PHP's openssl_sign() using M2Crypto?

KW · May 20, 2006

I'm trying to convert some PHP code using OpenSSL to Python and I'm stuck
on openssl_sign() which uses an RSA private key to compute a signature.

Example PHP code:
$privkeyid = openssl_get_privatekey($priv_key, $key_pass);
openssl_sign($data, $signature, $privkeyid);
openssl_free_key($privkeyid);

I've tried several permutations of the stuff in M2Crypto.EVP but I can't get
it to work...

The openssl module in PHP basicly does this (C code):
EVP_SignInit(&md_ctx, EVP_sha1());
EVP_SignUpdate(&md_ctx, data, data_len);
EVP_SignFinal(&md_ctx, sigbuf, &siglen, pkey);

Looks like some magic is used to get pkey, I think that's what I'm missing.
See php_openssl_evp_from_zval() in PHP's ext/openssl/openssl.c.

I've tried the following:
key = M2Crypto.EVP.load_key(keyfile, lambda x: passphr)
hmac = M2Crypto.EVP.HMAC(key, 'sha1')
hmac.update(message)
hmac.final()

But this results in:
File "/usr/lib/python2.4/site-packages/M2Crypto/EVP.py", line 39, in __init__
m2.hmac_init(self.ctx, key, self.md)
TypeError: expected a readable buffer object
Segmentation fault

Unfortunately M2Crypto documentation is practically nonexistent..

Best regards,

KW · May 21, 2006

I'm trying to convert some PHP code using OpenSSL to Python and I'm stuck
on openssl_sign() which uses an RSA private key to compute a signature.

I think basicly my question is: how do I extract the key from a private
key in M2Crypto?

Best regards,

heikki · May 22, 2006

KW said:
The openssl module in PHP basicly does this (C code):
EVP_SignInit(&md_ctx, EVP_sha1());
EVP_SignUpdate(&md_ctx, data, data_len);
EVP_SignFinal(&md_ctx, sigbuf, &siglen, pkey);

Looks like some magic is used to get pkey, I think that's what I'm missing.
See php_openssl_evp_from_zval() in PHP's ext/openssl/openssl.c.

I've tried the following:
key = M2Crypto.EVP.load_key(keyfile, lambda x: passphr)
hmac = M2Crypto.EVP.HMAC(key, 'sha1')
hmac.update(message)
hmac.final()

Does this work?:

key = M2Crypto.EVP.load_key(keyfile, lambda x: passphr)
key.sign_init()
key.sign_update(message)
signature = key.final()

Unfortunately M2Crypto documentation is practically nonexistent..

A lot of the OpenSSL documentation works fine, the names are usually
straight mapping.

KW · May 22, 2006

Does this work?:

key = M2Crypto.EVP.load_key(keyfile, lambda x: passphr)
key.sign_init()
key.sign_update(message)
signature = key.final()

No, I get this:
AttributeError: PKey instance has no attribute 'sign_init'

Best regards,

heikki · May 23, 2006

That is really strange, because PKey has had sign_init method since
2004. That code works for me (just tested). What version of M2Crypto
are you using? I'd advice you upgrade to 0.15 if possible. See

http://wiki.osafoundation.org/bin/view/Projects/MeTooCrypto

KW · May 24, 2006

That is really strange, because PKey has had sign_init method since
2004. That code works for me (just tested). What version of M2Crypto
are you using? I'd advice you upgrade to 0.15 if possible. See

http://wiki.osafoundation.org/bin/view/Projects/MeTooCrypto

Great! I was using 0.13.1 from both Debian en Ubuntu and I thought no
further development was done on it..

It would be nice to get this version into Debian.

Best regards,

Loading a PKCS#1 public key using M2Crypto	5	Jan 16, 2013
M2Crypto: How to generate subjectKeyIdentifier /authorityKeyIdentifier	4	Aug 4, 2009
M2Crypto: AttributeError: 'CSR' object has no attribute 'pkey'	1	Aug 1, 2009
openssl. question about ec	0	Jul 28, 2010
More M2Crypto issues. Not big ones, though.	2	Jan 12, 2007
OpenSSL with Ruby	4	Apr 16, 2008
rsa sign and verify with openssl on windows	7	Sep 1, 2010
help please - openssl and ruby	2	Dec 22, 2006

PHP's openssl_sign() using M2Crypto?

KW

KW

heikki

KW

heikki

KW

Ask a Question

Similar Threads

Members online

Forum statistics

Latest Threads