With public-key encryption, we create a key pair: a public key and a private key. If Alice is sending data to Bob, she can add her digital signature, and which will prove that she is the sender and also verify that the data has not been changed. She does this by signing the data with her private key, and then Bob can prove the signature with Alice's public key. In this example, we will use RSA keys to sign a message, and then verify the correct signature, but verify that an incorrect signature will fail.
RSA Signatures with PowerShell |
Method
At the core of digital trust is the usage of digital signatures. With this, we can verify the creator of the data, and also that it has not been modified. We do this using public-key encryption, and in this article, we will look at how we can use the hazmat (Hazardous Material) primitives in the Python cryptography library.
With public-key encryption, we create a key pair: a public key and a private key. If Alice is sending data to Bob, she can add her digital signature, and which will prove that she is the sender and also verify that the data has not been changed. She does this by signing the data with her private key, and then Bob can prove the signature with Alice's public key. In this example, we will use RSA keys to sign a message, and then verify the correct signature, but verify that an incorrect signature will fail.
The coding is:
$word=$Args[0] $hash=$Args[1] $size=[int]$Args[2] $hashValue=[System.Security.Cryptography.HashAlgorithm]::Create($hash).ComputeHash([System.Text.Encoding]::UTF8.GetBytes($word)) $rsa1=[System.Security.Cryptography.RSA]::Create($size) $rsaFormatter=[System.Security.Cryptography.RSAPKCS1SignatureFormatter]::new($rsa1) $rsaFormatter.SetHashAlgorithm($hash); $signedHashValue = $rsaFormatter.CreateSignature($hashValue); "Message: "+$word "Method: "+$hash "Key size: "+$size "`nHash (Hex): "+[System.Convert]::ToHexString($hashValue) "`nSignature (Hex): "+[System.Convert]::ToHexString($signedHashValue) "`nSignature(Base64): "+[System.Convert]::ToBase64String($signedHashValue) $rsaFormatter=[System.Security.Cryptography.RSAPKCS1SignatureDeformatter]::new($rsa1) $rsaFormatter.SetHashAlgorithm($hash); $rtn= $rsaFormatter.VerifySignature($hashValue,$signedHashValue); if ($rtn=$true) { "`nSignature is valid" } else { "`nSignature is not valid" } $a=$rsa1.ExportParameters($true) # Set $false for only public parameters "== RSA Parameters ==" "`nE: "+[System.Convert]::ToHexString($a.Exponent) "Modulus: "+[System.Convert]::ToHexString($a.Modulus) "D: "+[System.Convert]::ToHexString($a.D) "P: "+[System.Convert]::ToHexString($a.P) "Q: "+[System.Convert]::ToHexString($a.Q)
A sample run is:
Message: hello Method: MD5 Hash (Hex): 5D41402ABC4B2A76B9719D911017C592 Signature (Hex): A190A6B1519A491A5B77A40523116C2D84BAF58B36563A9507F6DC81E24154AE6239FE365A69ED7749237A5281AFD73C16C1812C36EB672C12613E35261564EB754693EFFBED5FC98400F200B9FB53A752663ECB4AE3141431A932F600C2935C09C1B4E36476BEDA7CBB8129C8FE8A31A2A2D8DD8E26932BDA0F4F9BE1CDF8310DBFBA5165ECA6220B9FD6E6A5DF33AA34C2203772FB51E233932AB1B5DA1E7D92FABB994D1B1ACD60DF69EFC614CDEA717103BAB706437390CAD4C7F561B3DEAC78B06EF75F6D595D0626F999ECEAE2C69E7753C3E83A0E05BB539EFD0D74A97AC80D596FDCCA56803755A107AC0DBB6964D448D6C2365EF51CC9DAC86072AA Signature(Base64): oZCmsVGaSRpbd6QFIxFsLYS69Ys2VjqVB/bcgeJBVK5iOf42Wmntd0kjelKBr9c8FsGBLDbrZywSYT41JhVk63VGk+/77V/JhADyALn7U6dSZj7LSuMUFDGpMvYAwpNcCcG042R2vtp8u4EpyP6KMaKi2N2OJpMr2g9Pm+HN+DENv7pRZeymIguf1ual3zOqNMIgN3L7UeIzkyqxtdoefZL6u5lNGxrNYN9p78YUzepxcQO6twZDc5DK1Mf1YbPerHiwbvdfbVldBib5mezq4saed1PD6DoOBbtTnv0NdKl6yA1Zb9zKVoA3VaEHrA27aWTUSNbCNl71HMnayGByqg== Signature is valid == RSA Parameters == E 010001 Modulus CECE8C8D3191DFBE713AF812C4A26B3D76CFA0E1DAA28B57AA57EEEBE84E7381E0EC648E55DFEAA6FFD47BCEF5759107A8E98693E64CBE85DF0AFCBD0ABF274F7A8B66932FB1EB834C72CEC6B499C3BAF64D39235A309F3DB9FEC135AEE278AB445FDA2EE0CD71E9D2638C99FD35E879C80DF23AF06E10889C4463E362C2AAB8DE5FEFA62B54EEAE5081E01D34BAA327F0D51DB82B141489CB5F9DF4E3FD4A2C0831216EDCD6CAC497FAFDD49087DD32CFB52C5BB7BE6FB0ADEB0EE45D6C155581246A359F9E1AE5C76278C82A75A5344BF463841FAF44AA5B9DED4ABEB0E9A14523DFAE090BCD9275C9FDFA0DE14EB4FD23A7D783500A49630EEC6873CF2985 D A1DD7A96FC885F6670BBA5F512A0C96D07344588E1163E17F484F4C502437D16D7D44E74357497F5F3E0FCB2A4DE4B1082BD9D0EDFBF8B93BE5A9C2CDE5F754638F528E8E4F8CE0C2B66E4BF141611E3A0EA1A61B832BC4094F677852C07A848ECB0555641AFAB8C46969232E8C42BDC3D9FE4CB0AEA2AD8B1EEB97BFD0DBE8EA12DFE307C59BDC2E1D5217056E6DDB0395CFBBED1D410AE37BE2956D68C5E9A1B4E74AE3B5C02B80B2DEA97F1C8ADCD243D7EDB69C685547B41863CFE80BCB5F4D556E7EB8F852EF828E2B6E8270166FC1778E4B5753CF6909294C6E751F1B3F3AFE9925E616840B5F4EE3A937A921D2AC2DA728D62D91C0E69BFD3527704F5 P DB5DCE2B7BE146B4D28A23BA5145C07F13ED310BAF2DEE5FC3DB1B5342786C22A0C2C7AA9BD1AC4D312AD14888D7E55DAFC87C2A337364B29C691E92FE1049491CE93A9A72793AF4CBF55B0C5A2CD8901D27035D3DC8E33034086AF2ECC1532AE6451893A62868601CFD50FD0F9A6CE445740234650D94A1FFEED547607D53DB Q F157CE1254CF0F9D39ACA38CCDD4A79D1D4CE95DAAD7ADAA956EB2022AD92156E7DADE8E89D7FA355ACBB186A4A49DC16BCA657A3E60D1279E4D225E0E2546F3AF453E5CCB754599AADC87B16DB52CEEC6E5D347018D2C975E245E09B97790B93AC5DB9195D98E2E16B6C3F546286405203B66D3A24EBE8B49676FD07566A61F