我正在使用 RSA 签署 SHA512 哈希并将其保存到文件中。python 和 javascript 上的哈希值相同，但无法验证签名。蟒蛇代码：from Cryptodome.Hash import SHA512from Cryptodome.PublicKey import RSAfrom Cryptodome.Signature import pkcs1_15hash = SHA512.new(someByteArray)#This is equal to digest generated in JavaScripthashDigest = hashPDF.hexdigest()pk = RSA.importKey(privateKey)signature=pkcs1_15.new(pk).sign(hashPDF)#Write signature to filewith open("storage/{0}.sig".format(hashDigest), 'wb+') as f:        f.write(signature)#Then JavaScript request occurs return content of saved signature in base64from base64 import b64encodefrom flask import jsonifywith open("storage/{0}.sig".format(pdfHashDigest), "rb") as f:        sign = b64encode(f.read())return jsonify({"sign":sign.decode("utf-8")})JavaScript：var hash=await crypto.subtle.digest('SHA-512', Uint8Array.from(atob(someBase64content), c => c.charCodeAt(0)))//This is equal to python hashDigestvar hashDigest = hashArray.map(b => b.toString(16).padStart(2, '0')).join('');var cryptoKey=await crypto.subtle.importKey('spki', this.pemToArrayBuffer(publicKey), {name: 'RSASSA-PKCS1-v1_5', hash: 'SHA-512'}, false, ["verify"])//Always falsevar result=await crypto.subtle.verify("RSASSA-PKCS1-v1_5", cryptoKey, Uint8Array.from(atob(signature), c => c.charCodeAt(0)), hash)我尝试了不同的方法将 base64 签名转换为 ArrayBuffer 以在 Web Crypto API 中使用：rfc4648.js、new TextEncoder()、自定义转换为 Uint8Array，但结果始终为 false。我也尝试使用伪造（https://github.com/digitalbazaar/forge）验证签名，但结果也是错误的。我哪里出错了？我试图比较哈希的字节值，它进入签名函数的输入，但实际上它是 python 上的 Crypto.Hash 对象。