Python sign message with private key and verify with public key

0_export_public_key.py

#!/usr/bin/env python
"""Extract the public key from the private key and write to a file.
"""
from Crypto.Hash import SHA256
from Crypto.Signature import PKCS1_v1_5
from Crypto.PublicKey import RSA


with open("private_key.pem", "r") as src:
    private_key = RSA.importKey(src.read())

public_key = private_key.publickey()

with open('public_key.txt', 'w') as out:
    out.write(public_key.exportKey().decode('utf-8'))

1_sign.py

#!/usr/bin/env python

#from base64 import (b64encode, b64decode)

from Crypto.Hash import SHA256
from Crypto.Signature import PKCS1_v1_5
from Crypto.PublicKey import RSA


#message = "I want this stream signed"
message = input("message? ")
digest = SHA256.new()
digest.update(message.encode('utf-8'))

# Load private key previouly generated
with open ("private_key.pem", "r") as myfile:
    private_key = RSA.importKey(myfile.read())

# Sign the message
signer = PKCS1_v1_5.new(private_key)
sig = signer.sign(digest)

# sig is bytes object, so convert to hex string.
# (could convert using b64encode or any number of ways)
print("Signature:")
print(sig.hex())

2_verify.py

#!/usr/bin/env python

import sys

from Crypto.Hash import SHA256
from Crypto.Signature import PKCS1_v1_5
from Crypto.PublicKey import RSA


# message = "I want this stream signed"
message = input('Message? ')

digest = SHA256.new()
digest.update(message.encode('utf-8'))

#sig = 'bedc06f6b6cb0edc5c426ec7bb4aad32fbba4efe239e71804047bc0eca3081475641563250092528521879df93ca22474926ecc4baeec98aaf90dffe465ef384917ecf41fbbc332033561f40f13d130d540f9d95114c3b12f05b90351580860453876d4fa30dd6f94a96a92f9684015ccd806c7a053ebf07861091a35d057201'
sig = input('Signature? ')
sig = bytes.fromhex(sig)  # convert string to bytes object

# Load public key (not private key) and verify signature
public_key = RSA.importKey(open("public_key.txt").read())
verifier = PKCS1_v1_5.new(public_key)
verified = verifier.verify(digest, sig)

if verified:
    print('Successfully verified message')
else:
    print('FAILED')

README.md

Demonstrate simple private key signature and public key verify

• Based on https://gist.github.com/cevaris/e003cdeac4499d225f06
• updated for Python 3.
• One script to generate a signature for an arbitrary input message.
• One script to validate the signature using only the private key.

Sequence

You'll need Python 3 and to pip install -r requirements.txt.

Then, set up private and public keys with:

$ bash generate_key.sh 
Generating RSA private key, 1024 bit long modulus
...++++++
..++++++
e is 65537 (0x10001)

$ python 0_export_public_key.py 
(done)

$ cat public_key.txt 
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDU4d3jauQxxI1TmID8q4ejPlMb
1bqYC3GHqnVyJI+TUi84kasfpu3wUbmEhLXwdlSx+w56X6IP2YRhBaYJ7GnI/D2S
dpYh61khiKNaggkrh7d2Z2I1lrtyw0I1209ruKRevKIkvpNKaAVhCYJnBYPOdgJK
2Hg/BGFYnKljSW5GDwIDAetc
-----END PUBLIC KEY-----

Next, create a signature for an arbitrary input message:

$ python 1_sign.py 
message? Hello there
Signature:
6970bbd7c1a1a140fa...............................

Then validate the signature matches for the given input, using only the public key:

$ python 2_verify.py 
Message? Hello there
Signature? 6970bbd7c1a1a140fa24bd65a658ca.........................
Successfully verified message

Validate that a different message with same signature fails:

$ python 2_verify.py 
Message? Foobar
Signature? 6970bbd7c1a1a140fa24bd65a658ca.........................
FAILED

requirements.txt

pycryptodome==3.14.1