I have signed a file using openssl SHA256 and a private key as follows:
with subprocess.Popen(
# Pipe the signature to openssl to convert it from raw binary encoding to base64 encoding.
# This will prevent any potential corruption due to line ending conversions, and also allows
# a human to read and copy the signature (e.g. for manual verification).
'openssl dgst -sha256 -sign private.key sign_me.zip | openssl base64 > signature.sha256',
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT,
shell=True,
) as proc:
out, _ = proc.communicate()
signature.sha256
and public_key.crt
to verify that sign_me.zip
has not been modified.I've done a lot of searching trying to figure out how to do this, but I haven't been able to find a satisfactory answer. Here is a list of things I've tried and/or researched:
I am able to manually verify the signature via the following shell command. This won't work as a permanent solution due to requirement 3.
openssl dgst -sha256 -verify <(openssl x509 -in public_key.crt -pubkey -noout) -signature signature.sha256 sign_me.zip
I found this question, which is almost exactly what I want to do. It hasn't been answered or even commented on in nearly 2 years. It mentions the ssl python library, which deals mostly with client/server certificates and sockets.
verify()
method documentation in the Python 2.7 crypto module that the question references.Perhaps I'm missing something obvious? I haven't done much work with security/encryption/hashing, so feedback is welcome.
Thanks to Patrick Mevzek for pointing me in the right direction. I eventually found the following solution to my problem using the Cryptography module. I ended up changing how I'm signing the file to match how I will later verify it.
Key Generation:
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import rsa
# Generate the public/private key pair.
private_key = rsa.generate_private_key(
public_exponent = 65537,
key_size = 4096,
backend = default_backend(),
)
# Save the private key to a file.
with open('private.key', 'wb') as f:
f.write(
private_key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=serialization.NoEncryption(),
)
)
# Save the public key to a file.
with open('public.pem', 'wb') as f:
f.write(
private_key.public_key().public_bytes(
encoding = serialization.Encoding.PEM,
format = serialization.PublicFormat.SubjectPublicKeyInfo,
)
)
Signing:
import base64
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import padding
# Load the private key.
with open('private.key', 'rb') as key_file:
private_key = serialization.load_pem_private_key(
key_file.read(),
password = None,
backend = default_backend(),
)
# Load the contents of the file to be signed.
with open('payload.dat', 'rb') as f:
payload = f.read()
# Sign the payload file.
signature = base64.b64encode(
private_key.sign(
payload,
padding.PSS(
mgf = padding.MGF1(hashes.SHA256()),
salt_length = padding.PSS.MAX_LENGTH,
),
hashes.SHA256(),
)
)
with open('signature.sig', 'wb') as f:
f.write(signature)
Verification:
import base64
import cryptography.exceptions
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import padding
from cryptography.hazmat.primitives.serialization import load_pem_public_key
# Load the public key.
with open('public.pem', 'rb') as f:
public_key = load_pem_public_key(f.read(), default_backend())
# Load the payload contents and the signature.
with open('payload.dat', 'rb') as f:
payload_contents = f.read()
with open('signature.sig', 'rb') as f:
signature = base64.b64decode(f.read())
# Perform the verification.
try:
public_key.verify(
signature,
payload_contents,
padding.PSS(
mgf = padding.MGF1(hashes.SHA256()),
salt_length = padding.PSS.MAX_LENGTH,
),
hashes.SHA256(),
)
except cryptography.exceptions.InvalidSignature as e:
print('ERROR: Payload and/or signature files failed verification!')