def verify_elf(elf, key_path): elf_hash, build_id, current_sig = get_elf_hash(elf) with open(key_path,'rb') as f: key = RSA.importKey(f.read()) verifier = PKCS1.PKCS115_SigScheme(key) res = verifier.verify(elf_hash, current_sig) if not res: print "The ELF's signature is invalid!" exit(0) print "The ELF's signature is valid"
def sign_elf(elf_path, key_path): print "Signing ELF..." elf_hash, build_id, current_sig = get_elf_hash(elf_path) # Generate new key if not os.path.exists(key_path): key = RSA.generate(2048) with open(key_path,'wb') as f: f.write(key.exportKey('PEM')) pubkey = key.publickey() with open(key_path+'.pub','wb') as f: f.write(pubkey.exportKey('PEM')) else: with open(key_path,'rb') as f: key = RSA.importKey(f.read()) signer = PKCS1.PKCS115_SigScheme(key) assert(key.can_sign()) sig = signer.sign(elf_hash) with os.fdopen(os.open(elf_path, os.O_RDWR | os.O_CREAT), 'rb+') as f: f.seek(build_id.header.sh_offset + 16) f.write(sig) print "ELF has been signed"
def sign(self, message): """Signs a message. Args: message: string, Message to be signed. Returns: string, The signature of the message for the given key. """ # SHA256 our message sha = SHA256.new(message) # Sign it with our PKCS8 key signer = PKCS1_v1_5.PKCS115_SigScheme(self._key) return signer.sign(sha)
def getPeerPkcs(self, peerid): ''' Return a pkcs15 object for the given peer's cert. Example: pkcs = neu.getPeerPkcs(peerid) if not pkcs.verify(byts,sign): return ''' pkcs = self.runinfo[peerid].get('pkcs15') if pkcs == None: key = self.getPeerInfo(peerid, 'rsakey') rsa = RSA.importKey(key) pkcs = PKCS15.PKCS115_SigScheme(rsa) self.runinfo[peerid]['pkcs15'] = pkcs return pkcs
def verify(self, message, signature): """Verifies a message against a signature. Args: message: string, The message to verify. signature: string, The signature on the message. Returns: True if message was singed by the private key associated with the public key that this object was constructed with. """ try: logging.info(message) logging.info(signature) sha = SHA256.new(message) verifier = PKCS1_v1_5.PKCS115_SigScheme(self._pubkey) verifier.verify(sha, signature) return True except: raise return False
def setrsakey(event): valu = event[1].get('valu') self.rsakey = RSA.importKey(valu) self.pubkey = self.rsakey.publickey() self.pkcs15 = PKCS15.PKCS115_SigScheme(self.rsakey)