0

The problem is the code is working but it does not verify. The sample below was the first iteration of the implementation of the code. below. That code operates accurately, but once I save the signature in Sqlite (base64 encoded) server and retrieve it back for comparison, it does not work. The link is the full project where you can see the issue. The project run on flask and all the requirements can be found in the requirements.txt file.

from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import ec
from cryptography.hazmat.primitives.serialization import load_pem_private_key, load_pem_public_key, Encoding, PublicFormat
from cryptography.hazmat.primitives.asymmetric import utils

with open("CA_test\\private_key.pem", 'rb') as f:
    private_key = load_pem_private_key(f.read(), None)    

with open("CA_test\\public_key.pem", 'rb') as f:
    public_key  = load_pem_public_key(f.read(), None)    
    

# Create SHA-256 hash of message
message = b'14789'
message_hash = hashes.Hash(hashes.SHA256())
message_hash.update(message)
message_digest = message_hash.finalize()


message1 = b'14789'
message_hash1 = hashes.Hash(hashes.SHA256())
message_hash1.update(message1)
message_digest1 = message_hash1.finalize()

# Generate proof
signature = private_key.sign(message_digest, ec.ECDSA(utils.Prehashed(hashes.SHA256())))
print(signature)

try:
    public_key.verify(signature, message_digest1, ec.ECDSA(utils.Prehashed(hashes.SHA256())))
    print('Proof verified')
except:
    print('Proof not verified')

That pyodide with flask can verify the data, by using the signature sent by the database and authenticate the user.

Mr.Deadpool
  • 21
  • 1
  • 2
    The code works. So storing/retrieving in Sqlite must have changed the signature. The Base64 encoding/decoding is not found in the code. Does this take place DB side, and is it ensured that the Base64 encoding on store is followed by the corresponding Base64 decoding on retrieve? Apart from this assumption, the posted information is not enough to identify what is responsible for changing the signature. By the way, the link does not work. – Topaco Mar 08 '23 at 07:41
  • Post sample data: Test key pair, message, signature (which can be verified), signature (which cannot be verified after storing in Sqlite). Maybe the comparison of signatures will allow to draw further conclusions. – Topaco Mar 08 '23 at 07:43
  • new link - https://fastupload.io/aZbbEUhlpSj90AQ/file. All the keys i use have been added to the link @Topaco – Mr.Deadpool Mar 08 '23 at 13:07
  • I can't find any test data in the posted data (the keys alone don't help). You should provide an [MCVE](https://stackoverflow.com/help/minimal-reproducible-example). – Topaco Mar 08 '23 at 14:02

0 Answers0