验证苹果的签名

huangapple go评论90阅读模式
英文:

Verify Apple's signature

问题

我正在尝试根据文档验证签名。这是一个示例:

# cryptography==37.0.4
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import ec
import base64

data = b"demo data"
signature = b"demo signature"

public_key_base64 = "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEWdp8GPcGqmhgzEFj9Z2nSpQVddayaPe4FMzqM9wib1+aHaaIzoHoLN9zW4K8y4SPykE3YVK3sVqW6Af0lfx3gg=="
public_key_bytes = base64.b64decode(public_key_base64)
apple_public_key = ec.EllipticCurvePublicKey.from_encoded_point(ec.SECP256R1(), public_key_bytes)

apple_public_key.verify(
    signature,
    data,
    ec.ECDSA(hashes.SHA256())
)

from_encoded_point 生成了以下错误:

raise ValueError("Unsupported elliptic curve point type")
ValueError: Unsupported elliptic curve point type

我还尝试了来自 chat GPT 的不同方法,但都不起作用。请问您是否能提供一个可行的示例?

英文:

I'm trying to verify a signature according to the documentation. Here is an example:

# cryptography==37.0.4
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import ec
import base64

data = b"demo data"
signature = b"demo signature"

public_key_base64 = "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEWdp8GPcGqmhgzEFj9Z2nSpQVddayaPe4FMzqM9wib1+aHaaIzoHoLN9zW4K8y4SPykE3YVK3sVqW6Af0lfx3gg=="
public_key_bytes = base64.b64decode(public_key_base64)
apple_public_key = ec.EllipticCurvePublicKey.from_encoded_point(ec.SECP256R1(), public_key_bytes)

apple_public_key.verify(
    signature,
    data,
    ec.ECDSA(hashes.SHA256())
)

from_encoded_point generates:

    raise ValueError("Unsupported elliptic curve point type")
ValueError: Unsupported elliptic curve point type

Also tried different approaches from chat GPT but none works. Could you provide a working example please?

答案1

得分: 1

以下是翻译好的部分:

"该密钥似乎是一个经过Base64编码的SubjectPublicKeyInfo格式的公钥。密码学模块通过cryptography.hazmat.primitives.serialization模块为其支持的所有公钥类型提供了一种通用的解码方法。因此,修复方法只需将以下代码

apple_public_key = ec.EllipticCurvePublicKey.from_encoded_point(ec.SECP256R1(), public_key_bytes)

替换为以下更简单的代码:

apple_public_key = serialization.load_der_public_key(public_key_bytes)

当然,还需要将serialization添加到相关的导入语句中:

from cryptography.hazmat.primitives import hashes, serialization
英文:

The key appears to be a base64 encoded SubjectPublicKeyInfo formatted public key. The cryptography module provide a general method for decoding these for all the public key types it supports via the cryptography.hazmat.primitives.serialization module. Thus, the fix is simply to replace

apple_public_key = ec.EllipticCurvePublicKey.from_encoded_point(ec.SECP256R1(), public_key_bytes)

with the much simpler

apple_public_key = serialization.load_der_public_key(public_key_bytes)

and of course add serialization to the relevant import statement:

from cryptography.hazmat.primitives import hashes, serialization

huangapple
  • 本文由 发表于 2023年5月24日 18:26:48
  • 转载请务必保留本文链接:https://go.coder-hub.com/76322516.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定