def verifySignature(m, signature, publicKey):
"""
Verify a type 0 signature over m
@param m: binary message
@type m: string
@param signature: The OpenPGP signature over m.
@type signature: SignatureMessage
@param publicKey: The public key of the signer.
@type publicKey: PublicKeyMessage
@return: Returns true if the signature is valid.
"""
data = (m + signature.packets[TAG_SIGNATURE].hashdata())
plainhash = crypto.hash(
data,
signature.packets[TAG_SIGNATURE].hashAlgorithm.value)
if signature.packets[TAG_SIGNATURE].hashLeftTwo != plainhash[0:2]:
return False
codedhash = encoding.pkcs15(
plainhash,
publicKey.packets[TAG_PUBKEY].n.bits(),
signature.packets[TAG_SIGNATURE].hashAlgorithm.value)
codedhashInt = elements.ScalarElement(codedhash).value
rsaN = publicKey.packets[TAG_PUBKEY].n.value
rsaE = publicKey.packets[TAG_PUBKEY].e.value
return crypto.rsaVerify(signature.packets[TAG_SIGNATURE].sig.value,
codedhashInt, rsaE, rsaN)
def blind(publicKey, sigTime, data):
keyID = publicKey.packets[TAG_PUBKEY].keyID()
n = publicKey.packets[TAG_PUBKEY].n
e = publicKey.packets[TAG_PUBKEY].e
if sigTime is None:
sigTime = _randomTime(publicKey.creationTime(), publicKey.expirationTime())
sigPacket = _prepareSignature(crypto.HASH_SHA256, sigTime, keyID)
sigdata = data + sigPacket.hashdata()
plainhash = crypto.hash(sigdata, sigPacket.hashAlgorithm.value)
codedhash = encoding.pkcs15(plainhash, n.bits(), sigPacket.hashAlgorithm.value)
m = elements.ScalarElement(codedhash).value
while True:
r = elements.ScalarElement(crypto.randomBytes(n.octets())).value
if r > 1 and r < n.value and crypto.gcd(n.value, r) == 1:
break
packet = packets.BlindMessagePacket()
packet.m = elements.MPIElement(crypto.rsaBlind(m, r, e.value, n.value))
return r, plainhash[0:2], sigTime, messages.BlindMessageMessage.fromPackets((packet,))
def computeSignature(m, secretKey):
"""
Compute a type 0 signature.
@param m: Message of binary data to sign.
@type m: string
@param secretKey: Key used for signature.
@type secretKey: SecretKeyMessage
@return: An OpenPGP signature message.
"""
sigPacket = packets.SignaturePacket()
sigPacket.version = elements.ScalarElement(4)
sigPacket.signatureType = elements.ScalarElement(0)
sigPacket.pubAlgorithm = elements.ScalarElement(1)
sigPacket.hashAlgorithm = elements.ScalarElement(crypto.HASH_SHA256)
sigPacket.hashedSubpackets.add(subpackets.CreationTimeSubpacket(
elements.TimeElement.now()))
sigPacket.subpackets.add(
subpackets.IssuerSubpacket(secretKey.packets[TAG_SECKEY].keyID()))
data = (m + sigPacket.hashdata())
plainhash = crypto.hash(data, sigPacket.hashAlgorithm.value)
sigPacket.hashLeftTwo = plainhash[0:2]
codedhash = encoding.pkcs15(
plainhash,
secretKey.packets[TAG_SECKEY].n.bits(),
sigPacket.hashAlgorithm.value)
codedhashInt = elements.ScalarElement(codedhash).value
rsaN = secretKey.packets[TAG_SECKEY].n.value
rsaD = secretKey.packets[TAG_SECKEY].d.value
s = crypto.rsaSign(codedhashInt, rsaD, rsaN)
sigPacket.sig = elements.MPIElement(s)
pgpMessage = messages.SignatureMessage.fromPackets((sigPacket,))
return pgpMessage
