I'm trying to replicate the following steps to sign some data using OpenSSL in a python3 script. When I do the work from the command line, everything works. When I put it into a script, the signed data is not recognized/validated.
How do I get the signed data into a recognized format? Below I've tried to remove the 'b' (for bytes) and the single quotes to force something through, but no luck.
These steps work fine when doing from the command line:
Create the data file
echo -n "This is my data." > data.txt
Sign the data file
openssl dgst -sha256 -sign key.pem -keyform PEM -out signature data.txt
Encode the data file
openssl enc -base64 -in signature > sig_base64
*Output:
nTxLMxUTOf5suMOqy9vCHserJ3jzaKPRxGABR1zz3sZsuQHvBD8r9z82wzmvkS7u
ygW4fi6NH9P5znJFaTw3omnZjOL+xWrxvwmK0Lg25a/MNC5xpuY8i12rIsLLZHbu
B4q0G7dj4m3oJNxyhoZjrKPr3V0KssdxuNBlMYdjd3tuhj5MI1cqpRetAcw2nJps
ovC14sPAzTaKHUmMoN+H5t2rVgoeaHhTknhEAlW5FqXMcm/cR/rRru9EoAEe7cmV
rTRiJpCBiKrpHBNPmQJOmF+zrS3tID4XGFV/yUgcU0chlLMoJyv1AdfHdQYzfeGP
EYFuk7NYnjz5kVLoasTS7Q==
#!/usr/local/bin/python3
import cryptography
import base64
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization, hashes
from cryptography.hazmat.primitives.asymmetric import padding
key_file = open("key.pem", "rb")
private_key = serialization.load_pem_private_key(key_file.read(), password = None, backend=default_backend())
data = "This is my data."
dataBytes = bytes(data, encoding='ascii')
signData = private_key.sign(dataBytes,padding.PSS(mgf=padding.MGF1(hashes.SHA256()),salt_length=padding.PSS.MAX_LENGTH),hashes.SHA256())
encodedData = base64.b64encode(signData)
print("-----BEGIN DATA REQUEST-----")
print(data)
print("-----END DATA REQUEST-----")
print("\n")
print("Example 1")
print("-----BEGIN SIGNATURE-----")
print(encodedData)
print("-----END SIGNATURE-----")
print("\n")
print("Example 2")
print("-----BEGIN SIGNATURE-----")
print (encodedData.decode('ascii'))
print("-----END SIGNATURE-----")
print("\n")
print("Example 3")
print("-----BEGIN SIGNATURE-----")
print(str(encodedData).replace("b'","").replace("'",""))
print("-----END SIGNATURE-----")
-----BEGIN DATA REQUEST-----
This is my data.
-----END DATA REQUEST-----
Example 1
-----BEGIN SIGNATURE-----
b'sooabk4NIJwPtTdQvqIpiHxGpc10log56IdSaE9gnwPToYhlIOZBUo5W1Peyfz6lnQojYcG+MGLGtYQNIsHsYJnT6p5cBN3QHf/FIU4SaELTLpmLhEtW3n5a19vbEXi/LBXaUfrCNf1A7TaNh+uM+iMIeNDsgF4GWfJwb+O1jlw1NdUk4hces7CHBYGvk9/sGwntyHYkkOnJpPhy6ZQ2bhVnYS/R2d9Wilptjl7OlDkAb4VB2TXjPPtSzWxMQ+Ch4HF8BdnOGzUo+Yb9lKsP8LnyROMEtEBBaTmh/6xVKwaRi1xqorJS+qWRtivqIN4RPsKz+jlcqg6fCZxi6NW2Qw=='
-----END SIGNATURE-----
Example 2
-----BEGIN SIGNATURE-----
sooabk4NIJwPtTdQvqIpiHxGpc10log56IdSaE9gnwPToYhlIOZBUo5W1Peyfz6lnQojYcG+MGLGtYQNIsHsYJnT6p5cBN3QHf/FIU4SaELTLpmLhEtW3n5a19vbEXi/LBXaUfrCNf1A7TaNh+uM+iMIeNDsgF4GWfJwb+O1jlw1NdUk4hces7CHBYGvk9/sGwntyHYkkOnJpPhy6ZQ2bhVnYS/R2d9Wilptjl7OlDkAb4VB2TXjPPtSzWxMQ+Ch4HF8BdnOGzUo+Yb9lKsP8LnyROMEtEBBaTmh/6xVKwaRi1xqorJS+qWRtivqIN4RPsKz+jlcqg6fCZxi6NW2Qw==
-----END SIGNATURE-----
Example 3
-----BEGIN SIGNATURE-----
sooabk4NIJwPtTdQvqIpiHxGpc10log56IdSaE9gnwPToYhlIOZBUo5W1Peyfz6lnQojYcG+MGLGtYQNIsHsYJnT6p5cBN3QHf/FIU4SaELTLpmLhEtW3n5a19vbEXi/LBXaUfrCNf1A7TaNh+uM+iMIeNDsgF4GWfJwb+O1jlw1NdUk4hces7CHBYGvk9/sGwntyHYkkOnJpPhy6ZQ2bhVnYS/R2d9Wilptjl7OlDkAb4VB2TXjPPtSzWxMQ+Ch4HF8BdnOGzUo+Yb9lKsP8LnyROMEtEBBaTmh/6xVKwaRi1xqorJS+qWRtivqIN4RPsKz+jlcqg6fCZxi6NW2Qw==
-----END SIGNATURE-----
The only difference I can see from the command line output vs. example 2 and 3 on the output from my script is the formatting of the signed data from the command line is different from what my script is producing (cli is a block, while my code produces a single line).
I'm stuck. Can't figure out what is wrong. Any thoughts?
I tried this again using the OpenSSL library and everything works correctly with Example 3 output (I didn't try the others):
#!/usr/local/bin/python3
import OpenSSL
from OpenSSL import crypto
import base64
key_file = open("key.pem", "rb")
key = key_file.read()
key_file.close()
pkey = crypto.load_privatekey(crypto.FILETYPE_PEM, key)
data = "This is my data."
dataBytes = bytes(data, encoding='ascii')
signData = OpenSSL.crypto.sign(pkey, dataBytes, "sha256")
encodedData = base64.b64encode(signData)
print("-----BEGIN DATA REQUEST-----")
print(data)
print("-----END DATA REQUEST-----")
print("\n")
print("Example 1")
print("-----BEGIN SIGNATURE-----")
print(encodedData)
print("-----END SIGNATURE-----")
print("\n")
print("Example 2")
print("-----BEGIN SIGNATURE-----")
print (encodedData.decode('ascii'))
print("-----END SIGNATURE-----")
print("\n")
print("Example 3")
print("-----BEGIN SIGNATURE-----")
print(str(encodedData).replace("b'","").replace("'",""))
print("-----END SIGNATURE-----")
-----BEGIN DATA REQUEST-----
This is my data.
-----END DATA REQUEST-----
Example 1
-----BEGIN SIGNATURE-----
b'AOPHhQAQ7QnST30rdaFEMVFJqTDAq886MAe1tigxWrjKwUZYIObeabH3UuYVd7s2N4fT9Z/9fOKSyPiDkB61WcfYIdIJBkCkKX+xHTqBnpZjyFevkdx+P8MjomXI1/hP66Jnk2VK7H/KcW+dxG1/F60d3kRvuLeG6M/1bwVJ3zYC2J6c9216GCwBrCg/WG6rJLweuOQL63pccWYMaxESTM9Br6KpK3fw/12soei19+2btFmEx50mUNeXPDKVwePYVT3il3ArrT96NdSteogMd+qnweZvRomMJu+v8SWZeumMU/+ytEHXQzwlgiED+hLCnzG2RYo+s4khbEdu7o57sQ=='
-----END SIGNATURE-----
Example 2
-----BEGIN SIGNATURE-----
AOPHhQAQ7QnST30rdaFEMVFJqTDAq886MAe1tigxWrjKwUZYIObeabH3UuYVd7s2N4fT9Z/9fOKSyPiDkB61WcfYIdIJBkCkKX+xHTqBnpZjyFevkdx+P8MjomXI1/hP66Jnk2VK7H/KcW+dxG1/F60d3kRvuLeG6M/1bwVJ3zYC2J6c9216GCwBrCg/WG6rJLweuOQL63pccWYMaxESTM9Br6KpK3fw/12soei19+2btFmEx50mUNeXPDKVwePYVT3il3ArrT96NdSteogMd+qnweZvRomMJu+v8SWZeumMU/+ytEHXQzwlgiED+hLCnzG2RYo+s4khbEdu7o57sQ==
-----END SIGNATURE-----
Example 3
-----BEGIN SIGNATURE-----
AOPHhQAQ7QnST30rdaFEMVFJqTDAq886MAe1tigxWrjKwUZYIObeabH3UuYVd7s2N4fT9Z/9fOKSyPiDkB61WcfYIdIJBkCkKX+xHTqBnpZjyFevkdx+P8MjomXI1/hP66Jnk2VK7H/KcW+dxG1/F60d3kRvuLeG6M/1bwVJ3zYC2J6c9216GCwBrCg/WG6rJLweuOQL63pccWYMaxESTM9Br6KpK3fw/12soei19+2btFmEx50mUNeXPDKVwePYVT3il3ArrT96NdSteogMd+qnweZvRomMJu+v8SWZeumMU/+ytEHXQzwlgiED+hLCnzG2RYo+s4khbEdu7o57sQ==
-----END SIGNATURE-----