import os import base64 import rsa # 安装pycrypto from Crypto import Random from Crypto.Hash import SHA256 from Crypto.PublicKey import RSA from Crypto.Signature import PKCS1_v1_5 as Signature_pkcs1_v1_5 """ function 2: openssl genrsa -out ./myPrivateKey.pem -passout pass:"密码" -des3 2048 openssl rsa -pubout -in ./myPrivateKey.pem -passin pass:"密码" -out ./myPublicKey.pem """ def gen_sign(unsign_data, secret): """ 两种方式生成签名: 这是第一种 1. 打开文件方式,见所有被注释的部分,文件为.pem 2. passphrase 的参数为文件加密的密码 :return: 签名数据 """ path = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) doc = os.path.join(path, 'myPrivateKey.pem') with open(doc) as pk: key_data = pk.read() rsaKey = RSA.importKey(key_data, passphrase=密码) signer = Signature_pkcs1_v1_5.new(rsaKey) digest = SHA256.new() digest.update(unsign_data.encode('utf8')) sign = signer.sign(digest) signature = base64.b64encode(sign) print(signature) return signature def gen_sign(private_key, unsign_data, secret): """ 两种方式生成签名: 1. 是直接读取私钥的方式和未加签的数据 :return: 签名数据 """ rsaKey = RSA.importKey(base64.b64decode(private_key), passphrase=secret) signer = Signature_pkcs1_v1_5.new(rsaKey) digest = SHA256.new() digest.update(unsign_data.encode('utf8')) sign = signer.sign(digest) signature = base64.b64encode(sign) print(signature) return signature def verify_sign(data, sign, secret): """ 读取公钥文件,验签 """ path = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) doc = os.path.join(path, 'myPrivateKey.pem') with open(doc) as pk: key_data = pk.read() rsaKey = RSA.importKey(key_data, passphrase=b'密码') verifier = Signature_pkcs1_v1_5.new(rsaKey) digest = SHA256.new() digest.update(data.encode('utf8')) is_verify = verifier.verify(digest, base64.b64decode(sign)) print(is_verify) return is_verify def verify_sign(pubkey, data, sign, secret): """ 直接传公钥方式 """ rsaKey = RSA.importKey(base64.b64decode(pubkey), passphrase=secret) verifier = Signature_pkcs1_v1_5.new(rsaKey) digest = SHA256.new() digest.update(data.encode('utf8')) is_verify = verifier.verify(digest, base64.b64decode(sign)) print(is_verify) return is_verify if __name__ == '__main__': pass
pass