def onboardPerson():
print("called onboardPerson", file=sys.stderr)
validation_result = validateDocumentData(request.data)
if validation_result == NO_DATA:
return getJsonResponse(400, "Error", "No document data provided")
elif validation_result == INVALID_FIELD:
return getJsonResponse(400, "Error", "Not all fields are valid")
data = request.json["data"]
user_id = data["userId"]
print(user_id)
signedUserId = request.json["signedUserId"]
signedUserId = base64.decodestring(signedUserId.encode("ascii"))
issuerPrivateKeyFile = getKeys("Munich")["private"]
with open(issuerPrivateKeyFile, 'r') as f:
file_data = f.read()
issuerPrivateKey = rsa.PrivateKey.load_pkcs1(file_data, "PEM")
docHash = rsa.compute_hash(json.dumps(data).encode("utf-8"), HASH_METHOD)
signedDocHash = rsa.sign_hash(docHash, issuerPrivateKey, HASH_METHOD)
signedDocHash = base64.encodestring(signedDocHash).decode("ascii")
userPublicKeyFile = getKeys(user_id)["public"]
print(userPublicKeyFile)
with open(userPublicKeyFile, 'r', encoding="ascii") as f:
file_data = f.read()
userPublicKey = rsa.PublicKey.load_pkcs1(file_data)
try:
verify = rsa.verify(user_id.encode("utf-8"),
signedUserId, userPublicKey)
verifyUserResult = "Success"
except rsa.pkcs1.VerificationError as e:
verifyUserResult = "Failed"
# post to blockchain
result = runRawTransaction(
'onboard', [b"Munich", user_id.encode("utf-8"), signedDocHash.encode("utf-8")])
print(result)
res = {
"docHash": base64.encodestring(docHash).decode("ascii"),
"signedDocHash": signedDocHash,
"verifyUserResult": verifyUserResult,
"smartContractResult": result,
# "raw_tx": raw_tx.decode("ascii"),
# "payload": payload,
}
return json.dumps(res)
def signData():
user_id = request.json["userId"]
privateKeyFile = request.json["privateKeyFile"]
with open(privateKeyFile, 'r') as f:
file_data = f.read()
privateKey = rsa.PrivateKey.load_pkcs1(file_data, "PEM")
user_id_hash = rsa.compute_hash(user_id.encode("utf-8"), HASH_METHOD)
signedUserId = rsa.sign_hash(user_id_hash, privateKey, HASH_METHOD)
res = {
"userId": user_id,
# "userIdHash": base64.encodestring(user_id_hash).decode("ascii"),
"privateKeyFile": privateKeyFile,
"signedUserId": base64.encodestring(signedUserId).decode("ascii")
}
return json.dumps(res)
def get_signed_text(st):
return st + '\n' + str(
(rsa.sign_hash(rsa.compute_hash(st.encode("utf-8"), "SHA-256"),
get_private_key(), "SHA-256")))
def sign(message, privkey):
hash = rsa.compute_hash(message, 'SHA-1')
signature = rsa.sign_hash(hash, privkey, 'SHA-1')
return signature
## 1. Bob generates a keypair, and gives the public key to Alice.
## This is done such that Alice knows for sure that the key is really Bob’s
## (for example by handing over a USB stick that contains the key).
(pk, sk) = rsa.newkeys(512)
print('PUBLIC KEY -> ' + str(pk) + '\n')
print('SECRET KEY -> ' + str(sk) + '\n')
## 2. Alice writes a message, and encodes it in UTF-8. The RSA module only
## operates on bytes, and not on strings, so this step is necessary.
message = input('Enter the message you want to encrypt: ')
message = message.encode('utf8')
## we add the signature to the message
hash = rsa.compute_hash(message, 'SHA-1')
signature = rsa.sign_hash(hash, sk, 'SHA-1')
print('\nSignature -> ' + str(signature))
## 3. Alice encrypts the message using Bob’s public key, and sends the encrypted message.
crypto = rsa.encrypt(message, pk)
print('\nEncypted message --> ' + str(crypto))
wants_to_modify = input('\nWant to modify the message? (yes or no) ')
wants_to_modify = wants_to_modify.lower()
if wants_to_modify == 'yes':
## let's an attacker got the message and he decides to change it
message = input('\nModify the message: ')
message = message.encode('utf8')
crypto = rsa.encrypt(message, pk)
# Note: These are using PKCS#1 v1.5
print("sign/verify")
message = b"message"
other_message = b"other message"
hash = rsa.compute_hash(
message, "SHA-256"
) # $ CryptographicOperation CryptographicOperationAlgorithm=SHA256 CryptographicOperationInput=message
hash = rsa.compute_hash(
message=message, method_name="SHA-256"
) # $ CryptographicOperation CryptographicOperationAlgorithm=SHA256 CryptographicOperationInput=message
signature_from_hash = rsa.sign_hash(
hash, private_key, "SHA-256"
) # $ CryptographicOperation CryptographicOperationAlgorithm=RSA CryptographicOperationInput=hash
signature_from_hash = rsa.sign_hash(
hash_value=hash, priv_key=private_key, hash_method="SHA-256"
) # $ CryptographicOperation CryptographicOperationAlgorithm=RSA CryptographicOperationInput=hash
signature = rsa.sign(
message, private_key, "SHA-256"
) # $ CryptographicOperation CryptographicOperationAlgorithm=RSA CryptographicOperationAlgorithm=SHA256 CryptographicOperationInput=message
signature = rsa.sign(
message=message, priv_key=private_key, hash_method="SHA-256"
) # $ CryptographicOperation CryptographicOperationAlgorithm=RSA CryptographicOperationAlgorithm=SHA256 CryptographicOperationInput=message
assert signature == signature_from_hash
print("signature={}".format(signature))
# 修改加密结果crypto后尝试解密,会报:rsa.pkcs1.DecryptionError: Decryption failed
try:
err_result = rsa.decrypt(crypto[:-1] + b'X', privkey)
except rsa.pkcs1.DecryptionError as e:
logger.info(str(e))
####################################################################################################################
# 签名和验证
# 用于确认加密信息是持有privkey的用户发出来的
# 签名方式一:
signature = rsa.sign(message, privkey, 'SHA-1')
# print(signature)
# 签名方式二:
hash = rsa.compute_hash(message, 'SHA-1')
signature1 = rsa.sign_hash(hash, privkey, 'SHA-1')
try:
# 校验正常时返回哈希加密类型;校验失败时报VerificationError
verified = rsa.verify(message, signature, pubkey)
print(verified)
verified1 = rsa.verify(message, signature1, pubkey)
print(verified1)
except rsa.pkcs1.VerificationError as e:
logger.info(str(e))
# 另一种哈希算法
# 签名方式一:
signature = rsa.sign(message, privkey, 'SHA-256')
# print(signature)
# 签名方式二:
hash = rsa.compute_hash(message, 'SHA-256')