问题
I'm having trouble verifying DSA signatures using Python/M2Crypto. The signatures are generated in Java, using standard java.security.Signature class, with Sun's crypto provider and SHA1withDSA algorithm designation.
Here's some shell output:
>>> pk
<M2Crypto.DSA.DSA_pub instance at 0x20b6a28>
>>> sig = '302c02141c4bbb218215ebfec57288059ce814dc430d849502144dd0c581bf2213aff79d17eb37c939e120a97bd2'.decode('hex')
>>> data ='0501...9794'.decode('hex')
>>> pk.verify_asn1(sig, data)
------------------------------------------------------------
Traceback (most recent call last):
...
DSAError: wrong tag
The signature value seems OK to me, it looks like a proper ASN.1 encoded sequence of two integers (0x302c designates a 44-byte sequence, and 0x0214 designates a 20-byte integer), which is the standard encoding of DSA signatures.
Since the DSA_pub.verify_asn1 method isn't even documented, I also tried using the documented DSA_pub.verify method, but still no cigar:
>>> r = sig[4:24]
>>> s = sig[26:]
>>> md = sha1(data).digest()
>>> pk.verify(md, r, s)
------------------------------------------------------------
Traceback (most recent call last):
...
DSAError: encoding error
The docs state that all the parameters should be "byte strings", but the verify method somehow manages to raise an encoding error. I also tried reversing r and s, to check for potential endianness problems but that didn't help.
What am I doing wrong?
回答1:
Found a solution in the tests: http://svn.osafoundation.org/m2crypto/trunk/tests/test_dsa.py
The verify_asn1 method should be used as follows:
>>> pk.verify_asn1(sha1(data).digest(), sig)
来源:https://stackoverflow.com/questions/3454523/m2crypto-verifying-dsa-signatures