Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
from ecdsa import SigningKey
from ecdsa import VerifyingKey
import ecdsa
from ecdsa.numbertheory import inverse_mod
import hashlib
import binascii
import base64
curve_order = ecdsa.curves.NIST192p.order
# PRIME192v1, secp224r1, prime256v1, SECP384r1, and secp521r1 , SECP256k1
def string_to_number(tstr):
return int(binascii.hexlify(tstr), 16)
def sha1(content):
sha1_hash = hashlib.sha1()
sha1_hash.update(content)
return sha1_hash.digest()
def recover_key(c1, sig1, c2, sig2):
n = curve_order
# cut up the strings before we convert to number!
s1 = string_to_number(sig1[-24:])
s2 = string_to_number(sig2[-24:])
r = string_to_number(sig1[-48:-24])
z1 = string_to_number(sha1(c1))
z2 = string_to_number(sha1(c2))
# solve
sdelta_inv = inverse_mod(((s1-s2)%n),n)
k = ( ((z1-z2)%n) * sdelta_inv) % n
inverse_r = inverse_mod(r,n)
da = (((((s1*k) %n) -z1) %n) * inverse_r) % n
print "n: " + str(n)
print "da: " + str(da)
recovered_private_key = SigningKey.from_secret_exponent(da, ecdsa.curves.NIST192p)
return recovered_private_key.to_pem()
if __name__ == "__main__":
challenge1 = '''
{"session_id": "6621a96c7db568374f2885d6d135f395010e75a94ec2233a433ff8e2", "user": "peter"}
'''
sig1 = '''
znnlVaDhCokfqzU5figrY2cZ1nk87rH/zcCHDV2rLJ6nhdjE9vzblfpkzrhqzVjY
'''.strip()
challenge2 = '''
{"session_id": "9027072a68c41cf9fcaa92672091f7184b13b577924408ed25d971a5", "user": "peter"}
'''
sig2 = '''
znnlVaDhCokfqzU5figrY2cZ1nk87rH/h9DI/NbP5Mk+XGpYdJHWvJCXToXsMhP6
'''.strip()
key = recover_key(challenge1,base64.b64decode(sig1),challenge2,base64.b64decode(sig2))
print key
#create the signature
sk = SigningKey.from_pem(key)
challenge = '''
{"session_id": "6621a96c7db568374f2885d6d135f395010e75a94ec2233a433ff8e2", "user": "admin"}
'''
vk = sk.get_verifying_key()
signature = sk.sign(challenge)
try:
# because who trusts python
vk.verify(signature, challenge)
print "good signature"
except BadSignatureError:
print "BAD SIGNATURE"
encoded_signature = base64.b64encode(signature)
print(encoded_signature)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.