[Cryptography-dev] A RSA signature verification use case

Mon, 08 Feb 2016 16:37:34 -0800 

Greetings Cryptographers :)

I'm trying to do some sort of RSA verification as described here:
https://wopi.readthedocs.org/en/latest/scenarios/proofkeys.html#using-the-rsa-modulus-and-exponent-to-retrieve-the-public-key
https://wopi.readthedocs.org/en/latest/scenarios/proofkeys.html#verifying-the-proof-keys

Those instructions show example code using the Crypto library (included below).

1) A valid request contains several attributes that are used to construct a 
hash (called `expected_proof`).

2) The same request also contains a signed version of the proof (called 
`signed_proof`) and some attributes to be used to construct the public key (I 
have no idea why the public key is not just available directly in this case).

3) The public key is then used to validate the signed_proof against the 
expected_proof.

----------------------------------------------
from base64 import b64decode
from Crypto.PublicKey import RSA
from Crypto.Util import asn1

def generate_key(modulus_b64, exp_b64):
    mod = int(b64decode(modulus_b64).encode('hex'), 16)
    exp = int(b64decode(exp_b64).encode('hex'), 16)
    seq = asn1.DerSequence()
    seq.append(mod)
    seq.append(exp)
    der = seq.encode()
    return RSA.importKey(der)

# proof_key_attributes are from the discovery XML
public_key = generate_key(proof_key_attributes['modulus'], 
proof_key_attributes['exponent'])


from Crypto.Hash import SHA256
from Crypto.Signature import PKCS1_v1_5

def try_verification(expected_proof, signed_proof, public_key):
    verifier = PKCS1_v1_5.new(public_key)
    h = SHA256.new(expected_proof)
    return verifier.verify(h, signed_proof)

# verify the proof
is_valid = try_verification(expected_proof, signed_proof, public_key)

----------------------------------------------

Soo...

Again, it's using Crypto.  I'm interested in how to do the equivalent in 
`cryptography`.  I'm studying the docs but since it looks like I'm diving into 
hazmat territory, I figure I would ask here first.

Thanks.


_______________________________________________
Cryptography-dev mailing list
Cryptography-dev@python.org
https://mail.python.org/mailman/listinfo/cryptography-dev

Reply via email to