From arbitraryuser at GMAIL.COM Tue Oct 6 08:26:10 2009 From: arbitraryuser at GMAIL.COM (Jonathan Endersby) Date: Tue, 6 Oct 2009 08:26:10 +0200 Subject: [PYTHON-CRYPTO] PKCS7 verification issue. Message-ID: <7dd6ce6e0910052326g24db435erc122eec04f75606f@mail.gmail.com> Hi All I'm trying to do the following: 1. Sign a message with Alice's keys (cert is signed by the CA) 2. Encrypt the message with Bob's (signed by the CA) public key 3. Send the PKCS#7 output to Bob 4. Bob decrypts the message and tries to verifies it with the cacert.pem and with Alice's public key 5. It works. (no surprise here) However, If I run step 4 with Carol's public key (signed by the CA), the verify also works... and I would have expected it to fail as it wasn't signed by Carol! Am I misunderstanding how the verify is meant to work? (It's quite possible, I'm very new to PKI) If I'm not being a complete idiot I'll write a clean test case. At the moment the code is too wrapped up in my project to extract neatly. Thanks in advance. J. -- Jonathan Endersby +27 82 4143129 www.arbitraryuser.com From heikki at OSAFOUNDATION.ORG Wed Oct 7 07:01:31 2009 From: heikki at OSAFOUNDATION.ORG (Heikki Toivonen) Date: Tue, 6 Oct 2009 22:01:31 -0700 Subject: [PYTHON-CRYPTO] M2Crypto : Regression test failure In-Reply-To: <4AC2413B.7000304@arcane-labs.net> References: <4AC2413B.7000304@arcane-labs.net> Message-ID: <4ACC20AB.6070203@osafoundation.org> That seems like a bug, can you file it here: https://bugzilla.osafoundation.org/enter_bug.cgi?product=M2Crypto Benoit Lecocq wrote: > Hi, > > I try to use M2Crypto with OpenBSD to build a Ports but when I try the > regression test I obtain : > > test_verify_dsa (tests.test_ecdsa.ECDSATestCase) ... ok > test_ec_curves_ECDSA (tests.test_ec_curves.ECCurveTests) ... ok > > ====================================================================== > ERROR: test_server_simple_timeouts (tests.test_ssl.MiscSSLClientTestCase) > ---------------------------------------------------------------------- > Traceback (most recent call last): > File > "/linux/tmp/py-m2crypto-0.20.1/M2Crypto-0.20.1/tests/test_ssl.py", line > 329, in test_server_simple_timeouts > s.set_socket_write_timeout(SSL.timeout(909,9)) > File > "/linux/tmp/py-m2crypto-0.20.1/M2Crypto-0.20.1/M2Crypto/SSL/Connection.py", > line 349, in set_socket_write_timeout > self.socket.setsockopt(socket.SOL_SOCKET, socket.SO_SNDTIMEO, > timeo.pack()) > File "", line 1, in setsockopt > error: (33, 'Numerical argument out of domain') > > ---------------------------------------------------------------------- > Ran 236 tests in 85.907s > > FAILED (errors=1) > > > Is it a know problem ? A know bug ? > > Thanks, > benoit -- Heikki Toivonen - http://heikkitoivonen.net From heikki at OSAFOUNDATION.ORG Wed Oct 7 07:03:19 2009 From: heikki at OSAFOUNDATION.ORG (Heikki Toivonen) Date: Tue, 6 Oct 2009 22:03:19 -0700 Subject: [PYTHON-CRYPTO] SOCKS4/5 in ProxyHTTPSConnection (m2crypto) In-Reply-To: References: Message-ID: <4ACC2117.8030101@osafoundation.org> Rich Jones wrote: > Is this possible? Or only HTTP Proxies? > > httpslib2 has socks45 support in conjunction with > http://socksipy.sourceforge.net/, anyway to achieve similar > functionality with m2? Sorry, I don't know SOCKS so I can't give a definite answer, but if there are other SSL solutions that support SOCKS then it should be possible with M2Crypto too. > PS: Can we be added to the list of projects that use M2Crypto? :) Added :) -- Heikki Toivonen - http://heikkitoivonen.net From heikki at OSAFOUNDATION.ORG Wed Oct 7 07:06:30 2009 From: heikki at OSAFOUNDATION.ORG (Heikki Toivonen) Date: Tue, 6 Oct 2009 22:06:30 -0700 Subject: [PYTHON-CRYPTO] ANN: M2Crypto 0.20.2 Message-ID: <4ACC21D6.2070003@osafoundation.org> M2Crypto is the most complete Python wrapper for OpenSSL featuring RSA, DSA, DH, HMACs, message digests, symmetric ciphers (including AES); SSL functionality to implement clients and servers; HTTPS extensions to Python's httplib, urllib, and xmlrpclib; unforgeable HMAC'ing AuthCookies for web session management; FTP/TLS client and server; S/MIME; ZServerSSL: A HTTPS server for Zope and ZSmime: An S/MIME messenger for Zope. Smartcards supported with the Engine interface. This is the 0.20.2 release. Download links and bug filing instructions on the homepage at: http://chandlerproject.org/Projects/MeTooCrypto. Changelog: - (Re)Enable configuration and use with OpenSSL 0.9.7g and older by disabling RSA PSS methods when using such old OpenSSL that don't support it, thanks to Stef Walter NOTE: If you are using OpenSSL that is newer than 0.9.7g there is no need to update. -- Heikki Toivonen - http://heikkitoivonen.net From arbitraryuser at GMAIL.COM Wed Oct 7 08:27:18 2009 From: arbitraryuser at GMAIL.COM (Jonathan Endersby) Date: Wed, 7 Oct 2009 08:27:18 +0200 Subject: [PYTHON-CRYPTO] PKCS7 verification issue. In-Reply-To: <7dd6ce6e0910052326g24db435erc122eec04f75606f@mail.gmail.com> References: <7dd6ce6e0910052326g24db435erc122eec04f75606f@mail.gmail.com> Message-ID: <7dd6ce6e0910062327q531e3115raaf15d61d6b0182f@mail.gmail.com> Hi 2009/10/6 Jonathan Endersby : > If I'm not being a complete idiot I'll write a clean test case. At the > moment the code is too wrapped up in my project to extract neatly. I'm attaching my test case... I have no idea if zips will get through... here's hoping. j. -- Jonathan Endersby +27 82 4143129 www.arbitraryuser.com -------------- next part -------------- A non-text attachment was scrubbed... Name: smimeVerifyConfusion.zip Type: application/zip Size: 20320 bytes Desc: not available URL: From dlitz at DLITZ.NET Mon Oct 19 07:32:22 2009 From: dlitz at DLITZ.NET (Dwayne C. Litzenberger) Date: Mon, 19 Oct 2009 01:32:22 -0400 Subject: [PYTHON-CRYPTO] ANN: PyCrypto 2.1.0 alpha 2 released Message-ID: <20091019053222.GA4083@rivest.dlitz.net> PyCrypto 2.1.0alpha2 has been released. I'm going to push through a stable release as soon as I can, since at this point I think all the major issues have been resolved[*], and it's getting a bit ridiculous that it's taking me longer to release a stable PyCrypto than it takes to release a stable Debian. You can get this alpha release via HTTP at: http://ftp.dlitz.net/pub/dlitz/crypto/pycrypto/pycrypto-2.1.0a2.tar.gz http://ftp.dlitz.net/pub/dlitz/crypto/pycrypto/pycrypto-2.1.0a2.tar.gz.asc You can also get it from the git repository: $ git clone git://git.pycrypto.org:9419/crypto/pycrypto-2.x.git $ cd pycrypto-2.x $ git checkout v2.1.0alpha2 The ChangeLog is available online at: http://gitweb.pycrypto.org/?p=crypto/pycrypto-2.x.git;a=blob;f=ChangeLog;h=94731b70962732ea718e63bfdf21c3722ee94af4;hb=a7748d0e65fe17fbcb20f7b086536c3ccf68de43 Please test it and post your experiences to the PyCrypto mailing list: pycrypto at lists.dlitz.net and/or file bug reports on Launchpad: https://bugs.launchpad.net/pycrypto There has been a huge number of changes since the last stable release[**], and not a lot of feedback so far, so I would really appreciate any feedback even if it's just a simple oneliner like, "built on ; used with ; works fine." The files for this release have the following SHA256 sums: bc42f57eae5bf1ef4319e6e99cd45281b096d0de9ae4f00a0b6fa7ffa359b349 *pycrypto-2.1.0a2.tar.gz f2c821e10d5d473af153fb82fd87101772aaf5583aea40e0bac0cb6b586d2c7c *pycrypto-2.1.0a2.tar.gz.asc Cheers, - Dwayne -- Dwayne C. Litzenberger Key-signing key - 19E1 1FE8 B3CF F273 ED17 4A24 928C EC13 39C2 5CF7 Annual key (2009) - C805 1746 397B 0202 2758 2821 58E0 894B 81D2 582E [*] ... with the possible exception of RSA key generation, which some people have suggested might be inadequate. I could use some help with this. See https://bugs.launchpad.net/pycrypto/+bug/408660 [**] "git diff -C --shortstat v2.0.1 v2.1.0alpha2" shows: 178 files changed, 20306 insertions(+), 7336 deletions(-) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 221 bytes Desc: Digital signature URL: