Android : Python RSA Signature can't verify Android Singature

on Tuesday, September 9, 2014


Thing goes like this:


I use python 3.4's rsa create rsa key pair



(pubkey, privkey) = rsa.newkeys(1024)

privkey_APP = privkey.save_pkcs1()
pubkey_APP = pubkey.save_pkcs1()
mykeypr_APP = open(r'C:\Users\frank\NewTest\APP_Private_Key.pem', 'w')
mykeypr_APP.write(privkey_APP.decode('utf-8'))
mykeypr_APP.close()
mykeypb_APP = open(r'C:\Users\frank\NewTest\APP_Public_Key.pem', 'w')
mykeypb_APP.write(pubkey_APP.decode('utf-8'))
mykeypb_APP.close()


then My Android try to use API_Public to sign



//read
InputStream inPrivate = getResources().getAssets().open("APP_Private_Key.pem");
PrivateKey privateKey = RSAUtils.loadPrivateKey(inPrivate);





//from file read privatekey
public static PrivateKey loadPrivateKey(InputStream in) throws Exception{
        try{
            return loadPrivateKey(readKey(in));
        } catch (IOException e){
            throw new Exception("wrong");
        } catch (NullPointerException e){
            throw new Exception("NULL");
        }
    }



//read privatekey message
private static String readKey(InputStream in) throws IOException{
        BufferedReader br = new BufferedReader(new InputStreamReader(in));
        String readLine = null;
        StringBuilder sb = new StringBuilder();
        while ((readLine = br.readLine()) != null){
            if (readLine.charAt(0) == '-') {
                continue;
            } else {
                sb.append(readLine);
                sb.append('\r');
            }
        }
        return sb.toString();
    }



//from string read privatekey
    public static PrivateKey loadPrivateKey(String privateKeyStr) throws Exception{
        try{
            byte[] buffer = Base64.decode(privateKeyStr,Base64.DEFAULT);
            KeyFactory keyFactory = KeyFactory.getInstance("RSA","BC");
            PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(buffer);

            return (RSAPrivateKey)keyFactory.generatePrivate(keySpec);

        } catch (NoSuchAlgorithmException e){
            throw new Exception("no~~~");
        } catch (InvalidKeySpecException e){
            throw new Exception("wrong");
        } catch (NullPointerException e){
            throw new Exception("NULL");
        }
    }
public static String SHAEncrypt_testByteForDigest(String strPlanText,PrivateKey privateKey) {

        String strEncrypt = null;
        MessageDigest md = null;
        try {
            byte[] bstr = strPlanText.getBytes("UTF-8"); 
            md = MessageDigest.getInstance("SHA-1");
            md.update(bstr);

            md.digest(bstr); //摘要 (byte[])

            byte[] dd = Sign.sign(md.digest(bstr),privateKey);

            strEncrypt = Base64.encodeToString(dd,Base64.DEFAULT);


        } catch (UnsupportedEncodingException ue) {
            ue.printStackTrace();
            System.out.println(ue.getMessage());
            return null;
        } catch (NoSuchAlgorithmException na) {
            na.printStackTrace();
            System.out.println(na.getMessage());
            return null;
        }catch (Exception na) {
            na.printStackTrace();
            System.out.println(na.getMessage());
            return null;
        }
        return strEncrypt;
    }

--------------------------------------------------------------------------------


public static byte[] sign(byte[] data, PrivateKey privateKey) throws Exception {

        Signature signature = Signature.getInstance("SHA1withRSA");
        signature.initSign(privateKey);
        signature.update(data);

        return signature.sign();

    }


--------------------------------------------------------------------

    String ddgg = Encryption.SHAEncrypt_testByteForDigest("123",privateKey);


My API verify is:



mykeypr_APP = open(r'C:\Users\frank\NewTest\APP_Private_Key.pem', 'rb').read()
mykeypb_APP = open(r'C:\Users\frank\NewTest\APP_Public_Key.pem', 'rb').read()
mykeypr_APP = rsa.PrivateKey.load_pkcs1(mykeypr_APP)
mykeypb_APP = rsa.PublicKey.load_pkcs1(mykeypb_APP)

testsignature = 'The Signature value'
testsignature = base64.b64decode(testsignature)

testData = '123'              #we both use '123'
testData = testData.encode('utf-8')
testData = base64.b64encode(testData)
signature = rsa.sign(testData , mykeypr_APP, 'SHA-1')
try:
    vertify = rsa.verify(testData , signature, mykeypb_APP)
except rsa.VerificationError:
    print('123')


It's true


but when i use



vertify = rsa.verify(testData , testsignature , mykeypb_APP)


or



i = SHA.new()
i.update(testData)
AWW = verifier.verify(i, androidtest)


It'is False


I try so many days,still don't know why can't verfity


Labels: , ,

0 comments:

Post a Comment