[PYTHON-CRYPTO] Invalid signature
Jan Pobrislo
ccx at WEBPROJEKTY.CZ
Wed Jan 17 16:31:06 CET 2007
Hello, I'm having trouble producing properly signed certificates.
Self-signed (CA) certificates works okay, but when I sign another
certificate by CA's key it doesn't seem to be valid in some
applications.
PS: Now I tried it in IE and it reports even the CA to be broken
It works in:
Firefox/win32 - I'm not sure I've didn't force it to use the
certificate though
M2Crypto.X509.X509.verify method reports success
Reports invalid RSA signature:
Internet exlporer 6
openssl cli tool
konqueror
kmail
seamonkey / Linux
I'm using m2crypto-0.17 on gentoo linux
Example cerificates attached
I do something like this:
from M2Crypto import X509,RSA,EVP
from M2Crypto.ASN1 import *
def generate(self,top):
top.log("Generating keypair")
keypair = RSA.gen_key(int(top['bits']),0x10001)
top.key = EVP.PKey()
top.key.assign_rsa(keypair)
top.log("Creating certificate")
top.cert = X509.X509()
top.cert.set_pubkey(top.key)
top.log("Configuring certificate")
#... Setting validity, DN, Extensions
top.log("Signing")
if top.parent:
#... Setting Issuer DN, Serial number
if not hasattr(top.parent,'key'): self.load(top.parent)
top.cert.sign(top.parent.key,top['digest'])
else:
top.log("Self-signed certificate")
top.cert.set_issuer_name(self.get_name(top))
top.cert.sign(top.key,top['digest'])
#... then it gets written like this:
def write(self,top):
top.log("Writing to %s"%top.filesdir)
top.key.save_key(top.key_filename(),None)
top.cert.save_pem(top.cert_filename())
You can get whole code at svn://ccx.sh.cvut.cz/generic/xmlca
It's a CA application that automatically generates and distributes SSL
certificates.
Thanks for replies, it's quite urgent
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: webprojekty.cz_cert.pem
Type: application/x-x509-ca-cert
Size: 899 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/python-crypto/attachments/20070117/51d8f66b/attachment.crt>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: apache_cert.pem
Type: application/x-x509-ca-cert
Size: 1863 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/python-crypto/attachments/20070117/51d8f66b/attachment-0001.crt>
More information about the python-crypto
mailing list