I have got a message signed with .Net RSACryptoServiceProvider, the message is then send to Python software which tries to verify the sign with m2crypto (openssl-based lib).
I've got public cert that is the pair for the private key the message was signed with.
Before .Net software sends the sing it converts it using ByteArrayToString, because the sign is generated with the following code:
//Convert plain text into a byte array to sign.
byte[] data = new UTF8Encoding().GetBytes(phrase);
SHA1Managed sha1 = new SHA1Managed();
byte[] hashBytes = sha1.ComputeHash(data);
byte[] sig = csp.SignData(hashBytes, CryptoConfig.MapNameToOID("SHA1"));
So the signature sended to the receiver is
ByteArrayToString(sig)
The Python part is:
def verify(message, signature, cert_path):
msg = hashlib.sha1(message).hexdigest()
certificate = M2Crypto.X509.load_cert(cert_path)
pubkey = certificate.get_pubkey()
pubkey.reset_context(md='sha1')
pubkey.verify_init()
pubkey.verify_update(msg)
sgn = signature.decode('base64')
is_verified = pubkey.verify_final(sgn)
And I can not get the verification... I think there might be an issue with signature encoding in the Python part, but maybe someone can see any other bugs here?
When I use my own certificate (generated with openssl) and sign the message from the Python itself, encode the signature, send it, then decode and verify everything is working fine...
I would appreciate any comments!
I cannot guarantee my answer since I never used m2crypto but I think that the message is hashed twice. In
and
The MSDN documentation about
SignDataspecifies:Therefore I don't think you should pre-hash the message before producing the signature.