def test_challenge43():
message = b'you know me'
pub, priv = dsa.gen_key_pair()
signature = dsa.sign(priv, message)
assert dsa.verify(pub, message, signature)
x = set6.challenge43()
assert x == 125489817134406768603130881762531825565433175625
def tamper(m, g):
y = pow(g, x, p)
[r, s] = sign(m, g, p, q, x)
print "m ", m
print "g ", print_long(g)
print "x (shh!) ", x
print "y ", print_long(y)
print "sig ", r
print " ", s
return [r,s,y]
def tamper(m, g):
y = pow(g, x, p)
[r, s] = sign(m, g, p, q, x)
print "m ", m
print "g ", print_long(g)
print "x (shh!) ", x
print "y ", print_long(y)
print "sig ", r
print " ", s
return [r, s, y]
from dsa import gen_param, gen_keypair, sign, verify
import sys
print("algorithm parameter generation: ")
if (len(sys.argv) > 1):
q, p, g = gen_param(int(sys.argv[1]), int(sys.argv[2]))
else:
# default inputs are (160, 1024)
q, p, g = gen_param()
print("q: {}\np: {}\ng: {}\n".format(q, p, g))
print("keypair generation:")
privkey, pubkey = gen_keypair(q, p, g)
print("privkey: {}\npubkey: {}\n".format(privkey, pubkey))
message = int(input("enter your message (as an integer): "))
print("\nsigning message with private key {}".format(privkey))
r, s = sign(q, p, g, privkey, message)
print("signature (r, s): {}".format((r, s)))
print("\nverifying message '{}' with signaure {}".format(message, (r, s)))
print(verify(q, p, g, pubkey, r, s, message))
def _sign_blob(tx_blob, seed, test=False):
signing_hash = _get_signing_hash(tx_blob, test)
return dsa.sign(signing_hash, seed)
from dsa import sign
for i in range(50):
print i, sign(str(i))
from dsa import p, q, g, find_private_key, sign
import random
x = random.randint(1, q) # private key
y = pow(g, x, p)
public = [p, q, g, y] # Turns out we don't even need y.
test_string = """For those that envy a MC it can be hazardous to your health
So be friendly, a matter of life and death, just like a etch-a-sketch
"""
H_string = sha1(test_string).hexdigest()
print "Hash of test msg =", H_string
H = int("0x" + H_string, 16)
r, s = sign(test_string, g, p, q, x)
print "With random nonce k,"
print "r =", r
print "s =", s
print
#### Breaking, given a signature [r,s], and given that k <= 2**16.
#### Also of course given parameters g, p, q, and hash H of message.
print "Searching for k (nonce, subkey) and thus x (private key)...."
matasano_r = 548099063082341131477253921760299949438196259240
matasano_s = 857042759984254168557880549501802188789837994940
k_found = 0
x_found = 0
start = time.time()
for k in range (1, 2 ** 16):
#!/usr/bin/python
from secrets import FLAG
from dsa import verify, sign
PORT = 8365
from BaseHTTPServer import BaseHTTPRequestHandler, HTTPServer
from SocketServer import ThreadingMixIn
print sign("flag")
print sign("ala ma kota")
class myHandler(BaseHTTPRequestHandler):
def do_GET(self):
self.send_response(200)
self.send_header('Content-type', 'text/plain')
self.end_headers()
params = self.path[1:]
[data, sig] = [x.decode('hex') for x in params.split(',')]
try:
if verify(data, int(sig)):
if data == "flag":
ret = FLAG
else:
ret = 'ok'
else:
ret = "bad sig"
except:
ret = 'error'
self.wfile.write(ret)
from dsa import p, q, g, find_private_key, sign
import random
x = random.randint(1, q) # private key
y = pow(g, x, p)
public = [p, q, g, y] # Turns out we don't even need y.
test_string = """For those that envy a MC it can be hazardous to your health
So be friendly, a matter of life and death, just like a etch-a-sketch
"""
H_string = sha1(test_string).hexdigest()
print "Hash of test msg =", H_string
H = int("0x" + H_string, 16)
r, s = sign(test_string, g, p, q, x)
print "With random nonce k,"
print "r =", r
print "s =", s
print
#### Breaking, given a signature [r,s], and given that k <= 2**16.
#### Also of course given parameters g, p, q, and hash H of message.
print "Searching for k (nonce, subkey) and thus x (private key)...."
matasano_r = 548099063082341131477253921760299949438196259240
matasano_s = 857042759984254168557880549501802188789837994940
k_found = 0
x_found = 0
start = time.time()
for k in range(1, 2**16):
def _sign_blob(tx_blob, seed, test=False): signing_hash = _get_signing_hash(tx_blob, test) return dsa.sign(signing_hash, seed)
