def sign(self, msg):
start = time.time()
signature = self.key.sign(msg, mechanism=Mechanism.ECDSA_SHA256)
print("time (sign) {}s".format(time.time() - start))
self.pubcrypto.verify(ec.encode_ecdsa_signature(signature), msg,
eccrypto.ECDSA(hashes.SHA256()))
return ec.encode_ecdsa_signature(signature) # get DER encoded
def generate_csr(self, private_key, subject_name, extensions=None):
common_name = subject_name.get_attributes_for_oid(
NameOID.COMMON_NAME)[0].value
info = CertificationRequestInfo({
'version':
0,
'subject':
Name.build({
'country_name': 'US',
'state_or_province_name': 'North Carolina',
'organization_name': 'Hyperledger',
'organizational_unit_name': 'Fabric',
'common_name': common_name
}),
'subject_pk_info':
PublicKeyInfo.load(encode_ec_public_key(private_key.public_key)),
'attributes':
CRIAttributes([])
})
hash = hashlib.sha256(info.dump()).digest()
signature = private_key.private_key.sign(hash,
mechanism=Mechanism.ECDSA)
csr = CertificationRequest({
'certification_request_info':
info,
'signature_algorithm': {
'algorithm': 'sha256_ecdsa',
'parameters': None
},
'signature':
encode_ecdsa_signature(signature)
})
der = csr.dump()
result = x509.load_der_x509_csr(der, default_backend())
return result
def sign(self, message: bytes) -> bytes:
"""
Sign a message with a key from SoftHSM.
:param bytes message: The data to sign.
:return: The signed data using a private key in SoftHSM.
:rtype: bytes
"""
with self.token.open(rw=True, user_pin=self.user_pin) as session:
private_key = session.get_key(
label=self.key_label,
key_type=self.pkcs11_key_type,
object_class=pkcs11.ObjectClass.PRIVATE_KEY,
)
if self.key_type == KeyType.EC:
digest = hashes.Hash(self.pkcs11_hash_type())
digest.update(message)
signature = private_key.sign(digest.finalize(),
mechanism=pkcs11.Mechanism.ECDSA)
return encode_ecdsa_signature(signature)
signature = private_key.sign(message,
mechanism=self.pkcs11_hash_type)
if self.key_type == KeyType.RSA:
return signature
if self.key_type == KeyType.DSA:
return encode_dsa_signature(signature)
def sign(self, private_key, message):
hash = hashlib.sha256(message).digest()
signature = private_key.private_key.sign(hash,
mechanism=Mechanism.ECDSA)
encoded_signature = encode_ecdsa_signature(signature)
r, s = decode_dss_signature(encoded_signature)
if s > self.half_order:
s = self.order - s
return encode_dss_signature(r, s)
def test_ecdsa(self):
# A key we generated earlier
self.session.create_domain_parameters(KeyType.EC, {
Attribute.EC_PARAMS: encode_named_curve_parameters('secp256r1'),
}, local=True)\
.generate_keypair()
priv = self.session.get_key(key_type=KeyType.EC,
object_class=ObjectClass.PRIVATE_KEY)
signature = priv.sign(b'Data to sign', mechanism=Mechanism.ECDSA_SHA1)
# Encode as ASN.1 for OpenSSL
signature = encode_ecdsa_signature(signature)
from oscrypto.asymmetric import load_public_key, ecdsa_verify
pub = self.session.get_key(key_type=KeyType.EC,
object_class=ObjectClass.PUBLIC_KEY)
pub = load_public_key(encode_ec_public_key(pub))
ecdsa_verify(pub, signature, b'Data to sign', 'sha1')