1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
| import json
import csv
import os
from Crypto.PublicKey import DSA
from Crypto.Signature import DSS
from Crypto.Hash import SHA256
import base64
# 读取公钥文件并存储到字典中
public_keys = {}
public_folder = 'F:/ss/西湖/tempdir/DS附件/DSASignatureData附件/public'
for filename in os.listdir(public_folder):
if filename.endswith('.pem'):
userid = filename[7:11] # 提取 userid
with open(os.path.join(public_folder, filename), 'rb') as key_file:
public_key = DSA.import_key(key_file.read()) # 导入 DSA 公钥
public_keys[userid] = public_key
# 读取签名数据文件
sign_data_file = 'F:/ss/西湖/tempdir/DS附件/DSASignatureData附件/data-sign.csv'
with open(sign_data_file, newline='', encoding='utf-8') as csvfile:
reader = csv.DictReader(csvfile)
altered_data = [] # 用于存储被篡改的数据
for row in reader:
userid = row['username']
name_signature = base64.b64decode(row['name_signature'])
idcard_signature = base64.b64decode(row['idcard_signature'])
phone_signature = base64.b64decode(row['phone_signature'])
# 读取原始数据
original_data_file = 'original_data.csv'
with open(original_data_file, newline='', encoding='utf-8-sig') as original_csvfile:
original_reader = csv.DictReader(original_csvfile)
for original_row in original_reader:
if original_row['user'] == userid:
data_str = original_row['data']
data_dict = json.loads(data_str.replace('""', '"').replace('\\"', '"')) # 处理转义字符
break
# 解码 name 字段中的 Unicode 转义字符
name = data_dict['name'].encode('utf-8').decode('unicode_escape')
# 查找对应公钥
public_key = public_keys.get(userid.zfill(4)) # userid 左侧补零至四位数
if public_key is not None:
# 使用 DSS 算法验证签名
signer = DSS.new(public_key, 'fips-186-3')
# 验证 name
name_hash = SHA256.new(name.encode()) # 对解码后的名字进行哈希计算
try:
signer.verify(name_hash, name_signature)
print(f"用户 {userid} 的 name 验证通过")
except ValueError:
print(f"用户 {userid} 的 name 验证失败,可能被篡改")
altered_data.append({
'userid': userid,
'name': name,
'idcard': data_dict['idcard'],
'phone': data_dict['phone'],
'error_field': 'name'
})
# 验证 idcard
idcard_hash = SHA256.new(data_dict['idcard'].encode())
try:
signer.verify(idcard_hash, idcard_signature)
print(f"用户 {userid} 的 idcard 验证通过")
except ValueError:
print(f"用户 {userid} 的 idcard 验证失败,可能被篡改")
altered_data.append({
'userid': userid,
'name': name,
'idcard': data_dict['idcard'],
'phone': data_dict['phone'],
'error_field': 'idcard'
})
# 验证 phone
phone_hash = SHA256.new(data_dict['phone'].encode())
try:
signer.verify(phone_hash, phone_signature)
print(f"用户 {userid} 的 phone 验证通过")
except ValueError:
print(f"用户 {userid} 的 phone 验证失败,可能被篡改")
altered_data.append({
'userid': userid,
'name': name,
'idcard': data_dict['idcard'],
'phone': data_dict['phone'],
'error_field': 'phone'
})
else:
print(f"未找到 {userid} 对应的公钥")
# 将被篡改的数据写入新 csv 文件
if altered_data:
altered_file = 'F:/ss/西湖/tempdir/DS附件/DSASignatureData附件/altered_data.csv'
with open(altered_file, 'w', newline='', encoding='utf-8') as csvfile:
fieldnames = ['userid', 'name', 'idcard', 'phone'] # 输出格式
writer = csv.DictWriter(csvfile, fieldnames=fieldnames)
writer.writeheader()
for row in altered_data:
# 将被篡改的数据写入 CSV
writer.writerow({
'userid': row['userid'],
'name': row['name'],
'idcard': row['idcard'],
'phone': row['phone']
})
print(f"被篡改的数据已保存到 {altered_file}")
else:
print("未发现被篡改的数据")
|
