Signing Data In Blockchain Using Python
Signing is one of the predominate mechanism to verify the user where the transaction is digitally signed to authorize. After this, the actual submission to the network occurs via the connected server. Finally, the verification is performed to ensure that the transaction is validated successfully.
Let's examine the fundamentals of public and private keys to better understand why they are crucial to blockchain technology.
Private Key: its a randomly generated number that is kept secret and held privately by the user. Depending on the kind and class of algorithms, private keys can have a variety of lengths. For example, in RSA, typically, a key of 1024-bit or 2048-bits is used. 1024-bit key size is no longer considered secure and at least 2048 bit is recommended to be used in practice.
Public Key: A public key is the public part of the private public key pair. A public key is available publicly and published by the private key owner.
On the other hand, you could say that the recipient's private key decrypts the data while the recipient's public key encrypts the same data and also you let the public key be given out in public. you tell everyone ,hey ,this is my Pk.
Digital Signature:
what we want from digital signature
- Only you can sign but any one can verify
- Signature is tied to a particular document
- Can’t be cut and paste to another document
(sk ; pk ) := generateKeys(keySize)
sk : Secret signing key
pk : Public verification key
sig := sign(sk ; message)
isValid : = verify(pk ; message; sig)
Valid Signatures Verify
verify(pk ; message; sign(sk ; message)) == true
D:\KnowledgeHunt\blockchain\ch1> openssl genrsa -out dorakey.pem 1024
D:\KnowledgeHunt\blockchain\ch1> openssl rsa -in dorakey.pem -pubout > dorakey.pub
python -m venv blockchain
type > blockchain\Scripts\activate
(blockchain) D:\KnowledgeHunt\blockchain\ch1>pip install --upgrade pip
Requirement already satisfied: pip in d:\knowledgehunt\blockchain\ch1\blockchain\lib\site-packages (22.3.1)
(blockchain) D:\KnowledgeHunt\blockchain\ch1>pip install cryptography
Collecting cryptography
Downloading cryptography-38.0.4-cp36-abi3-win_amd64.whl (2.4 MB)
---------------------------------------- 2.4/2.4 MB 303.4 kB/s eta 0:00:00
Collecting cffi>=1.12
Downloading cffi-1.15.1-cp311-cp311-win_amd64.whl (179 kB)
---------------------------------------- 179.0/179.0 kB 1.2 MB/s eta 0:00:00
Collecting pycparser
Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB)
---------------------------------------- 118.7/118.7 kB 384.6 kB/s eta 0:00:00
Installing collected packages: pycparser, cffi, cryptography
Successfully installed cffi-1.15.1 cryptography-38.0.4 pycparser-2.21
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import padding
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives import serialization
# BASIC Configuration
GENERATE_PRIVATE_KEY = False
PUBLIC_KEY_FROM_PRIVATE_KEY = False
PRIVATE_KEY = "dorakey.pem"
PUBLIC_KEY = "dorakey.pub"
MESSAGE = b"dora is the favourite character"
if GENERATE_PRIVATE_KEY:
# Generate private key
private_key = rsa.generate_private_key(
public_exponent=65537,
key_size=2048,
backend=default_backend()
)
else:
# Load private key from pem file
with open(PRIVATE_KEY, "rb") as key_file:
private_key = serialization.load_pem_private_key(
key_file.read(),
password=None,
backend=default_backend()
)
signature = private_key.sign(
MESSAGE,
padding.PSS(
mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH
),
hashes.SHA256()
)
if PUBLIC_KEY_FROM_PRIVATE_KEY:
# Getting public key from private key
public_key = private_key.public_key()
else:
# Load public key from file
with open(PUBLIC_KEY, "rb") as key_file:
public_key = serialization.load_pem_public_key(
key_file.read(),
backend=default_backend()
)
public_key.verify(
signature,
MESSAGE,
padding.PSS(
mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH
),
hashes.SHA256()
)
# Print signature hashes.SHA256 Algo
#print(signature)
Now,It's time to confirm whether or not Dora actually wrote the message ,so below snippet will help to validate the our process.
messageValidate.py
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import padding
# opens the file in binary format for reading and module contains functions for loading keys
with open("dorakey.pub", "rb") as key_file:
real_public_key = serialization.load_pem_public_key(
key_file.read(),
backend=default_backend())
# Message coming from user
message = b"dora is the favourite character" # you can change message and check response as well
# Signature coming from user
signature = b'B\x00W\xf2\xfda}\xd0HBb\xa8\x13TB\x87\xd8\xdf9\xd0\x91o\x93v\xa9\x968MG+\x9d\x8fz\xb5\xbf\xcc\xce4d\xa0z+\xde\x9e;xdx\xbf\x15O\xc3\x91\xc8\xfa\xaa\xe9\x8e)\xfe)<\x1d\xffK@N\xe6f\xaf\x17\x1c\x0c\xc5\xe8D\xee\xc3\xbf\xcb^\xa7k\x7f\xc9\xdcU\xce`a\x0fw\x0f\x19\x94{\xb3\x992N\x19\x0c\x87\xce\x0b\x19u\x07\xa4\xf7g@\xb0O4\xb29\xa1\xe6H\xa8]\xdd\xc8\xb8\xbb7S'
user = message.split()[0].lower()
# fetch public key from Dorakey
public_key = real_public_key
# … verify the message like before
public_key.verify(
signature,
message,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
#If this script returns no errors, your algorithm successfully verified the user based on the message and signature.
I have changed the message b"Tara is the favourite character" but not signature and run the above script
(blockchain) PS D:\KnowledgeHunt\blockchain\ch1> python .\messageValidate.py
Traceback (most recent call last):
File "D:\KnowledgeHunt\blockchain\ch1\messageValidate.py", line 24, in <module>
public_key.verify(
File "D:\KnowledgeHunt\blockchain\ch1\blockchain\Lib\site-packages\cryptography\hazmat\backends\openssl\rsa.py", line 569, in verify
_rsa_sig_verify(
File "D:\KnowledgeHunt\blockchain\ch1\blockchain\Lib\site-packages\cryptography\hazmat\backends\openssl\rsa.py", line 325, in _rsa_sig_verify
raise InvalidSignature
cryptography.exceptions.InvalidSignature
This implies that each message has a unique signature that cannot be determined by the recipient.
Please add your suggestions if any :)
Comments
Post a Comment