How to create a hash object from raw bytes?
27 views
Skip to first unread message
pavel_a
Jan 14, 2022, 12:39:24 PM1/14/22
to PyCryptodome
Dear experts,
x.oid = '2.16.840.1.101.3.4.2.1'
x.digest_size = 32
x.digest = lambda : digest
I'm trying to use Crypto.Signature.pkcs1_15 with SHA256.
But I have the 32-byte digest already provided from something else.
So I need to forge a thing that can be passed to sign() and verify() from a bytes object.
I've tried this:
def make_sha(digest: bytes) :
class x:
passx.oid = '2.16.840.1.101.3.4.2.1'
x.digest_size = 32
x.digest = lambda : digest
return x
signer = Crypto.Signature.pkcs1_15.new(my_key)
h = make_sha(my_digest)
sig = signer.sign(h)
.................
and then to verify:
signer.verify(h, sig)
This looks like working, but actually verify() returns success even with invalid digest!
So I guess that my fake hash thing causes silent verify() failure in a strange way.
What is a proper way to do what I need?
pavel_a
Jan 14, 2022, 4:29:43 PM1/14/22
to PyCryptodome
Further debugging shows that this hack actually works for signing.
That's, signatures returned by sign() from a real SHA256 object and a fake objects are equal.
So the question now is why verify() succeeds with invalid digest bytes.
Is this a bug in verify() or something caused by the fake object?
pavel_a
Jan 16, 2022, 12:57:28 PM1/16/22
to PyCryptodome
Solved. I've imported pycyptodome in a "legacy" way, it actually creates a different interface that behaves differently.
x.digest = lambda : digest
return x
So the hack to make a SHA256 actually works, both to sign and verify.
Even much simpler:
def make_sha(digest: bytes) :
x = SHA256.new()
x.digest = lambda : digest
return x
Reply all
Reply to author
Forward
0 new messages