What package to use for certificate manipulation (signing, hashing)

Discussion in 'Python' started by Nenad Cikic, Dec 13, 2012.

  1. Nenad Cikic

    Nenad Cikic Guest

    Hello,
    I have my pfx file.
    I need to sign xml with this pfx using private key.
    I need to extract pem,issuer name,sb,subjectname which all I did with pyopenssl.
    I need to compute also md5 and sha-1.
    If I got it right pyopenssl can not sign or compute hash.
    Shall i use m2crypto or python-crypto or both?
    With pyopenssl it was eassy to extract pem and certificate information from pfx.
    Can it be done with m2crypto? I am looking at the docs but can not find how.

    Thanks
    Nenad
    Nenad Cikic, Dec 13, 2012
    #1
    1. Advertising

  2. Nenad Cikic

    Nenad Cikic Guest

    I have managed to sign xml so I am reporting here in case some else needs this info.Also if someone more experienced see some possible improvment please leave a note.
    So my input is a pfx file.
    I am forced to use both pyopeenssl and m2crypto.
    I am using PyOpenssl to extract certificate and private key.
    pfx=open('/home/cikic/manc.pfx','rb').read()
    PKCS=crypto.load_pkcs12(pfx,'mypfxpass')
    cert=PKCS.get_certificate()
    #PKey=cert.get_pubkey()
    pk=PKCS.get_privatekey()
    pkStr=crypto.dump_privatekey(crypto.FILETYPE_PEM,pk)

    I am using PyOpenssl to extract pem, serial number and issuer from certificate but you could do it also with m2crypto.
    I am constructin m2crypto RSA object with
    rsa=RSA.load_key_string(pkStr)
    I am using m2crypto MessageDigest('sha1') or MessageDigest('md5') as needed and I am singing the hash with
    dig=MessageDigest('sha1')
    dig.update(xmlstring)
    dgst=dig.digest()
    retVal=rsa.sign(dgst,'sha1')
    Then I use
    sval=base64.b64encode(retVal)
    to get the signature value

    Essentially I use pyopenssl just to get private key since I didn't find m2crypto function that reads pfx file.

    Nenad
    Nenad Cikic, Dec 15, 2012
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Nicolas S
    Replies:
    0
    Views:
    515
    Nicolas S
    Oct 4, 2006
  2. one
    Replies:
    1
    Views:
    170
  3. Gary Gonzalez
    Replies:
    1
    Views:
    275
    Guest
    Dec 13, 2006
  4. Ele
    Replies:
    0
    Views:
    270
  5. Mohammad Khan

    signing a gem package

    Mohammad Khan, Dec 21, 2005, in forum: Ruby
    Replies:
    1
    Views:
    100
    Paul Duncan
    Dec 21, 2005
Loading...

Share This Page