Skip to content

Instantly share code, notes, and snippets.

@lkdocs
Last active January 22, 2025 07:10
Show Gist options
  • Save lkdocs/6519372 to your computer and use it in GitHub Desktop.
Save lkdocs/6519372 to your computer and use it in GitHub Desktop.
def verify_sign(public_key_loc, signature, data):
'''
Verifies with a public key from whom the data came that it was indeed
signed by their private key
param: public_key_loc Path to public key
param: signature String signature to be verified
return: Boolean. True if the signature is valid; False otherwise.
'''
from Crypto.PublicKey import RSA
from Crypto.Signature import PKCS1_v1_5
from Crypto.Hash import SHA256
from base64 import b64decode
pub_key = open(public_key_loc, "r").read()
rsakey = RSA.importKey(pub_key)
signer = PKCS1_v1_5.new(rsakey)
digest = SHA256.new()
# Assumes the data is base64 encoded to begin with
digest.update(b64decode(data))
if signer.verify(digest, b64decode(signature)):
return True
return False
@peter-wolfenden-zocdoc
Copy link

This looks promising, but for some reason I'm getting this error when I try to use it:

... (truncated backtrace) ...
rsakey = RSA.importKey(pub_key)
File "/usr/lib64/python2.7/dist-packages/Crypto/PublicKey/RSA.py", line 665, in importKey
return self._importKeyDER(der)
File "/usr/lib64/python2.7/dist-packages/Crypto/PublicKey/RSA.py", line 588, in _importKeyDER
raise ValueError("RSA key format is not supported")

I get a lot of hits when I search for this error, but the consensus seems to be that python 2.7 with the following libraries should "just work":

from Crypto.PublicKey import RSA
from Crypto.Signature import PKCS1_v1_5
from Crypto.Hash import SHA256
from base64 import b64decode

Does anyone have any helpful suggestions? Thanks in advance!

@doowon
Copy link

doowon commented Sep 22, 2016

@peter-wolfenden-zocdoc A wrong passphrase would lead to this error. Please check your passphrase.

@phongthanfz
Copy link

nice nice :3 thank, your code help me so much

@sidraamalik
Copy link

How can this work for simple client server socket, where a client sends a signed msg and server verifies? How should I send the message and signature both?

@cnicodeme
Copy link

@peter-wolfenden-zocdoc You probably did not decoded your string (from base64). Try a rsakey = RSA.importKey(pub_key.decode('base64'))

@vaibhav1721
Copy link

can anyone show me an example, please? I am not that much frequent in python but want to implement signature validation in an application

@cryptid11
Copy link

@melvyn2
Copy link

melvyn2 commented Mar 23, 2018

Would return signer.verify(digest, b64decode(signature)) work better than the current method?

@Okirshen
Copy link

Okirshen commented Jul 4, 2019

I get the error
binascii.Error: Incorrect padding
please help!!!!!!

@JustinMarinelli
Copy link

If verification fails, is there a way to get the originally hashed message from the digital signature?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment