I am struggling to port the following java code to python. I am using PyCrypto to read the publickKey but it fails with an assertionError:
keyDER = b64decode(publicKeyBase64)
seq = asn1.DerSequence()
keyPub = RSA.construct( (seq[0], seq[1]) )
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/local/lib/python2.7/site-packages/Crypto/PublicKey/RSA.py", line 539, in construct
key = self._math.rsa_construct(*tup)
File "/usr/local/lib/python2.7/site-packages/Crypto/PublicKey/_slowmath.py", line 84, in rsa_construct
assert isinstance(n, long)
These are the variables:
signature = "cIUiufopX990NUXlVUznzf3\/gBwhXol2ligPdGp7CHrZNAdDzkDj5pQoikj2sKFiRACEA STh gE4oKJwRAC7Qz1NsNHWCkIYZPAwX\/95sHiVmNiqfXIowm9cqLWyL XLJwkmQupNoTauYWiEm1YF904LyI4hecNST4H4lNcl68="
message = "2425605254855826526"
and this is the code in Java that verifies the signature.
import java.security.KeyFactory;
import java.security.Signature;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.X509EncodedKeySpec;
verifySignature(String message, String signature, String publicKeyBase64 )
byte[] keyBytes = javax.xml.bind.DatatypeConverter.parseBase64Binary(publicKeyBase64);
X509EncodedKeySpec spec = new X509EncodedKeySpec(keyBytes);
KeyFactory fact = KeyFactory.getInstance("RSA");
pubKey = (RSAPublicKey) fact.generatePublic(spec);
Signature genSignature = Signature.getInstance("SHA1withRSA");
boolean result = genSignature.verify(javax.xml.bind.DatatypeConverter.parseBase64Binary(signature));
There is a specific class method called importKey in PyCrypto to read in DER or PEM encoded RSA keys.
from base64 import b64decode
from Crypto.PublicKey import RSA
keyDER = b64decode(publicKeyBase64)
keyPub = RSA.importKey(keyDER)
If your key is not a simple DER, but a full X.509 certificate, see this other StackOverflow answer.
Once you have keyPub
, you can verify the signature like this:
from Crypto.Signature import PKCS1_v1_5
from Crypto.Hash import SHA
verifier = PKCS1_v1_5.new(keyPub)
h = SHA.new(message)
result = verifier.verify(h, signature)