "data1": "somestring",
        "data2": "12312",
        "data3": "34fs4",
    }

    json_data, _ := json.Marshal(data)

    data_2 := map[string]string{
        "data1": "somestring",
        "data2": "13312",
        "data4": "fh34",
    }



    json_data_2,_ := json.Marshal(data_2)

    r, s, _ := ecdsa.Sign(rand.Reader, private_key, json_data)

    verifystatus := ecdsa.Verify(&public_key, json_data_2, r, s)
    fmt.Println(verifystatus)
}

它会打印出true。我尝试更改数据,似乎如果json_data和json_data_2的前32个字节相同,那么Verify函数将返回true。
是否有一些限制我可以发送给ecdsa.Verify()的字节数组的长度?如果有,我如何用于更大的数据?

英文:

I have some data in form of map and I'm converting it to []byt and signing it and when verifying, it gives True value even when data used for verifying and signing are different.
Here is what I did-

func main(){
	n, _ := ioutil.ReadFile("privatekey")

	private_key,_ := x509.ParseECPrivateKey(n)
	public_key := private_key.PublicKey
	
	
	data := map[string]string{
		"data1": "somestring",
		"data2": "12312",
		"data3": "34fs4",
	}
	
	json_data, _ := json.Marshal(data)
	
	data_2 := map[string]string{
		"data1": "somestring",
		"data2": "13312",
		"data4": "fh34",
	}
	
	
	
	json_data_2,_ := json.Marshal(data_2)
	    	
	r, s, _ := ecdsa.Sign(rand.Reader, private_key, json_data)

	verifystatus := ecdsa.Verify(&public_key, json_data_2, r, s)
	fmt.Println(verifystatus)
}

It is printing true. I tried changing the data and it seems that If json_data and json_data_2 have first 32 bytes common, then Verify returns true.
Is there some limit over the length of byte array I can send to ecdsa.Verify()? If so how can I use it for larger data?

答案1

得分: 2

golang的ecdsa.Signecdsa.Verify函数预期接收的是加密哈希函数的输出,而不是消息本身。所以你说的只有前32个字节被检查是正确的。

为了解决这个问题,首先使用加密哈希函数(如SHA-2)对消息进行哈希处理。

英文:

The golang ecdsa.Sign and ecdsa.Verify functions are expected to take the output of a cryptographic hash function, rather than the message itself. So you are correct that only the first 32 bytes are being examined, in this case.

To resolve the problem first hash the messages using a cryptographic hash function such as SHA-2

huangapple
  • 本文由 发表于 2017年6月23日 05:13:26
  • 转载请务必保留本文链接:https://go.coder-hub.com/44709489.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定