How to use openssl to verify without creating files in python?

Question

I am using OpenSSL to perform verification.

openssl dgst -sha256 -verify public.pem -signature sign_file origin_file

What I need to do is that if I know the content of sign_file and origin_file, how can I do the verify work in python without creating files?

score 1 · Answer 1 · answered Dec 06 '16 at 08:53

1

Have you tried pyopenssl?

OpenSSL.crypto.verify(certificate, signature, data, digest)

answered Dec 06 '16 at 08:53

Alexey Smirnov

2,573
14
20

The first parameter certificate is a X509 instance corresponding to the private key which generated the signature, how can I generate the X509 instance if I only have the public key? – sting_roc Dec 07 '16 at 03:14

score 1 · Accepted Answer · edited May 23 '17 at 11:53

I find a solution on question: How do you verify an RSA SHA1 signature in Python?

Below is the demo to do the verify work:

import base64

from M2Crypto import BIO, RSA, EVP

ori = "content of origin string"
sig = "content of signature string"

with open("./public.pem") as f:
    pem = f.read()
    bio = BIO.MemoryBuffer(pem)
    rsa = RSA.load_pub_key_bio(bio)

    pubkey = EVP.PKey()
    pubkey.assign_rsa(rsa)
    pubkey.reset_context(md="sha256")
    pubkey.verify_init()
    pubkey.verify_update(ori)
    print pubkey.verify_final(base64.b64decode(sig))  # 1 means verify OK

How to use openssl to verify without creating files in python?

2 Answers2