我試圖將遵循Java轉換爲其Python等效項。將Java轉換爲Python - 使用PEM證書文件簽名字符串
// certificate is contents of https://fps.sandbox.amazonaws.com/certs/090909/PKICert.pem
// signature is a string that I need to verify.
CertificateFactory factory = CertificateFactory.getInstance("X.509");
X509Certificate x509Certificate =
(X509Certificate) factory.generateCertificate(new ByteArrayInputStream(certificate.getBytes()));
Signature signatureInstance = Signature.getInstance(signatureAlgorithm);
signatureInstance.initVerify(x509Certificate.getPublicKey());
signatureInstance.update(stringToSign.getBytes(UTF_8_Encoding));
return signatureInstance.verify(Base64.decodeBase64(signature.getBytes()));
這是用於AWS FPS使用的PKI簽名驗證。 http://docs.amazonwebservices.com/AmazonFPS/latest/FPSAccountManagementGuide/VerifyingSignature.html
感謝您的幫助!
我已經爲此添加了賞金。我會接受任何完整的實施。我更喜歡使用最小依賴性的實現,儘管我認識到要解碼x509證書並執行RSA簽名需要PyCrypto或類似軟件。另外,實現應該可移植到Windows,並且應該在進程中運行(不需要子進程調用)。 – 2010-09-17 15:57:37
如果您提供了一個要驗證的示例簽名,這將非常有幫助。從代碼看起來它是Base64編碼的。 – Von 2010-09-23 02:09:26