2

Does anyone know how I would go about converting this java code to python?

/**
* signs the data for the account account
*/
private byte[] sign(String pkStr,byte[] data, String keyType) throws Exception {
    BASE64Decoder decoder = new BASE64Decoder();
    KeyFactory keyFac = null;
    //instantiate the key factory based on the key alg type
    if(keyType.equals("DSA")){
        keyFac = KeyFactory.getInstance("DSA");
    }else if(keyType.equals("RSA")){
        keyFac = KeyFactory.getInstance("RSA");
    }

    //generate the public key
    PKCS8EncodedKeySpec dprks = new PKCS8EncodedKeySpec(decoder.decodeBuffer(pkStr));
    PrivateKey pk = keyFac.generatePrivate(dprks);

    return(signBytes(data,pk,keyType));
}

    /**
* sign the data with the key
*/
private byte[] signBytes(byte [] data,
    PrivateKey signingPrivateKey, String keyType)throws Exception {

    Signature dsa = null;
    //instantiate the signature alg based on the key type
    if(keyType.equals("DSA")){
        dsa = Signature.getInstance("SHA1withDSA");
    }else if(keyType.equals("RSA")){
        dsa = Signature.getInstance("SHA1withRSA");
    }
    /* Initializing the object with a private key */
    dsa.initSign(signingPrivateKey);

    /* Update and sign the data */
    dsa.update(data);
    byte[] sig = dsa.sign();
    return sig;
}

The "keyType" seems to always get passed as "DSA", so I've looked at M2Crypto.DSA and that looks promising. The DSA.sign function however returns a tuple of 2 byte strings that I'm not at all sure what to do with.

Improve this question
2
  • is there some reason my answer was not ok? Commented Aug 17, 2011 at 20:05
  • Sorry I haven't accepted an answer on this one. This python project got temporarily put on hold. I have upvoted the answer though since it looked like it was taking me in the right direction. I'll come back and accept an answer when I get put back on the project. Commented Aug 29, 2011 at 3:46

2 Answers 2

Reset to default
3

A DSA signature is defined as a pair of integers (called r and s, respectively). The DSA standard does not mandate a specific encoding of such a signature into a sequence of bytes. So every protocol which uses DSA signatures has to define its own encoding.

There are two commonly used DSA signature encodings; one is the direct concatenation of the big-endian unsigned encodings of the r and s values, both being normalized to the length (in bytes) of the q parameter in the public key (the "subgroup size", usually a 160-bit prime integer, thus yielding a 40-byte signature). The documentation of M2Crypto.DSA is quite terse, but my guess is that it returns r and s separately but already in that format.

Java uses the other encoding, which is ASN.1 based. This is the encoding used throughout X.509 and anything based on it (including signatures in SSL/TLS). ASN.1 is a generic standard for representation and serialization of structured data. In this case, the signature should be the serialization of an ASN.1 SEQUENCE containing two INTEGER values (r and s, in that order). As per the ASN.1 and DER encoding rules, the signature shall then have this format:

0x30 A 0x02 B R 0x02 C S

where:

  • R is the big-endian signed encoding of r, of minimal length: this means that the first byte shall have a value between 0 and 127, and it shall have value 0 only if the second byte has a value between 128 and 255. In other words, encode r as a sequence of bytes with big-endian convention (most significant byte comes first), making sure that you have as few leading zero bits as possible, provided that you keep at least one (this is what the "signed" encoding means: since r is positive, its most significant bit must be 0). Since r is an integer between 0 and q-1, the length of R will be at most one more byte than the length of q, but it can be smaller.

  • S is the big-endian signed encoding of s (same treatment than for r; note: R and S may have distinct lengths).

  • B is a single byte containing the length of R (in bytes).

  • C is a single byte containing the length of S (in bytes).

  • A is a single byte containing B+C+2 (i.e. the length, in bytes, of what follows the byte A).

Writing specialized encoding and decoding functions for ASN.1-based DSA signatures is a bit tedious but not hard; just take care of producing R and S sequences of the right size. Alternatively, you could use an existing ASN.1 encoding/decoding library, which is overkill but might be easier, depending on your situation.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

According to http://download.oracle.com/javase/1.5.0/docs/guide/security/CryptoSpec.html#AppB (for some weird reason that has two Appendix Bs, and you need to scroll down to the second) Java uses the ASN.1 encoding SEQUENCE ::= { r INTEGER, s INTEGER }

You should be able to generate (and parse) this in Python using pyasn1 - http://pyasn1.sourceforge.net/

ASN.1 is a standard for encoding binary data. So the information above specifies how the Java code is combining the two values that the Python code returns. You can therefore do the same, and so maintain the same byte format for the signature.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.