Python3.7基于hashlib和Crypto实现加签验签功能

最新推荐文章于 2024-07-31 09:42:16 发布

clkai

最新推荐文章于 2024-07-31 09:42:16 发布

阅读量471

点赞数

分类专栏： PYTHON

本文链接：https://blog.csdn.net/weixin_43886252/article/details/103344462

版权

PYTHON 专栏收录该内容

5 篇文章 0 订阅

订阅专栏

环境：
Python3.7

依赖库：

import datetime
import random
import requests
import hashlib
import json
import base64
from Crypto.PublicKey import RSA
from Crypto.Signature import PKCS1_v1_5
from Crypto.Hash import SHA256
from Crypto.Cipher import AES

加签：

def sign(signflag,keypath,baseRequest):
	#http请求body
    print(baseRequest)
    #加签标志
    if not signflag: return baseRequest
    else:
    	#取请求体中的业务数据
        businessdata = json.dumps(baseRequest["data"])
        #读取私钥（.key格式，可使用openssl或java.keytools产生）
        with open(keypath,'r') as rsaKeyFile:
            rsaKey = rsaKeyFile.read().replace("\n",'')
            print(rsaKey)
        rsaKeyBytes = base64.b64decode(rsaKey)
        print(rsaKeyBytes)
        #SHA256摘要，RSA加密
        priKey = RSA.importKey(rsaKeyBytes)
        signer = PKCS1_v1_5.new(priKey)
        hash_obj = SHA256.new(business_data.encode('utf-8'))
        signature = base64.b64encode(signer.sign(hash_obj))
        print(signature)
        #把签名加进请求体并返回
        baseRequest['sign'] = signature.decode()
        print(baseRequest)
        return baseRequest

验签：

def validata(signflag,cerpath,res):
    if not signflag: return res
    else:
    	#取业务数据和签名
        data = res['data']
        sign = res['sign']
        #此处cer已转换成pem格式，使用openssl工具
        #openssl x509 -inform der -pubkey -noout -in xxxxx.cer>xxxxx.pem
        cert = open(cerpath).read().replace("-----BEGIN PUBLIC KEY-----\n","").replace("-----END PUBLIC KEY-----\n","").replace("\n","")
        print(cert)
		#验签逻辑同加签
        pubBytes = base64.b64decode(cert)
        pubKey = RSA.importKey(pubBytes)
        signer = SHA256.new(json.dumps(data).encode("utf-8"))
        verifier = PKCS1_v1_5.new(pubKey)
        return verifier.verify(signer,base64.b64decode(sign))