0

I try to use pyOpenSSL for signed a data, I create key pair (private and publique) and certificate.

I'm a beginner with this technology, I use OpenSSl, but if you have suggestions for generate a signed message with private and public key in python, I'm take ! I want to use RSA and DSA algorithm for my tests.

I find m2Crypto, pyCrypto and other. I do not know what is the best for this. gnupg for python and pyOpenSSl are more recent visibly.

I used function for signed a message with my private key, and I verify the data. But when I see the function for verify the signature, in parameters I need : private key, signature, data and digest type.

I do not know where I am wrong in this code, I find some examples, but I do not understand how this can work because the first parameters for the verify function is a X509 object "certificate is a X509 instance corresponding to the private key which generated the signature." and the second is the signature generated with the private key..

This code work perfectly with the private key :

from OpenSSL import crypto

_k = crypto.PKey()
_cert = crypto.X509()

# Create keys
_k.generate_key(crypto.TYPE_RSA, 2048)

# Add argument for create certificate
_cert.gmtime_adj_notBefore(0)
_cert.gmtime_adj_notAfter(0*365*24*60*60) #10 years expiry date
_cert.set_pubkey(_k)
_cert.sign(_k, 'sha256')

# Create key's file
with open("public_key.pem",'w') as f:
    f.write(crypto.dump_publickey(crypto.FILETYPE_PEM, _k))

with open("private_key.pem",'w') as f:
    f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, _k))

with open("certificate.pem",'w') as f:
    f.write(crypto.dump_certificate(crypto.FILETYPE_PEM, _cert))

#-------------------------------------------------------------------------------

# Open key and load in var
with open("private_key.pem",'r') as f:
    priv_key = crypto.load_privatekey(crypto.FILETYPE_PEM, f.read())

with open("public_key.pem",'r') as f:
    pub_key = crypto.load_publickey(crypto.FILETYPE_PEM, f.read())

with open("certificate.pem",'r') as f:
    cert = crypto.load_certificate(crypto.FILETYPE_PEM, f.read())

# sign message 'hello world' with private key and certificate
sign = crypto.sign(priv_key, "hello world", 'sha256')
print crypto.verify(cert, sign, "hello world", 'sha256')

So, my question is, how use the public key for verify the data ? If Bob give a public key to alice, How it checks the message with this public key ?

You have a idea ?

Thanks a lot, Romain

Nick Weseman
  • 1,502
  • 3
  • 16
  • 22
  • Have you tried `crypto.verify(pub_key, sign, "hello world", 'sha256')`? – Artjom B. May 15 '17 at 21:44
  • Yes I try with this, and publique key is not the same instance as the private key, http://www.pyopenssl.org/en/stable/api/crypto.html#signing-and-verifying-signatures –  May 16 '17 at 07:52

2 Answers2

1

I found a answer in this post.

from OpenSSL.crypto import load_publickey, FILETYPE_PEM, verify, X509
# ... code ...
x509 = X509()
x509.set_pubkey(pub_key)
# ... code ...
print verify(x509, sign, sha, 'sha256')

I'm wondering.. When I get a message, I use the public key for authenticating the transmitter, but why I have to use the signature to do the verification ? To generate the signature, I need the private key .. Is there something I did not understand in the use of the library ?

0

ok I understood my mistake : Cryptography Digital signatures

source