Introduction We will learn on how we sign our messages / logs with openssl in python as well as verify them. Lets walkthrough the code and learn how we can build signing and verifying mechanism from scratch using python You can also checkout other hacking scripts in this page hacking scripts ##
Required Libraries
openssl : which will be the base requirement and contains the methods Generate keys ,sign ,verify
hashlib : This library will be used to generate the hash
sys : This is not mandatory since we are only using this to take command line arguements
##
Generate and dump the public/private key
Let's first create an object using 'PKey()' ,and generate the dsa keys.
Then lets store the keys in diff files using dump method
##
Once the keys are generated ,we can now proceed towards signing the message
We have to first encode and then hash the message after which we will load the
the private key which we stored in the above snippet,and after that we will
call the 'sign()' method and pass the hash of message along with the private key
and the hashing name.
Return the signature
##
Once the signing is done lets verify the message and
for that we need to regenerate encode message and then hash of the message
To verify the signature on the method we need
hash ,then X509 object and the signature which was generated
after signing the message using sign() ,
##
Method calls :
take the message from command-line arguement and then pass it to the 'sign_msg' Method
This will return the signature on the message .
Now we will pass the signature & message to the 'verify_msg' Method
If we don't see any exception that means that the verification is passed
OUTPUT : python sign.py 'message-text'
** Note :
> Most the time you may encounter an error/exception in the 'verify()' method as follows .
raise exception_type(errors) OpenSSL.crypto.Error: [] or You may have some additional text in the [] brackets depends on exception
This can be becuase of multiple reason ,suggestion will be recheck :
1. parameters order are passed correctly or not?
2. The signature you are passing to the 'verify()' method are valid i.e This can be verified by comparing the signature you have passed to the 'verify()' and the signature generated by the 'sign()' Method ,These must be equal.
3. Veirfication can also be Failed in case the message passed to verification method is different from the message passed to the signing method
Clone the code from Git Repository : sign_verify_openssl
Checkout some more hacking scripts
| SECURING SYSTEM | BLUETOOTH ATTACKS | STEALING AND SNIFFING ATTACKS | KALI LINUX HACKING COMMANDS CHEATSHEET | TROJAN AND BACKDOORS | DICTIONARY AND BURTEFORCING ATTACKS | MAN IN THE MIDDLE ATTACKS |
|---|---|---|---|---|---|---|
| 1. Sign & Verify message | 1. Bluetooth discovery | 1. Stealing saved wifi password from windows | 1. Hacking commands with Kali Linux | 1. Command and Control Trojan | 1. Dictionary Attack | 1. Man in Browser Attack |
| 2. SandBox Detection | 2. Bluetooth SDP browsing | 2. Sniffing packets | 2. Reverse shell in python | |||
| 3. TCP Proxy | 3. Bluetooth OBEX | 3. Email Credential sniffers | 3. Keylogger | |||
| 4. Bluetooth RCOMM channel scanner | 4. Screenshot with Python | |||||
| 5. Blue Bug Exploit | 5. Backdoor with Python | |||||
| 6. Blue Snarf Exploit | ||||||
| 7. Bluetooth spoofing | ||||||
| 8. Bluetooth sniffing |