我正在尝试使用python实现x509证书验证。基本上，我只想生成公钥，私钥，然后使用私钥生成证书。然后，我想用公钥验证该证书并获得true / false。我从此here获得了密钥和证书生成的代码。里面的代码从here开始尝试（有一个verifySignature函数）。这是我的完整代码

    #verify csr pem using public and private key
import random
from OpenSSL import crypto
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.asymmetric import rsa
import datetime
from cryptography import x509
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives import serialization
from cryptography.x509.oid import NameOID
import uuid
from cryptography import *
from cryptography.hazmat.primitives.asymmetric.padding import PKCS1v15
from cryptography.exceptions import InvalidSignature

one_day = datetime.timedelta(1,0)
private_key = rsa.generate_private_key(
    public_exponent=65537,key_size=2048,backend=default_backend()
)
public_key = private_key.public_key()
builder = x509.CertificateBuilder()
builder = builder.subject_name(x509.Name([
    x509.NameAttribute(NameOID.COMMON_NAME,u'openstack-ansible Test CA'),x509.NameAttribute(NameOID.ORGANIZATION_NAME,u'openstack-ansible'),x509.NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME,u'Default CA Deployment'),]))
builder = builder.issuer_name(x509.Name([
    x509.NameAttribute(NameOID.COMMON_NAME,]))
builder = builder.not_valid_before(datetime.datetime.today() - one_day)
builder = builder.not_valid_after(datetime.datetime(2020,10,2))
builder = builder.serial_number(int(uuid.uuid4()))
builder = builder.public_key(public_key)
builder = builder.add_extension(
    x509.BasicConstraints(ca=True,path_length=None),critical=True,)
certificate = builder.sign(
    private_key=private_key,algorithm=hashes.SHA256(),backend=default_backend()
)
print(isinstance(certificate,x509.Certificate))

with open("ca.key","wb") as f:
    f.write(private_key.private_bytes(
        encoding=serialization.Encoding.PEM,format=serialization.PrivateFormat.TraditionalOpenSSL,encryption_algorithm=serialization.BestAvailableEncryption(b"openstack-ansible")
    ))

with open("ca.crt","wb") as f:
    f.write(certificate.public_bytes(
        encoding=serialization.Encoding.PEM,))
try:
    issuerPublicKey = public_key
    hashAlgorithm = hashes.SHA256()
    tbsCertificate = certificate.tbs_certificate_bytes
    subjectSignature = certificate.signature
    padding = PKCS1v15()
    print(issuerPublicKey.verify( subjectSignature,tbsCertificate,padding,hashAlgorithm ))
    verifier = issuerPublicKey.verify( subjectSignature,hashAlgorithm )
    # verifier.update( tbsCertificate )
    verifier.verify()
    print("true")
except InvalidSignature as e:
    print(e)
except Exception as e:
    print(e)

解决方法

暂无找到可以解决该程序问题的有效方法，小编努力寻找整理中！

如果你已经找到好的解决方法，欢迎将解决方案带上本链接一起发送给小编。

小编邮箱:dio#foxmail.com (将#修改为@）