Blog Posts

Python Script for RSA signing/verifying

05-01-2023

Github Page: https://github.com/pkiscape/rsa-signverify

This python script, "rsa-signverify.py" uses the python cryptographic library to perform digital signature functions. It can sign data using RSA/PSS and verify signatures. You can first generate an RSA keypair with openssl if you don't have a keypair.

After generating the RSA keypair, you can sign data. The --sign parameter will load the private key(--key), and then it will hash (SHA256) the message that was passed with --sign and then sign the digest. The --verify parameter will load the public key(--key). It will then verify the signature(--signature)/message(--verify) with the public key.

Generate private key:


    openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out rsa2048.key

Then you can derive public key from private key:


    openssl rsa -in rsa2048.key -pubout -out rsa2048.pub

Note: This script requires cryptography - https://pypi.org/project/cryptography/

pip3 install cryptography

Usage:


    usage: rsa-signverify [-h] [-k KEY] [-s SIGN] [-v VERIFY] [-sig SIGNATURE] [-out OUT]

    optional arguments:

      -h, --help            show this help message and exit

      -k KEY, --key KEY     Define the RSA private or public key file in PEM format

      -s SIGN, --sign SIGN  Specify file to sign using RSA private key. Uses PSS padding.

      -v VERIFY, --verify VERIFY

                            Specify message to verify using passed RSA public key

      -sig SIGNATURE, --signature SIGNATURE

                            Specify signature to verify using passed RSA public key

      -out OUT, --out OUT   Define the file in which to write the signature. Defaults to "signature.bin"

====Signing====

Generic signing using your RSA private key. It uses PSS padding (Probabilistic signature scheme). It saves the signature as signature.bin


    rsa-signverify.py  -k private_key.pem -s data.png

Same as above, but define a file to write the signature to a custom file.


    rsa-signverify.py -k private_key.pem -s data.png -out data.png.sig

====Verifying signatures====

When verifying signatures, pass the public key (public_key.pem) along with the actual message (data.png) and the signature (data.png.sig)


    rsa-signverify.py -k public_key.pem -v data.png -sig data.png.sig

"Verification Successful" will appear when the signature and message can be verified with the public key.
If the signature does not match, verify() will raise an InvalidSignature exception.