[PYTHON-CRYPTO] M2Crypto and CAcert.org certificates

Jérémy Morel morel.jeremy at GMAIL.COM
Wed Oct 29 08:44:44 CET 2008 

> Jeremy Morel wrote:
>> I am trying to use M2Crypto to authentify mails signed with a  
>> certificate
>> delivered by CACert.org. I understand they do not use traditional  
>> public
>> key/private key signing, but rather give you a certificate you use  
>> to sign
>> your mails with embed the public key. Toying with M2Crypto, I was  
>> able to
>
> Can you send a link to where they explain this stuff?

Unfortunately, I can't. This explaination was given to me by a friend.  
But I guess you could arrive to the same conclusion by reading the CA  
website : http://www.cacert.org/
The main clue about that is that they do not deliver public/private  
key. They just give you a certificate and that's all.

>
>
>> My code derives from the example available at
>
> That is from the old M2Crypto location. M2Crypto homepage is now here:
> http://chandlerproject.org/Projects/MeTooCrypto and the new location  
> for
> the document you were reading is
> http://svn.osafoundation.org/m2crypto/trunk/doc/howto.smime.html
>
> I have fixed one bug in the examples, in the Sign and Encrypt section.
>
>> certif = X509.load_cert('root.crt')
>
> You are not using certif for anything.

I know, I'm sorry. I tried to remove unused stuff from my previous  
attemps but some of it was still here.

>
>
>> signers = p7.get0_signers(stack)
>> for signer in signers:
>>    pubkey = signer.get_pubkey()
>>    print signer
>
> That signer is an X509 object...
>
>
>> # Load the signer's cert.
>> x509 = X509.X509()
>> x509.set_pubkey(pubkey)
>
> ... so why are you creating a new X509 object here, why not use  
> signer?

"It seemed like a good idea at the time"

>
>
> If it does not work with that modification, could you send me an email
> signed with CAcert certificate and point me to a place where I can
> download their root cert?

Unfortunately, it still doesn't work. I have the "no content" error.
Root certificate can be found at http://www.cacert.org/index.php?id=3  
and this email should be signed with my certificate.

Thanks,

Jérémy Morel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2576 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/python-crypto/attachments/20081029/5da52978/attachment.bin>

More information about the python-crypto mailing list