问题描述
我正在尝试使用python实现x509证书验证。基本上,我只想生成公钥,私钥,然后使用私钥生成证书。然后,我想用公钥验证该证书并获得true / false。我从此here获得了密钥和证书生成的代码。里面的代码从here开始尝试(有一个verifySignature函数)。这是我的完整代码
#verify csr pem using public and private key
import random
from OpenSSL import crypto
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.asymmetric import rsa
import datetime
from cryptography import x509
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives import serialization
from cryptography.x509.oid import NameOID
import uuid
from cryptography import *
from cryptography.hazmat.primitives.asymmetric.padding import PKCS1v15
from cryptography.exceptions import InvalidSignature
one_day = datetime.timedelta(1,0)
private_key = rsa.generate_private_key(
public_exponent=65537,key_size=2048,backend=default_backend()
)
public_key = private_key.public_key()
builder = x509.CertificateBuilder()
builder = builder.subject_name(x509.Name([
x509.NameAttribute(NameOID.COMMON_NAME,u'openstack-ansible Test CA'),x509.NameAttribute(NameOID.ORGANIZATION_NAME,u'openstack-ansible'),x509.NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME,u'Default CA Deployment'),]))
builder = builder.issuer_name(x509.Name([
x509.NameAttribute(NameOID.COMMON_NAME,]))
builder = builder.not_valid_before(datetime.datetime.today() - one_day)
builder = builder.not_valid_after(datetime.datetime(2020,10,2))
builder = builder.serial_number(int(uuid.uuid4()))
builder = builder.public_key(public_key)
builder = builder.add_extension(
x509.BasicConstraints(ca=True,path_length=None),critical=True,)
certificate = builder.sign(
private_key=private_key,algorithm=hashes.SHA256(),backend=default_backend()
)
print(isinstance(certificate,x509.Certificate))
with open("ca.key","wb") as f:
f.write(private_key.private_bytes(
encoding=serialization.Encoding.PEM,format=serialization.PrivateFormat.TraditionalOpenSSL,encryption_algorithm=serialization.BestAvailableEncryption(b"openstack-ansible")
))
with open("ca.crt","wb") as f:
f.write(certificate.public_bytes(
encoding=serialization.Encoding.PEM,))
try:
issuerPublicKey = public_key
hashAlgorithm = hashes.SHA256()
tbsCertificate = certificate.tbs_certificate_bytes
subjectSignature = certificate.signature
padding = PKCS1v15()
print(issuerPublicKey.verify( subjectSignature,tbsCertificate,padding,hashAlgorithm ))
verifier = issuerPublicKey.verify( subjectSignature,hashAlgorithm )
# verifier.update( tbsCertificate )
verifier.verify()
print("true")
except InvalidSignature as e:
print(e)
except Exception as e:
print(e)
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)