What package to use for certificate manipulation (signing, hashing)
Nenad Cikic
nenad.cikic at gmail.com
Sat Dec 15 10:19:50 EST 2012
I have managed to sign xml so I am reporting here in case some else needs this info.Also if someone more experienced see some possible improvment please leave a note.
So my input is a pfx file.
I am forced to use both pyopeenssl and m2crypto.
I am using PyOpenssl to extract certificate and private key.
pfx=open('/home/cikic/manc.pfx','rb').read()
PKCS=crypto.load_pkcs12(pfx,'mypfxpass')
cert=PKCS.get_certificate()
#PKey=cert.get_pubkey()
pk=PKCS.get_privatekey()
pkStr=crypto.dump_privatekey(crypto.FILETYPE_PEM,pk)
I am using PyOpenssl to extract pem, serial number and issuer from certificate but you could do it also with m2crypto.
I am constructin m2crypto RSA object with
rsa=RSA.load_key_string(pkStr)
I am using m2crypto MessageDigest('sha1') or MessageDigest('md5') as needed and I am singing the hash with
dig=MessageDigest('sha1')
dig.update(xmlstring)
dgst=dig.digest()
retVal=rsa.sign(dgst,'sha1')
Then I use
sval=base64.b64encode(retVal)
to get the signature value
Essentially I use pyopenssl just to get private key since I didn't find m2crypto function that reads pfx file.
Nenad
More information about the Python-list
mailing list