What package to use for certificate manipulation (signing, hashing)

[Nenad Cikic]

Hello,
I have my pfx file.
I need to sign xml with this pfx using private key.
I need to extract pem,issuer name,sb,subjectname which all I did with pyopenssl.
I need to compute also md5 and sha-1.
If I got it right pyopenssl can not sign or compute hash.
Shall i use m2crypto or python-crypto or both?
With pyopenssl it was eassy to extract pem and certificate information from pfx.
Can it be done with m2crypto? I am looking at the docs but can not find how.

Thanks
Nenad

 

[Nenad Cikic]

I have managed to sign xml so I am reporting here in case some else needs this info.Also if someone more experienced see some possible improvment please leave a note.
So my input is a pfx file.
I am forced to use both pyopeenssl and m2crypto.
I am using PyOpenssl to extract certificate and private key.
pfx=open('/home/cikic/manc.pfx','rb').read()
PKCS=crypto.load_pkcs12(pfx,'mypfxpass')
cert=PKCS.get_certificate()
#PKey=cert.get_pubkey()
pk=PKCS.get_privatekey()
pkStr=crypto.dump_privatekey(crypto.FILETYPE_PEM,pk)

I am using PyOpenssl to extract pem, serial number and issuer from certificate but you could do it also with m2crypto.
I am constructin m2crypto RSA object with
rsa=RSA.load_key_string(pkStr)
I am using m2crypto MessageDigest('sha1') or MessageDigest('md5') as needed and I am singing the hash with
dig=MessageDigest('sha1')
dig.update(xmlstring)
dgst=dig.digest()
retVal=rsa.sign(dgst,'sha1')
Then I use
sval=base64.b64encode(retVal)
to get the signature value

Essentially I use pyopenssl just to get private key since I didn't find m2crypto function that reads pfx file.

Nenad