在 url base64 编码中添加 payload 及其签名,然后对其进行解码
Add payload and its signature in url base64 encoded and then decode it
你会在下面找到我的发件人和收件人代码,他们正在成功签署消息并且有效
问题
如何将字节放入 url 并将有效负载的值传递到 GET 请求中,签名一起以 base64 编码
像
encoded_var = b64encode(payload.encode()+signature).decode('ACII')
url = "https://example.com/action?variable="+encoded_var
然后在接收方验证他们的var是从发送方签名的,这是一个交易演示,但我仍然无法得到它!感谢任何帮助
import time
import datetime
from Crypto.Signature import PKCS1_v1_5
from Crypto.PublicKey import RSA
from Crypto.Hash import SHA
from base64 import b64encode, b64decode
def sender():
my_url = 'https://example.com/action?variable='
payload = datetime.datetime.fromtimestamp(time.time()).strftime('%Y%m%d%H%M%S')
print(payload)
with open('mykey.pem', 'rb') as f:
private_key = RSA.importKey(f.read(), passphrase='')
print(private_key.can_sign())
signature = sign(payload.encode(),private_key)
full_message = b64encode(payload.encode()+signature)
receiver(full_message)
def receiver(full_message ):
message_decoded = b64decode(full_message)
payload = message_decoded[:14].decode()
#since i know that the lenght of the message is 14
signature = message_decoded[-128:]
#and I know that the signature is 128 bytes
with open("mykey.pub", 'rb') as f:
public_key = RSA.importKey(f.read(),passphrase='')
print('VERIF', verify(payload.encode(), signature,public_key))
return False
def sign(message, priv_key):
signer = PKCS1_v1_5.new(priv_key)
digest = SHA.new()
digest.update(message)
return signer.sign(digest)
def verify(message, signature, pub_key):
signer = PKCS1_v1_5.new(pub_key)
digest = SHA.new()
digest.update(message)
return signer.verify(digest, signature)
sender()
PS:我仍然想知道它是否 url 安全,尽管编码字符串中有 '/' 和 '+'
好的,在这里发布我的问题的答案:
所以完整的消息以字节为单位,如果我用 ASCII
解码完整的消息
full_message = b64encode(payload.encode()+signature)
print(full_message)
returns 字节
b'MjAxODExMjgxNjAyMTmsNkL1RwldzchBWFN5hJKr8CZu6sdOtqRloZlmVWnIi7NC6qZrmalls4up8rGdZ2FHGXIvvRtU7M5m+x7a/D48qQRCU9mw9tor9E/TkNvwAmEKmsWaiwTONd78Fgtmu7Ws7qBLBFrnA3wnUM2E+2HB6RrDe3WrlBWy39A+oRctuw=='
full_message = b64encode(payload.encode()+signature).decode('ASCII')
print(full_message)
returns 可以附加到 url
的字符串
MjAxODExMjgxNjAxMzMdxIw7ipGAUSdnQt4mpDOdoVH5uiInkP8MM+cNFC3oapRtytv3k5ecLjB4w/kx8gs73Al+6T7/NbXyJbT+F+XYIz7DXSy4Mav2/aB9/sGZKU8Ef+Q7Z8+FJTFn0BaaGFoSyaamLx00gncHtVqPgFjvS3gAmFAdiBTQmoSNI6gmrA==
然后在 receiver
def receiver(full_message ):
#if I b64decode the whole message and then decode the payload
#returns true :)
message_decoded = b64decode(full_message)
payload = message_decoded[:14].decode()
signature = message_decoded[-128:]
...
你会在下面找到我的发件人和收件人代码,他们正在成功签署消息并且有效
问题
如何将字节放入 url 并将有效负载的值传递到 GET 请求中,签名一起以 base64 编码 像
encoded_var = b64encode(payload.encode()+signature).decode('ACII')
url = "https://example.com/action?variable="+encoded_var
然后在接收方验证他们的var是从发送方签名的,这是一个交易演示,但我仍然无法得到它!感谢任何帮助
import time
import datetime
from Crypto.Signature import PKCS1_v1_5
from Crypto.PublicKey import RSA
from Crypto.Hash import SHA
from base64 import b64encode, b64decode
def sender():
my_url = 'https://example.com/action?variable='
payload = datetime.datetime.fromtimestamp(time.time()).strftime('%Y%m%d%H%M%S')
print(payload)
with open('mykey.pem', 'rb') as f:
private_key = RSA.importKey(f.read(), passphrase='')
print(private_key.can_sign())
signature = sign(payload.encode(),private_key)
full_message = b64encode(payload.encode()+signature)
receiver(full_message)
def receiver(full_message ):
message_decoded = b64decode(full_message)
payload = message_decoded[:14].decode()
#since i know that the lenght of the message is 14
signature = message_decoded[-128:]
#and I know that the signature is 128 bytes
with open("mykey.pub", 'rb') as f:
public_key = RSA.importKey(f.read(),passphrase='')
print('VERIF', verify(payload.encode(), signature,public_key))
return False
def sign(message, priv_key):
signer = PKCS1_v1_5.new(priv_key)
digest = SHA.new()
digest.update(message)
return signer.sign(digest)
def verify(message, signature, pub_key):
signer = PKCS1_v1_5.new(pub_key)
digest = SHA.new()
digest.update(message)
return signer.verify(digest, signature)
sender()
PS:我仍然想知道它是否 url 安全,尽管编码字符串中有 '/' 和 '+'
好的,在这里发布我的问题的答案: 所以完整的消息以字节为单位,如果我用 ASCII
解码完整的消息 full_message = b64encode(payload.encode()+signature)
print(full_message)
returns 字节
b'MjAxODExMjgxNjAyMTmsNkL1RwldzchBWFN5hJKr8CZu6sdOtqRloZlmVWnIi7NC6qZrmalls4up8rGdZ2FHGXIvvRtU7M5m+x7a/D48qQRCU9mw9tor9E/TkNvwAmEKmsWaiwTONd78Fgtmu7Ws7qBLBFrnA3wnUM2E+2HB6RrDe3WrlBWy39A+oRctuw=='
full_message = b64encode(payload.encode()+signature).decode('ASCII')
print(full_message)
returns 可以附加到 url
的字符串MjAxODExMjgxNjAxMzMdxIw7ipGAUSdnQt4mpDOdoVH5uiInkP8MM+cNFC3oapRtytv3k5ecLjB4w/kx8gs73Al+6T7/NbXyJbT+F+XYIz7DXSy4Mav2/aB9/sGZKU8Ef+Q7Z8+FJTFn0BaaGFoSyaamLx00gncHtVqPgFjvS3gAmFAdiBTQmoSNI6gmrA==
然后在 receiver
def receiver(full_message ):
#if I b64decode the whole message and then decode the payload
#returns true :)
message_decoded = b64decode(full_message)
payload = message_decoded[:14].decode()
signature = message_decoded[-128:]
...