我正在尝试使用 JWT 创建身份验证机制,我正在使用 Nitrokey HSM 来加密令牌并对其进行签名,因此我可以对其进行编码存储,并且我始终可以通过签名验证其真实性和完整性。我正在遵循本指南:https://auth0.com/blog/how-to-handle-jwt-in-python.
我的代码:
import pkcs11
from pkcs11 import KeyType, ObjectClass
from pkcs11.util.rsa import encode_rsa_public_key
payload_data = {
"sub": "4242",
"name": "John Snow",
"nickname": "Jo"
}
lib = pkcs11.lib('/usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so')
token = lib.get_token()
# Open a session on our token
with token.open(user_pin='...', rw=True) as session:
# Generate an RSA keypair in this session
pub, priv = session.generate_keypair(pkcs11.KeyType.RSA, 2048, store=True)
key = session.get_key(key_type=KeyType.RSA, object_class=ObjectClass.PRIVATE_KEY)
key = encode_rsa_public_key(key)
# Given a private key
signature = key.sign(payload_data)
key = session.get_key(key_type=KeyType.RSA, object_class=ObjectClass.PUBLIC_KEY)
key = encode_rsa_public_key(key)
# Given a public key
assert key.verify(payload_data, signature)
错误:
Traceback (most recent call last):
File "/home/user/PycharmProjects/pythonProject/test1.py", line 23, in <module>
signature = key.sign(payload_data)
AttributeError: 'bytes' object has no attribute 'sign'
如果你检查你的
payload_datapayload_data = {
"sub": "4242",
"name": "John Snow",
"nickname": "Jo"
}
它不具有导致签名失败的
sign这里有一个例子:https://connect2id.com/products/nimbus-jose-jwt/examples/pkcs11