[pyOpenSSL] quick question, converting a small (two lines) of Ruby (OpenSSL) to PyOpenSSL
Rick Dean
rick at fdd.com
Wed Aug 26 06:26:48 CEST 2009
Strangely, your provided result is an invalid base32 encoding
because it's an illegal length. It's not just missing equal
signs.
So the openssl commands are...
$ openssl dsaparam -genkey -out dsa_priv.pem 1024
$ echo twinkie | openssl dgst -dss1 -sign dsa_priv.pem -out foo
$ echo twinkie | openssl dgst -dss1 -prverify dsa_priv.pem -signature foo
Verified OK
pyOpenSSL doesn't yet provide this functionality. You
can only sign with x509 certificates, not with just a
PKey. Apparently the certificateless signing is provided
by EVP_SignFinal() and EVP_VerifyFinal() as seen in
openssl-0.9.8j/app/dgst.c
In the meantime, the python module called "subprocess"
may be of some help.
--
Rick
On Tue, Aug 25, 2009 at 12:48:19PM -0700, aaron smith wrote:
> Thanks for the reply. Ultimately what I'm trying to accomplish is
> creating a software license key.
>
> The full ruby example is this:
>
> def make_license(product_code, name, copies)
> sign_dss1 = OpenSSL::Digest::DSS1.new
> priv = OpenSSL::PKey::DSA.new(File.read("lib/dsa_priv.pem"))
> b32 = Base32.encode(priv.sign(sign_dss1,
> make_license_source(product_code, name)))
> # Replace Os with 8s and Is with 9s
> # See http://members.shaw.ca/akochoi-old/blog/2004/11-07/index.html
> b32.gsub!(/O/, '8')
> b32.gsub!(/I/, '9')
> # chop off trailing padding
> b32.delete("=").scan(/.{1,5}/).join("-")
> end
>
> def make_license_source(product_code, name)
> product_code + "," + name
> end
>
> I think what this is doing is creating a new dsa from a private one,
> the file (lib/dsa_priv.pem). It converts it to base 32, and adds in
> some dashes (-). Which ultimately gives me something like:
> "GAWAE-FDWN3-BJHHK-KBGLL-D5SF7-6KHNP-7RWSE-C2FAC-CRR32-QB76K-T3F22-MZFGQ-LV4XA-7X423-6QJY"
>
>
>
>
>
> On Tue, Aug 25, 2009 at 9:13 AM, Rick Dean<rick at fdd.com> wrote:
> >
> > The automated test cases are a good place to look for
> > examples. It's a directory named "test" in the pyOpenSSL
> > sources.
> >
> > Some comments about what you are trying to accomplish
> > would be useful. I don't know the Ruby API and you
> > didn't link to it's docs.
> >
> > Are you trying to create a DSA certificate? Is "test" the
> > common name of the subject for the new certificate being
> > created? If so, you need a bunch more stuff than those three
> > lines. I attached an example.
> >
> > --
> > Rick
> >
> >
> > On Mon, Aug 24, 2009 at 10:21:02PM -0700, aaron smith wrote:
> >> I'm trying to convert a small snippet of ruby code that handles some
> >> ssl stuff for me..
> >>
> >> The Ruby code is this:
> >>
> >> sign_dss1 = OpenSSL::Digest::DSS1.new
> >> priv = OpenSSL::PKey::DSA.new(File.read("lib/dsa_priv.pem"))
> >> priv.sign(sign_dss1, "test" )
> >>
> >> This is somewhat contrived, but this all i'm trying to convert. The
> >> docs for pyOpenSSL don't explain that much, so I'm not even sure where
> >> to look.
> >>
> >> Thanks for your help!
> >> -A
> >>
> >> ------------------------------------------------------------------------------
> >> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
> >> trial. Simplify your report design, integration and deployment - and focus on
> >> what you do best, core application coding. Discover what's new with
> >> Crystal Reports now. http://p.sf.net/sfu/bobj-july
> >> _______________________________________________
> >> pyopenssl-list mailing list
> >> pyopenssl-list at lists.sourceforge.net
> >> https://lists.sourceforge.net/lists/listinfo/pyopenssl-list
> >
> >
More information about the pyopenssl-users
mailing list