Python中nodejs crypto crypto.createSign的等价物

Question

我想用Python得到同样的结果。

function generateSignature(baseString, privateKey, clientSecret) {
  var signWith = {
    key: (privateKey)
  }; // Provides private key

  if (!_.isUndefined(clientSecret) && !_.isEmpty(clientSecret)) _.set(signWith, "passphrase", clientSecret);

  // Load pem file containing the x509 cert & private key & sign the base string with it to produce the Digital Signature
  var signature = crypto.createSign('RSA-SHA256')
    .update(baseString)
    .sign(signWith, 'base64');

  return signature;
}

我在Python中做了什么

    import base64
    from cryptography.hazmat.primitives.asymmetric import dsa, rsa
    from cryptography.hazmat.primitives.serialization import load_pem_private_key
    private_key = load_pem_private_key(
        str.encode(str_private_key),
        password=None)

    plain_text = b'abc'
    signature = private_key.sign(
        data=plain_text,
        padding=padding.PSS(
            mgf=padding.MGF1(hashes.SHA256()),
            salt_length=padding.PSS.MAX_LENGTH
        ),
        algorithm=hashes.SHA256()

    )

    print(base64.b64encode(signature))

我不知道从何说起。加密文档非常简短。密码如何在加密中使用？

Answer 1

NodeJS代码使用PythonV1.5填充，即PKCS#1代码OAEPadding。要在PKCS#1中也应用Python1.5版，请按如下所示更改填充：

signature = private_key.sign(
    data=plain_text,
    padding=PKCS1v15(),         # Fix: Apply PKCS#1 v1.5
    algorithm=hashes.SHA256()
)