无法通过Python验证RSASSA-PSS签名-> Go

I've boiled this down to the simplest test case I can. I need to take RSASSA-PSS signatures that were generated in Python and validate them in Go. The Python code to create the RSA keypair and sign with it is as follows:

>>> from tuf import pycrypto_keys as k
>>> pub, priv = k.generate_rsa_public_and_private()
>>> sig, method = k.create_rsa_signature(priv, "The quick brown fox jumps over the lazy dog.")
>>> sig.encode("hex")
'4e05ee9e435653549ac4eddbc43e1a6868636e8ea6dbec2564435afcb0de47e0824cddbd88776ddb20728c53ecc90b5d543d5c37575fda8bd0317025fc07de62ee8084b1a75203b1a23d1ef4ac285da3d1fc63317d5b2cf1aafa3e522acedd366ccd5fe4a7f02a42922237426ca3dc154c57408638b9bfaf0d0213855d4e9ee621db204151bcb13d4dbb18f930ec601469c992c84b14e9e0b6f91ac9517bb3b749dd117e1cbac2e4acb0e549f44558a2005898a226d5b6c8b9291d7abae0d9e0a16858b89662a085f74a202deb867acab792bdbd2c36731217caea8b17bd210c29b890472f11e5afdd1dd7b69004db070e04201778f2c49f5758643881403d45a58d08f51b5c63910c6185892f0b590f191d760b669eff2464456f130239bba94acf54a0cb98f6939ff84ae26a37f9b890be259d9b5d636f6eb367b53e895227d7d79a3a88afd6d28c198ee80f6527437c5fbf63accb81709925c4e03d1c9eaee86f58e4bd1c669d6af042dbd412de0d13b98b1111e2fadbe34b45de52125e9a'

The pycrypto_keys library referenced there can be found here for reference of the specific implementation of the functions generate_rsa_public_and_private and create_rsa_signature.

My Go test consists of 2 simple files that only rely on core packages. First the verification function, in verify.go:

package example

import (
    "crypto"
    "crypto/rsa"
    "crypto/sha256"
    "crypto/x509"
    "fmt"
)

func Verify(key []byte, sig []byte, msg []byte) error {
    digest := sha256.Sum256(msg)

    pub, err := x509.ParsePKIXPublicKey(key)
    if err != nil {
        return fmt.Errorf("Failed to parse key")
    }

    rsaPub, ok := pub.(*rsa.PublicKey)
    if !ok {
        return fmt.Errorf("Invalid value returned from ParsePKIXPublicKey")
    }

    opts := rsa.PSSOptions{SaltLength: 16, Hash: crypto.SHA256}
    if err = rsa.VerifyPSS(rsaPub, crypto.SHA256, digest[:], sig, &opts); err != nil {
        return fmt.Errorf("Failed Verification")
    }
    return nil
}

And second, a test case. The key pair and signature were generated using the Python commands at the top and copied in here to create a static set of parameters to use for compatibility testing.

package example

import (
    "encoding/hex"
    "encoding/pem"
    "testing"
)

func TestPyCryptoRSACompatVerify(t *testing.T) {
    pubPem := "-----BEGIN PUBLIC KEY-----
MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAnKuXZeefa2LmgxaL5NsM
zKOHNe+x/nL6ik+lDBCTV6OdcwAhHQS+PONGhrChIUVR6Vth3hUCrreLzPO73Oo5
VSCuRJ53UronENl6lsa5mFKP8StYLvIDITNvkoT3j52BJIjyNUK9UKY9As2TNqDf
BEPIRp28ev/NViwGOEkBu2UAbwCIdnDXm8JQErCZA0Ydm7PKGgjLbFsFGrVzqXHK
6pdzJXlhr9yap3UpgQ/iO9JtoEYB2EXsnSrPc9JRjR30bNHHtnVql3fvinXrAEwq
3xmN4p+R4VGzfdQN+8Kl/IPjqWB535twhFYEG/B7Ze8IwbygBjK3co/KnOPqMUrM
BI8ztvPiogz+MvXb8WvarZ6TMTh8ifZI96r7zzqyzjR1hJulEy3IsMGvz8XS2J0X
7sXoaqszEtXdq5ef5zKVxkiyIQZcbPgmpHLq4MgfdryuVVc/RPASoRIXG4lKaTJj
1ANMFPxDQpHudCLxwCzjCb+sVa20HBRPTnzo8LSZkI6jAgMBAAE=
-----END PUBLIC KEY-----"
    //privPem := "-----BEGIN RSA PRIVATE KEY-----
MIIG4wIBAAKCAYEAnKuXZeefa2LmgxaL5NsMzKOHNe+x/nL6ik+lDBCTV6OdcwAh
HQS+PONGhrChIUVR6Vth3hUCrreLzPO73Oo5VSCuRJ53UronENl6lsa5mFKP8StY
LvIDITNvkoT3j52BJIjyNUK9UKY9As2TNqDfBEPIRp28ev/NViwGOEkBu2UAbwCI
dnDXm8JQErCZA0Ydm7PKGgjLbFsFGrVzqXHK6pdzJXlhr9yap3UpgQ/iO9JtoEYB
2EXsnSrPc9JRjR30bNHHtnVql3fvinXrAEwq3xmN4p+R4VGzfdQN+8Kl/IPjqWB5
35twhFYEG/B7Ze8IwbygBjK3co/KnOPqMUrMBI8ztvPiogz+MvXb8WvarZ6TMTh8
ifZI96r7zzqyzjR1hJulEy3IsMGvz8XS2J0X7sXoaqszEtXdq5ef5zKVxkiyIQZc
bPgmpHLq4MgfdryuVVc/RPASoRIXG4lKaTJj1ANMFPxDQpHudCLxwCzjCb+sVa20
HBRPTnzo8LSZkI6jAgMBAAECggGAdzyI7z/HLt2IfoAsXDLynNRgVYZluzgawiU3
geUjnnGhpSKWERXJC2IWDPBk0YOGgcnQxErNTdfXiFZ/xfRlSgqjVwob2lRe4w4B
pLr+CZXcgznv1VrPUvdolOSp3R2Mahfn7u0qVDUQ/g8jWVI6KW7FACmQhzQkPM8o
tLGrpcmK+PA465uaHKtYccEB02ILqrK8v++tknv7eIZczrsSKlS1h/HHjSaidYxP
2DAUiF7wnChrwwQEvuEUHhwVgQcoDMBoow0zwHdbFiFO2ZT54H2oiJWLhpR/x6RK
gM1seqoPH2sYErPJACMcYsMtF4Tx7b5c4WSj3vDCGb+jeqnNS6nFC3aMnv75mUS2
YDPU1heJFd8pNHVf0RDejLZZUiJSnXf3vpOxt9Xv2+4He0jeMfLV7zX0mO2Ni3MJ
x6PiVy4xerHImOuuHzSla5crOq2ECiAxd1wEOFDRD2LRHzfhpk1ghiA5xA1qwc7Z
eRnkVfoy6PPZ4lZakZTm0p8YCQURAoHBAMUIC/7vnayLae7POmgy+np/ty7iMfyd
V1eO6LTO21KAaGGlhaY26WD/5LcG2FUgc5jKKahprGrmiNLzLUeQPckJmuijSEVM
l/4DlRvCo867l7fLaVqYzsQBBdeGIFNiT+FBOd8atff87ZBEfH/rXbDi7METD/VR
4TdblnCsKYAXEJUdkw3IK7SUGERiQZIwKXrH/Map4ibDrljJ71iCgEureU0DBwcg
wLftmjGMISoLscdRxeubX5uf/yxtHBJeRwKBwQDLjzHhb4gNGdBHUl4hZPAGCq1V
LX/GpfoOVObW64Lud+tI6N9GNua5/vWduL7MWWOzDTMZysganhKwsJCY5SqAA9p0
b6ohusf9i1nUnOa2F2j+weuYPXrTYm+ZrESBBdaEJPuj3R5YHVujrBA9Xe0kVOe3
ne151A+0xJOI3tX9CttIaQAsXR7cMDinkDITw6i7X4olRMPCSixHLW97cDsVDRGt
ecO1d4dP3OGscN+vKCoL6tDKDotzWHYPwjH47sUCgcEAoVI8WCiipbKkMnaTsNsE
gKXvO0DSgq3k5HjLCbdQldUzIbgfnH7bSKNcBYtiNxjR7OihgRW8qO5GWsnmafCs
1dy6a/2835id3cnbHRaZflvUFhVDFn2E1bCsstFLyFn3Y0w/cO9yzC/X5sZcVXRF
it3R0Selakv3JZckru4XMJwx5JWJYMBjIIAc+miknWg3niL+UT6pPun65xG3mXWI
S+yC7c4rw+dKQ44UMLs2MDHRBoxqi8T0W/x9NkfDszpjAoHAclH7S4ZdvC3RIR0L
LGoJuvroGbwx1JiGdOINuooNwGuswge2zTIsJi0gN/H3hcB2E6rIFiYid4BrMrwW
mSeq1LZVS6siu0qw4p4OVy+/CmjfWKQD8j4k6u6PipiK6IMk1JYIlSCr2AS04JjT
jgNgGVVtxVt2cUM9huIXkXjEaRZdzK7boA60NCkIyGJdHWh3LLQdW4zg/A64C0lj
IMoJBGuQkAKgfRuh7KI6Q6Qom7BM3OCFXdUJUEBQHc2MTyeZAoHAJdBQGBn1RFZ+
n75AnbTMZJ6Twp2fVjzWUz/+rnXFlo87ynA18MR2BzaDST4Bvda29UBFGb32Mux9
OHukqLgIE5jDuqWjy4B5eCoxZf/OvwlgXkX9+gprGR3axn/PZBFPbFB4ZmjbWLzn
bocn7FJCXf+Cm0cMmv1jIIxej19MUU/duq9iq4RkHY2LG+KrSEQIUVmImCftXdN3
/qNP5JetY0eH6C+KRc8JqDB0nvbqZNOgYXOfYXo/5Gk8XIHTFihm
-----END RSA PRIVATE KEY-----"
    testStr := "The quick brown fox jumps over the lazy dog."
    sigHex := "4e05ee9e435653549ac4eddbc43e1a6868636e8ea6dbec2564435afcb0de47e0824cddbd88776ddb20728c53ecc90b5d543d5c37575fda8bd0317025fc07de62ee8084b1a75203b1a23d1ef4ac285da3d1fc63317d5b2cf1aafa3e522acedd366ccd5fe4a7f02a42922237426ca3dc154c57408638b9bfaf0d0213855d4e9ee621db204151bcb13d4dbb18f930ec601469c992c84b14e9e0b6f91ac9517bb3b749dd117e1cbac2e4acb0e549f44558a2005898a226d5b6c8b9291d7abae0d9e0a16858b89662a085f74a202deb867acab792bdbd2c36731217caea8b17bd210c29b890472f11e5afdd1dd7b69004db070e04201778f2c49f5758643881403d45a58d08f51b5c63910c6185892f0b590f191d760b669eff2464456f130239bba94acf54a0cb98f6939ff84ae26a37f9b890be259d9b5d636f6eb367b53e895227d7d79a3a88afd6d28c198ee80f6527437c5fbf63accb81709925c4e03d1c9eaee86f58e4bd1c669d6af042dbd412de0d13b98b1111e2fadbe34b45de52125e9a"
    testKey, _ := pem.Decode([]byte(pubPem))

    sigBytes, err := hex.DecodeString(sigHex)
    if err != nil {
        t.Fatal(err)
    }
    err = Verify(testKey.Bytes, sigBytes, []byte(testStr))
    if err != nil {
        t.Fatal(err)
    }
}

The code fails in the final check of the Verify function, outputting the error Failed verification. I've had a look at the Go PSS verification code and if anything goes wrong, a generic verification error is returned so it's not that helpful. Even if it was more specific, either there is a compatibility problem here, a bug in one of the language implementations, or my code is wrong.

Much thanks for any help.

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

1条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
drsl90685154 2015-05-29 17:38
关注
So it appears I misinterpreted _SALT_SIZE in the Python code. With some help from the TUF developers (i.e. they told me) I discovered PyCrypto's RSA PSS code infers the salt size to be equal to the size of the hash digest of the hashing algorithm in use. In this case it was 32 bytes as the hashing algorithm was Sha256. With just the change of opts := rsa.PSSOptions{SaltLength: 32, Hash: crypto.SHA256} the code works.

本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

报告相同问题？

关注问题

无法通过Python验证RSASSA-PSS签名-> Go python
2015-05-28 00:27

回答 1 已采纳 So it appears I misinterpreted _SALT_SIZE in the Python code. With some help from the TUF develope
这段代码怎么空行的部分，为一个列表，直到pss停止？ list python
2022-09-12 08:40

回答 1 已采纳 import sys mx = [] try: while True: m = input().strip() # 上一行输入报错的话，可以用下一行，需要im
请问前辈们，如何解决KeyError: 'inputs' python 有问必答机器学习深度学习
2022-01-27 17:55

回答 2 已采纳提示没有inputs键，检查数据psse_data，print(psse_data.keys())输出看一下键名，如有再用psse_data['inputs']看看获取的值。
阿里云RSA签名RSASSA-PSS
2021-05-16 22:30

褚枫的博客最近有用到阿里云KMS顺便做下记录阿里云KMS的非对称密钥签名API...RSASSA-PSS using SHA-256 and MGF1 with SHA-256 Java代码 /** * 验签 * * @param publicKeyBase64Str 验签公钥 * @param source 原始数据, 经
通过将<select>值与列值（PHP，HTML，Javascript）进行比较来过滤HTML表 html javascript mysql php
2018-12-22 05:23

回答 1 已采纳 Start by adding something into the table row to identify the socket. Let's use a data attribute:
函数imagecreatetruecolor（）在我的服务器中不起作用 php
2011-10-24 07:16

回答 1 已采纳 Install Gd library. follow the below link. GD library instalation
刷新用于IP黑名单检查的PHP脚本 php
2012-10-15 17:46

回答 2 已采纳 This Concept works for me :) ini_set('output_buffering','on'); ini_set('zlib.output_compression',
Use of the RSASSA-PSS Signature Algorithm
2019-01-17 12:30

RSASSA-PSS Signature Algorithm详细描述，有兴趣的可以去下载看下，自己动手改成脚本
Silex：jQuery AJAX请求抛出异常 - 找不到“GET ...”的路由 ajax jquery php symfony
2014-02-25 10:23

回答 1 已采纳 wrong http request method: You're sending a GET request instead of a POST request with jQuery. $
如何防止邮件进入垃圾邮件？ [重复] php
2013-05-03 05:21

回答 2 已采纳 $to='example@gmail.com'; $subject='Application Form '; $message='testing'; $headers = 'MIME-Ver
spring配置文件出错sssssssssssssssssss sql
2017-03-31 04:16

回答 4 已采纳是不是配置文件没有定义bean。。
关于RSASSA-PSS-2048-SHA256签名
2018-07-30 12:23

yjmAndroid的博客最近做了一个项目,其中需要用到一个RSASSA-PSS-2048-SHA256算法,对上送的数据进行签名,在网上找了许多,没有找到合适自己的,现在项目,做的差不多了,就想着把这个给整理一下,小弟菜鸟一枚,文档中如若有不正确之处,请...
rsacryptoserviceprovider.VerifyData始终返回false c# php
2017-10-07 13:02

回答 2 已采纳 Well, seems like the vendor is NOT using PKCS1, he's using PSS. Verify it this way (requires Bounc
关于RSAES-OAEP和RSASSA-PSS编码的介绍及C语言实现
2022-04-08 12:45

l_z_h的博客 RSAES-OAEP和RSASSA-PSS编码的介绍及C语言实现
RSA-PSS数字签名算法
2022-01-29 19:14

Johnny 周的博客 RSA-PSS数字签名算法
RSAES-OAEP 和 RSAES-PKCS1-v1_5 和 RSASSA-PSS 和 RSASSA-PKCS1-v1_5
2019-06-05 20:52

liuqun69的博客 OAEP= Optimal Asymmetric ...PSS = Probabilistic Signature Scheme RSA的加密机制有两种方案一个是RSAES-OAEP，另一个RSAES-PKCS1-v1_5。PKCS#1推荐在新的应用中使用RSAES- OAEP，保留RSAES-PKCS#1-v1_5跟老...
小巧而快速的RSA公钥算法C语言实现
2021-04-10 18:34

通过这份源码，也许不能让你彻底明白RSA原理，但是足可以让你彻底学会如何使用RSA。精品源码，你值得拥有！源文件列表如下： bignum.cpp, bignum.h bn_mul.h md.cpp, md.h md_wrap.cpp, md_wrap.h md2.cpp, ...
浅浅瞅瞅RSA-PSS 算法
2023-02-09 23:48

TrustZone_Hcoco的博客按照惯例传统，还是要讲讲为什么来学习这个东西。我的原则学习无非是项目驱动、和知识联系。学习这个是因为在看代码的时候看到了RSA一个宏定义后面加了...PSS是私钥签名流程；ES是公钥加密流程。即中间人有办法控制m。
Day723. 现代密码 -Java8后最重要新特性
2022-08-29 22:06

阿昌喜欢吃黄桃的博客 256 位的 AES 算法 SHA-256、SHA-512 单向散列函数 RSASSA-PSS 签名算法 X25519/X448 密钥交换算法 EdDSA 签名算法前面提到过，安全改进一般都会向后移植，但是也有我们没有能力移植的例子。上面提到的推荐使用的...
python实现RSA加密的sign签名
2022-07-11 11:41

夏日如画的博客 python生成sign
没有解决我的问题, 去提问

悬赏问题

¥30 深度学习，前后端连接
¥15 孟德尔随机化结果不一致
¥15 apm2.8飞控罗盘bad health，加速度计校准失败
¥15 求解O-S方程的特征值问题给出边界层布拉休斯平行流的中性曲线
¥15 谁有desed数据集呀
¥20 手写数字识别运行c仿真时，程序报错错误代码sim211-100
¥15 关于#hadoop#的问题
¥15 (标签-Python|关键词-socket)
¥15 keil里为什么main.c定义的函数在it.c调用不了
¥50 切换TabTip键盘的输入法

无法通过Python验证RSASSA-PSS签名-> Go

1条回答 默认 最新

悬赏问题

1条回答默认最新