[pyOpenSSL] quick question, converting a small (two lines) of Ruby (OpenSSL) to PyOpenSSL

Rick Dean rick at fdd.com
Thu Aug 27 20:30:30 CEST 2009 

Twinkie is a silly placeholder for the string to be signed.
In your case twinkie would be product_code + "," + name,
and needs to be known by the recipient to verify the base32 
string, but is not included therein.

--
Rick


On Thu, Aug 27, 2009 at 11:13:55AM -0700, aaron smith wrote:
> Hey Dean, thanks for the response. I'll end up using subprocess and
> openssl. One other question. What is "twinkle?"
> 
> 
> On Tue, Aug 25, 2009 at 9:26 PM, Rick Dean<rick at fdd.com> wrote:
> >
> > Strangely, your provided result is an invalid base32 encoding
> > because it's an illegal length.  It's not just missing equal
> > signs.
> >
> > So the openssl commands are...
> >
> > $ openssl dsaparam -genkey -out dsa_priv.pem 1024
> > $ echo twinkie | openssl dgst -dss1 -sign dsa_priv.pem -out foo
> > $ echo twinkie | openssl dgst -dss1 -prverify dsa_priv.pem -signature foo
> > Verified OK
> >
> > pyOpenSSL doesn't yet provide this functionality.  You
> > can only sign with x509 certificates, not with just a
> > PKey.  Apparently the certificateless signing is provided
> > by EVP_SignFinal() and EVP_VerifyFinal() as seen in
> > openssl-0.9.8j/app/dgst.c
> >
> > In the meantime, the python module called "subprocess"
> > may be of some help.
> >
> > --
> > Rick
> >
> >
> > On Tue, Aug 25, 2009 at 12:48:19PM -0700, aaron smith wrote:
> >> Thanks for the reply. Ultimately what I'm trying to accomplish is
> >> creating a software license key.
> >>
> >> The full ruby example is this:
> >>
> >> def make_license(product_code, name, copies)
> >>   sign_dss1 = OpenSSL::Digest::DSS1.new
> >>   priv = OpenSSL::PKey::DSA.new(File.read("lib/dsa_priv.pem"))
> >>   b32 = Base32.encode(priv.sign(sign_dss1,
> >> make_license_source(product_code, name)))
> >>   # Replace Os with 8s and Is with 9s
> >>   # See http://members.shaw.ca/akochoi-old/blog/2004/11-07/index.html
> >>   b32.gsub!(/O/, '8')
> >>   b32.gsub!(/I/, '9')
> >>   # chop off trailing padding
> >>   b32.delete("=").scan(/.{1,5}/).join("-")
> >> end
> >>
> >> def make_license_source(product_code, name)
> >>   product_code + "," + name
> >> end
> >>
> >> I think what this is doing is creating a new dsa from a private one,
> >> the file (lib/dsa_priv.pem). It converts it to base 32, and adds in
> >> some dashes (-). Which ultimately gives me something like:
> >> "GAWAE-FDWN3-BJHHK-KBGLL-D5SF7-6KHNP-7RWSE-C2FAC-CRR32-QB76K-T3F22-MZFGQ-LV4XA-7X423-6QJY"
> >>
> >>
> >>
> >>
> >>
> >> On Tue, Aug 25, 2009 at 9:13 AM, Rick Dean<rick at fdd.com> wrote:
> >> >
> >> > The automated test cases are a good place to look for
> >> > examples.  It's a directory named "test" in the pyOpenSSL
> >> > sources.
> >> >
> >> > Some comments about what you are trying to accomplish
> >> > would be useful.  I don't know the Ruby API and you
> >> > didn't link to it's docs.
> >> >
> >> > Are you trying to create a DSA certificate?  Is "test" the
> >> > common name of the subject for the new certificate being
> >> > created?  If so, you need a bunch more stuff than those three
> >> > lines.  I attached an example.
> >> >
> >> > --
> >> > Rick
> >> >
> >> >
> >> > On Mon, Aug 24, 2009 at 10:21:02PM -0700, aaron smith wrote:
> >> >> I'm trying to convert a small snippet of ruby code that handles some
> >> >> ssl stuff for me..
> >> >>
> >> >> The Ruby code is this:
> >> >>
> >> >> sign_dss1 = OpenSSL::Digest::DSS1.new
> >> >> priv = OpenSSL::PKey::DSA.new(File.read("lib/dsa_priv.pem"))
> >> >> priv.sign(sign_dss1, "test" )
> >> >>
> >> >> This is somewhat contrived, but this all i'm trying to convert. The
> >> >> docs for pyOpenSSL don't explain that much, so I'm not even sure where
> >> >> to look.
> >> >>
> >> >> Thanks for your help!
> >> >> -A
> >> >>
> >> >> ------------------------------------------------------------------------------
> >> >> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
> >> >> trial. Simplify your report design, integration and deployment - and focus on
> >> >> what you do best, core application coding. Discover what's new with
> >> >> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
> >> >> _______________________________________________
> >> >> pyopenssl-list mailing list
> >> >> pyopenssl-list at lists.sourceforge.net
> >> >> https://lists.sourceforge.net/lists/listinfo/pyopenssl-list
> >> >
> >> >
> >
> >

-- 
Rick

More information about the pyopenssl-users mailing list