From 5dc620e29ac060180c0235eacaaa488ea435d548 Mon Sep 17 00:00:00 2001 From: Lars Date: Mon, 1 Jan 2024 22:15:39 +0100 Subject: [PATCH] Saving signatures now works --- src/sshkey_tools/signatures.py | 49 +++++++++++++++++++++++++++++++--- validate_signatures.py | 13 ++++++--- 2 files changed, 54 insertions(+), 8 deletions(-) diff --git a/src/sshkey_tools/signatures.py b/src/sshkey_tools/signatures.py index 8f0c2ed..88ba352 100644 --- a/src/sshkey_tools/signatures.py +++ b/src/sshkey_tools/signatures.py @@ -7,7 +7,7 @@ # string reserved # string hash_algorithm # string signature -from base64 import b64decode +from base64 import b64decode, b64encode from .cert import Fieldset, dataclass, Union from prettytable import PrettyTable from .utils import concat_to_bytestring, concat_to_string, ensure_bytestring @@ -48,6 +48,32 @@ def __bytes__(self): bytes(self.reserved), bytes(self.hash_algorithm) ) + + def format_pubkey(self): + pubkey = self.public_key.value.to_string().split(' ') + + return _FIELD.StringField.encode(concat_to_bytestring( + pubkey[0], + ' ', + b64decode(pubkey[1])) + ) + + + # return _FIELD.BytestringField.encode(concat_to_bytestring( + # _FIELD.StringField.encode(pubkey[0]), + # _FIELD.StringField.encode(b64decode(pubkey[1])) + # )) + + def bytes_out(self): + return concat_to_bytestring( + bytes(self.magic_preamble), + bytes(self.sig_version), + _FIELD.StringField.encode(self.public_key.value.raw_bytes()), + bytes(self.namespace), + bytes(self.reserved), + bytes(self.hash_algorithm), + bytes(self.signature) + ) class SSHSignature: """ @@ -65,8 +91,11 @@ def __init__( self.fields.replace_field( "signature", _FIELD.SignatureField.from_object(signer_privkey) ) - self.fields.replace_field("public_key", signer_privkey.public_key) + self.fields.replace_field("public_key", _FIELD.PublicKeyField.from_object(signer_privkey.public_key)) + if issubclass(type(self.fields.public_key.value), type(self.fields.public_key)): + self.fields.public_key = self.fields.public_key.value + @classmethod def from_file(cls, path: str, encoding: str = 'none') -> "SSHSignature": """ @@ -196,5 +225,17 @@ def sign(self, data: Union[str, bytes]): def sign_file(self, path: str): signable = self.get_signable_file(path) self.fields.signature.sign(signable) - - \ No newline at end of file + + def to_string(self, data): + content = self.fields.bytes_out() + content = b64encode(content) + file_content = b"-----BEGIN SSH SIGNATURE-----\n" + file_content += b''.join([content[i:i+70] + b"\n" for i in range(0, len(content), 70)]) + file_content += b"-----END SSH SIGNATURE-----" + + return file_content + + def to_file(self, data, path: str): + with open(path, 'wb') as f: + f.write(self.to_string(data)) + \ No newline at end of file diff --git a/validate_signatures.py b/validate_signatures.py index 6e0f557..4cba697 100644 --- a/validate_signatures.py +++ b/validate_signatures.py @@ -27,18 +27,23 @@ ecdsa_signable = ecdsa_sign.get_signable_file('testkeys/ecdsa.txt') ed25519_signable = ed25519_sign.get_signable_file('testkeys/ed25519.txt') -try: - rsa_pub.verify(rsa_signable, rsa_sign.fields.signature.value) -except: - print("RSA validation failed") +# try: +# ecdsa_pub.verify(ecdsa_signable, ecdsa_sign.fields.signature.value) +# ecdsa_pub.to_file('testkeys/ecdsa.txt.sig2') +rsa_pub.verify(rsa_signable, rsa_sign.fields.signature.value) +rsa_sign.to_file(rsa_data, 'testkeys/rsa.txt.sig2') +# except: + # print("RSA validation failed") try: ecdsa_pub.verify(ecdsa_signable, ecdsa_sign.fields.signature.value) + ecdsa_sign.to_file('testkeys/ecdsa.txt.sig2') except: print("ECDSA validation failed") try: ed25519_pub.verify(ed25519_signable, ed25519_sign.fields.signature.value) + ed25519_sign.to_file('testkeys/ed25519.txt.sig2') except: print("Ed25519 validation failed")