[PYTHON-CRYPTO] M2Crypto and CAcert.org certificates
Jeremy Morel
morel.jeremy at GMAIL.COM
Tue Oct 28 10:35:15 CET 2008
Hi all,
I am trying to use M2Crypto to authentify mails signed with a certificate
delivered by CACert.org. I understand they do not use traditional public
key/private key signing, but rather give you a certificate you use to sign
your mails with embed the public key. Toying with M2Crypto, I was able to
extract that public key, but all my attempts at verifying the signature failed.
My code derives from the example available at
http://sandbox.rulemaker.net/ngps/m2/howto.smime.html
Here :
from M2Crypto import SMIME, X509
# Load the data, verify it.
p7, data = SMIME.smime_load_pkcs7('test_sign.eml')
certif = X509.load_cert('root.crt')
stack = X509.X509_Stack()
signers = p7.get0_signers(stack)
for signer in signers:
pubkey = signer.get_pubkey()
print signer
# Instantiate an SMIME object.
s = SMIME.SMIME()
# Load the signer's cert.
x509 = X509.X509()
x509.set_pubkey(pubkey)
sk = X509.X509_Stack()
sk.push(x509)
s.set_x509_stack(sk)
st = X509.X509_Store()
st.load_info('root.crt')
s.set_x509_store(st)
# Load the data, verify it.
v = s.verify(p7)
In this context, I have 2 files :
* test_sign.eml is a signed email
* root.crt is the root certificate from CACert.org
data does contain the body of the mail, but it looks like p7 is empty. I get
this error :
<M2Crypto.X509.X509 instance at 0x6c1b98>
Traceback (most recent call last):
File "sign.py", line 38, in <module>
v = s.verify(p7)
File "build/bdist.macosx-10.5-i386/egg/M2Crypto/SMIME.py", line 215, in verify
M2Crypto.SMIME.PKCS7_Error: no content
Does anyone know how to fix this ?
Thanks in advance,
Jérémy
More information about the python-crypto
mailing list