Python3.7基于hashlib和Crypto实现加签验签功能(实例代码)
环境:
Python3.7
依赖库:
import datetime import random import requests import hashlib import json import base64 from Crypto.PublicKey import RSA from Crypto.Signature import PKCS1_v1_5 from Crypto.Hash import SHA256 from Crypto.Cipher import AES
加签:
def sign(signflag,keypath,baseRequest):
#http请求body
print(baseRequest)
#加签标志
if not signflag: return baseRequest
else:
#取请求体中的业务数据
businessdata = json.dumps(baseRequest["data"])
#读取私钥(.key格式,可使用openssl或java.keytools产生)
with open(keypath,'r') as rsaKeyFile:
rsaKey = rsaKeyFile.read().replace("\n",'')
print(rsaKey)
rsaKeyBytes = base64.b64decode(rsaKey)
print(rsaKeyBytes)
#SHA256摘要,RSA加密
priKey = RSA.importKey(rsaKeyBytes)
signer = PKCS1_v1_5.new(priKey)
hash_obj = SHA256.new(business_data.encode('utf-8'))
signature = base64.b64encode(signer.sign(hash_obj))
print(signature)
#把签名加进请求体并返回
baseRequest['sign'] = signature.decode()
print(baseRequest)
return baseRequest
验签:
def validata(signflag,cerpath,res):
if not signflag: return res
else:
#取业务数据和签名
data = res['data']
sign = res['sign']
#此处cer已转换成pem格式,使用openssl工具
#openssl x509 -inform der -pubkey -noout -in xxxxx.cer>xxxxx.pem
cert = open(cerpath).read().replace("-----BEGIN PUBLIC KEY-----\n","").replace("-----END PUBLIC KEY-----\n","").replace("\n","")
print(cert)
#验签逻辑同加签
pubBytes = base64.b64decode(cert)
pubKey = RSA.importKey(pubBytes)
signer = SHA256.new(json.dumps(data).encode("utf-8"))
verifier = PKCS1_v1_5.new(pubKey)
return verifier.verify(signer,base64.b64decode(sign))
总结
以上所述是小编给大家介绍的Python3.7基于hashlib和Crypto实现加签验签功能,希望对大家有所帮助,如果大家有任何疑问请给我留言,小编会及时回复大家的。在此也非常感谢大家对【听图阁-专注于Python设计】网站的支持!
如果你觉得本文对你有帮助,欢迎转载,烦请注明出处,谢谢!