Python PyCryptodome Digital Signature Algorithm with DSS

Question

in Python Pycryptodome default example for DSA-DSS Hi guys.I asked this question but , it's not clever , I deleted on my profile and just asking from my friends account.

Problem is that .I tried to use public key encryption , signature , verifiying , so..

Till tomorrow all's going well but I encounter with DSA-DSS ECDSA. If you look at picture , I think there some issue that I target it.They makes "signer" with private key in DSS , but they don't uses it in signature. Instead it using key sign .Even at verifying level , (in picture didn't appear) they call public key from "PEM" file and trying to verify without call DSS new() again..

So if you compare my code and picture then you notice actually what I want to say...

from Crypto.PublicKey import DSA
from Crypto.Signature import DSS
from Crypto.Hash import SHA256
key = DSA.generate(2048)
publickey=key.publickey()
message = b"Hello"
hash_obj = SHA256.new(message)
signer = DSS.new(key, 'fips-186-3')
signature = signer.sign(hash_obj)

So here I trying to verify message..I did't create has object again,and I called public key from key that I showed it above.

pkey=DSS.new(publickey,'fips-186-3')
pkey.verify(hash_obj,signature)
False

So as you can see , I got "False" .I tried it on ECDSA - DSS returned samething again. so if you got what I want to do , please help , what I want to to?

Answer 1

The docs for the verify method say:

Raises: ValueError – if the signature is not authentic

and it always return False if it is successful.

So rather than checking the return value, you need to check if the method raises an exception.

In general you will want something like:

try:
    pkey.verify(hash_obj,signature)
    valid = True
except ValueError:
    valid = False

In your code the fact that it doesn’t raise an exception shows that the verification has succeeded and the signature is in fact valid.