The code demonstrates the generation, signing, and verification of a digital signature using the RSA algorithm with the cryptography library.

In [4]:
!pip install cryptography



In [5]:
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import rsa, padding
from cryptography.hazmat.primitives.serialization import load_pem_private_key, load_pem_public_key
from cryptography.exceptions import InvalidSignature
import base64

# Generate a key pair
def generate_key_pair():
    private_key = rsa.generate_private_key(
        public_exponent=65537,
        key_size=2048
    )
    public_key = private_key.public_key()
    return private_key, public_key

# Sign a message with the private key
def sign(message, private_key):
    signature = private_key.sign(
        message,
        padding.PSS(
            mgf=padding.MGF1(hashes.SHA256()),
            salt_length=padding.PSS.MAX_LENGTH
        ),
        hashes.SHA256()
    )
    return base64.b64encode(signature)

# Verify a signature with the public key
def verify(message, signature, public_key):
    try:
        signature_bytes = base64.b64decode(signature)
        public_key.verify(
            signature_bytes,
            message,
            padding.PSS(
                mgf=padding.MGF1(hashes.SHA256()),
                salt_length=padding.PSS.MAX_LENGTH
            ),
            hashes.SHA256()
        )
        return True
    except InvalidSignature:
        return False

# Example usage
private_key, public_key = generate_key_pair()
message = b'This is a message to be signed'
signature = sign(message, private_key)

print(f'Message: {message}')
print(f'Signature: {signature}')

is_valid = verify(message, signature, public_key)
print(f'Is the signature valid? {is_valid}')

Message: b'This is a message to be signed'
Signature: b'jyeiRH/SX3yd+QpVkk3D+ysyQJuv8NgKlAhe89Bz9rGh8wRHwfudbxqOV2j0m1531xSFjshQ7/eGLOoDZU8jPVyiKU32pIU7bytbIoVzuKOpEuNXrUjuLzMQZlYBvmecjH2MiSrXn631KIgYC8nxF3foe67UY151bbR+KK+Knj6ttejE9+1dwzNKXiB/oSAdiJBdOi9LVC0ubcfNW7OnMZso+nH0VCaP+hMauosHxIQCLwIdt+Gmvntq4thuoxKSq5K2WYkaFoy0vwmt40SNVZk19ILStHU/3ddBIMqLi3e8wHolCtPoLc9hlHt2e6BrR/wZlgXg2fSaXtus0NaKoQ=='
Is the signature valid? True
