[PYTHON-CRYPTO] PKCS7 verification with CA hierarchy
Sébastien Merle
sebastien at FLUENDO.COM
Tue Dec 11 11:39:04 CET 2007
Hi,
Thank you Heikki, I didn't hop for a response after seeing
my question was the only entry of November :)
> Hmm, I am not completely sure I understood what you want.
What I want is to be able to check the direct issuer of the
signer of a PKCS7, it could be done by looking at the key identifier
of the signer's direct issuer (X509v3 Authority Key Identifier).
What's needed is to be able to extract certificate from PKCS7,
and retrieve certificate extensions from a certificate.
I didn't find out if it's possible to do it with M2Crypto yet
without having to enter in the arcane of OpenSSL C API.
I got another question, do you know for what is used the
certificate stack when verifying a PKCS7 ?
Thank you,
Bye.
On Monday 03 December 2007 19:39:01 Heikki Toivonen wrote:
> Sébastien Merle wrote:
> > If the signer has been issued by another sub CA
> > or if the signer has been issued directly by
> > the root CA, I want the verification to fail,
> > even if the pkc7 contains its own certification chain.
>
>
> > How could I do this in python ? Is it even possible ?
>
> Can you do it using C and OpenSSL? If the answer is yes, then there is a
> very high likelyhood you can do it with M2Crypto. The only problem I
> could see (beyond bugs of course) is that some OpenSSL API you'd need
> has not yet been wrapped. If that turns out to be the case I'd be happy
> to wrap the needed API(s) and include them in the next release.
--
Sébastien Merle
More information about the python-crypto
mailing list