Search code examples
pythonurlrsasignature

Add payload and its signature in url base64 encoded and then decode it

Below you will find my code of sender and receiver they are signing the message successfully and it works

The Problem

How can I put the bytes into an url and pass the value of the payload into a GET request with the signature together encoded in base64 Something like

encoded_var = b64encode(payload.encode()+signature).decode('ACII')
url = "https://example.com/action?variable="+encoded_var

And then verify them in the receiver that the var is signed from the sender, It is a demo for transactions but I still cant get it! Any help is apreciated

import time
import datetime
from Crypto.Signature import PKCS1_v1_5
from Crypto.PublicKey import RSA
from Crypto.Hash import SHA
from base64 import b64encode, b64decode
def sender():
    my_url = 'https://example.com/action?variable='
    payload = datetime.datetime.fromtimestamp(time.time()).strftime('%Y%m%d%H%M%S')
    print(payload)
    with open('mykey.pem', 'rb') as f:
        private_key = RSA.importKey(f.read(), passphrase='')
    print(private_key.can_sign())

    signature = sign(payload.encode(),private_key)

    full_message = b64encode(payload.encode()+signature)
    receiver(full_message)



def receiver(full_message ):
    message_decoded = b64decode(full_message)
    payload = message_decoded[:14].decode()
    #since i know that the lenght of the message is 14
    signature = message_decoded[-128:]
    #and I know that the signature is 128 bytes


    with open("mykey.pub", 'rb') as f:
        public_key = RSA.importKey(f.read(),passphrase='')

    print('VERIF', verify(payload.encode(), signature,public_key))

    return False





def sign(message, priv_key):
    signer = PKCS1_v1_5.new(priv_key)
    digest = SHA.new()
    digest.update(message)
    return signer.sign(digest)



def verify(message, signature, pub_key):
    signer = PKCS1_v1_5.new(pub_key)
    digest = SHA.new()
    digest.update(message)
    return signer.verify(digest, signature)


sender()
Solution

  • PS: I still wonder if it is url safe though with the '/' and '+' in the encoded strings

    Okay Posting the answer for my problem here: So full message is in bytes, if i decode the full message in ASCII

     full_message = b64encode(payload.encode()+signature)
 print(full_message)

    returns bytes

    b'MjAxODExMjgxNjAyMTmsNkL1RwldzchBWFN5hJKr8CZu6sdOtqRloZlmVWnIi7NC6qZrmalls4up8rGdZ2FHGXIvvRtU7M5m+x7a/D48qQRCU9mw9tor9E/TkNvwAmEKmsWaiwTONd78Fgtmu7Ws7qBLBFrnA3wnUM2E+2HB6RrDe3WrlBWy39A+oRctuw=='

    full_message = b64encode(payload.encode()+signature).decode('ASCII')
print(full_message)

    returns string which can be attached to the url

    MjAxODExMjgxNjAxMzMdxIw7ipGAUSdnQt4mpDOdoVH5uiInkP8MM+cNFC3oapRtytv3k5ecLjB4w/kx8gs73Al+6T7/NbXyJbT+F+XYIz7DXSy4Mav2/aB9/sGZKU8Ef+Q7Z8+FJTFn0BaaGFoSyaamLx00gncHtVqPgFjvS3gAmFAdiBTQmoSNI6gmrA==

    then in the receiver

    def receiver(full_message ):
    #if I b64decode the whole message and then decode the payload 
    #returns true :)
   
    message_decoded = b64decode(full_message)
    payload = message_decoded[:14].decode()

    signature = message_decoded[-128:]


    ...