From hans at VELUM.NET Wed Apr 8 01:02:00 2009 From: hans at VELUM.NET (Hans Lellelid) Date: Tue, 7 Apr 2009 19:02:00 -0400 Subject: [PYTHON-CRYPTO] M2Crypto convert key from PEM to DER ? Message-ID: <49DBDB68.5020304@velum.net> Hi - I'd like to use M2Crypto to to convert a server key from PEM format to DER. Specifically, I'd like to replace the following openssl command: *openssl rsa ?in input.key ?inform PEM ?out output.key ?outform DER I think I understand how to do something similar with the certs, but haven't figured out how to do this with just the private key. I'm sure I'm missing something; can anyone provide any tips? Thanks in advance - Hans * From mads at KIILERICH.COM Wed Apr 8 02:19:49 2009 From: mads at KIILERICH.COM (Mads Kiilerich) Date: Wed, 8 Apr 2009 02:19:49 +0200 Subject: [PYTHON-CRYPTO] M2Crypto convert key from PEM to DER ? In-Reply-To: <49DBDB68.5020304@velum.net> References: <49DBDB68.5020304@velum.net> Message-ID: <49DBEDA5.6030500@kiilerich.com> Hans Lellelid wrote, On 04/08/2009 01:02 AM: > I'd like to use M2Crypto to to convert a server key from PEM format to > DER. Specifically, I'd like to replace the following openssl command: > > *openssl rsa ?in input.key ?inform PEM ?out output.key ?outform DER > > I think I understand how to do something similar with the certs, but > haven't figured out how to do this with just the private key. I'm sure > I'm missing something; can anyone provide any tips? Using M2Crypto for that might be overkill, though it would be nice not to have to write it from scratch every time. Untested and mostly from memory which might be wrong: pem = open('cert.pem') der = ''.join(l.strip() for l in pem.read().split('-----')[2].splitlines()).decode('base64') open('cert.der', 'w').write(der) /Mads -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3435 bytes Desc: S/MIME Cryptographic Signature URL: From hans at VELUM.NET Wed Apr 8 02:42:21 2009 From: hans at VELUM.NET (Hans Lellelid) Date: Tue, 7 Apr 2009 20:42:21 -0400 Subject: [PYTHON-CRYPTO] M2Crypto convert key from PEM to DER ? In-Reply-To: <49DBEDA5.6030500@kiilerich.com> References: <49DBDB68.5020304@velum.net> <49DBEDA5.6030500@kiilerich.com> Message-ID: <49DBF2ED.9080907@velum.net> Hi - Mads Kiilerich wrote: > Hans Lellelid wrote, On 04/08/2009 01:02 AM: >> I'd like to use M2Crypto to to convert a server key from PEM format to >> DER. Specifically, I'd like to replace the following openssl command: >> >> *openssl rsa ?in input.key ?inform PEM ?out output.key ?outform DER >> >> I think I understand how to do something similar with the certs, but >> haven't figured out how to do this with just the private key. I'm sure >> I'm missing something; can anyone provide any tips? > > Using M2Crypto for that might be overkill, though it would be nice not > to have to write it from scratch every time. > > Untested and mostly from memory which might be wrong: > > pem = open('cert.pem') > der = ''.join(l.strip() for l in > pem.read().split('-----')[2].splitlines()).decode('base64') > open('cert.der', 'w').write(der) Thank you! -- I guess the better place to start looking would have been the relationship between PEM and DER :) I will give that a shot. Thanks, Hans From philip.kershaw at STFC.AC.UK Wed Apr 8 10:07:20 2009 From: philip.kershaw at STFC.AC.UK (Kershaw, PJ (Philip)) Date: Wed, 8 Apr 2009 09:07:20 +0100 Subject: [PYTHON-CRYPTO] FW: M2Crypto convert key from PEM to DER ? Message-ID: > -----Original Message----- > From: Kershaw, PJ (Philip) > Sent: 08 April 2009 08:54 > To: 'Hans Lellelid' > Cc: > Subject: RE: M2Crypto convert key from PEM to DER ? > > > Hi Hans, > > If you want to use M2Crypto :) you could do: > > from M2Crypto import RSA > key = RSA.load_key('input.key') > key.save_key_der('output.key') > > Cheers, > Phil > > > -----Original Message----- > > From: generic crypto class API for Python > > [mailto:PYTHON-CRYPTO at NIC.SURFNET.NL] On Behalf Of Hans Lellelid > > Sent: 08 April 2009 01:42 > > To: PYTHON-CRYPTO at NIC.SURFNET.NL > > Subject: Re: M2Crypto convert key from PEM to DER ? > > > > > > Hi - > > > > Mads Kiilerich wrote: > > > Hans Lellelid wrote, On 04/08/2009 01:02 AM: > > >> I'd like to use M2Crypto to to convert a server key from > > PEM format > > >> to > > >> DER. Specifically, I'd like to replace the following > > openssl command: > > >> > > >> *openssl rsa ?in input.key ?inform PEM ?out output.key > ?outform DER > > >> > > >> I think I understand how to do something similar with the > > certs, but > > >> haven't figured out how to do this with just the private > > key. I'm sure > > >> I'm missing something; can anyone provide any tips? > > > > > > Using M2Crypto for that might be overkill, though it would > > be nice not > > > to have to write it from scratch every time. > > > > > > Untested and mostly from memory which might be wrong: > > > > > > pem = open('cert.pem') > > > der = ''.join(l.strip() for l in > > > pem.read().split('-----')[2].splitlines()).decode('base64') > > > open('cert.der', 'w').write(der) > > > > Thank you! -- I guess the better place to start looking > > would have been > > the relationship between PEM and DER :) I will give that a shot. > > > > Thanks, > > Hans > > > -- Scanned by iCritical. From hans at VELUM.NET Wed Apr 8 16:49:30 2009 From: hans at VELUM.NET (Hans Lellelid) Date: Wed, 8 Apr 2009 10:49:30 -0400 Subject: [PYTHON-CRYPTO] M2Crypto convert key from PEM to DER ? In-Reply-To: References: Message-ID: Ah, perfect; thanks. I don't know why that escaped me; I think the suggestion of "key pairs" seemed like something different from what I wanted. Thanks for the tip - Hans On Wed, 8 Apr 2009 08:54:01 +0100, "Kershaw, PJ (Philip)" wrote: > Hi Hans, > > If you want to use M2Crypto :) you could do: > > from M2Crypto import RSA > key = RSA.load_key('input.key') > key.save_key_der('output.key') > > Cheers, > Phil > >> -----Original Message----- >> From: generic crypto class API for Python >> [mailto:PYTHON-CRYPTO at NIC.SURFNET.NL] On Behalf Of Hans Lellelid >> Sent: 08 April 2009 01:42 >> To: PYTHON-CRYPTO at NIC.SURFNET.NL >> Subject: Re: M2Crypto convert key from PEM to DER ? >> >> >> Hi - >> >> Mads Kiilerich wrote: >> > Hans Lellelid wrote, On 04/08/2009 01:02 AM: >> >> I'd like to use M2Crypto to to convert a server key from >> PEM format >> >> to >> >> DER. Specifically, I'd like to replace the following >> openssl command: >> >> >> >> *openssl rsa ?in input.key ?inform PEM ?out output.key > ?outform DER >> >> >> >> I think I understand how to do something similar with the >> certs, but >> >> haven't figured out how to do this with just the private >> key. I'm sure >> >> I'm missing something; can anyone provide any tips? >> > >> > Using M2Crypto for that might be overkill, though it would >> be nice not >> > to have to write it from scratch every time. >> > >> > Untested and mostly from memory which might be wrong: >> > >> > pem = open('cert.pem') >> > der = ''.join(l.strip() for l in >> > pem.read().split('-----')[2].splitlines()).decode('base64') >> > open('cert.der', 'w').write(der) >> >> Thank you! -- I guess the better place to start looking >> would have been >> the relationship between PEM and DER :) I will give that a shot. >> >> Thanks, >> Hans >> > -- > Scanned by iCritical. From paul at ACABRE.ORG Fri Apr 10 17:49:26 2009 From: paul at ACABRE.ORG (Paul Washburn) Date: Fri, 10 Apr 2009 09:49:26 -0600 Subject: [PYTHON-CRYPTO] check_key segfault Message-ID: Hello all, Using nearly the same code as the test_x509_public_encrypt unit test in tests/test_rsa.py, and the recipient.pem from the same folder, I get a segfault when calling check_key() on the RSA object returned by x509.get_pubkey().get_rsa(). The test code to reproduce is as follows: from M2Crypto import X509, RSA x509 = X509.load_cert("certs/recipient.pem") rsa = x509.get_pubkey().get_rsa() rsa.save_pub_key('certs/pubkey.pem') print "key saved" rsa.check_key() print "checked" rsa.public_encrypt("data", RSA.pkcs1_padding) print "encrypted" Which produces the following: key saved Segmentation fault I'm using the python-m2crypto package, version 0.18.2-2, from the Ubuntu repos, along with openssl version 0.9.8g-10.1ubuntu2.2 Any help would be greatly appreciated! -- Paul paul at acabre.org -------------- next part -------------- An HTML attachment was scrubbed... URL: From paul at ACABRE.ORG Fri Apr 10 19:31:52 2009 From: paul at ACABRE.ORG (Paul Washburn) Date: Fri, 10 Apr 2009 11:31:52 -0600 Subject: [PYTHON-CRYPTO] check_key segfault In-Reply-To: References: Message-ID: Hello all, It looks like this is a known bug that was addressed in the 0.19 release. If anyone else needs to address it without upgrading (as I do), the fix is quite simple: $ diff EVP.py /usr/share/python-support/python-m2crypto/M2Crypto/EVP.py 258c258 < rsa = RSA.RSA_pub(rsa_ptr, 1) --- > rsa = RSA.RSA(rsa_ptr, 1) -- Paul paul at acabre.org -------------- next part -------------- An HTML attachment was scrubbed... URL: From zooko at ZOOKO.COM Tue Apr 14 19:28:31 2009 From: zooko at ZOOKO.COM (zooko) Date: Tue, 14 Apr 2009 11:28:31 -0600 Subject: [PYTHON-CRYPTO] ANNOUNCING Tahoe-LAFS v1.4 Message-ID: <409614CD-8917-4ED2-A05D-C768C776DFE7@zooko.com> Dear people of python-crypto: This secure cloud storage system uses my own "pycryptopp" library, which is a very narrow set of wrappers for the Crypto++ library. Regards, Zooko ANNOUNCING Tahoe, the Least-Authority Filesystem, v1.4 The allmydata.org team is pleased to announce the release of version 1.4.1 of "Tahoe", the Lightweight-Authorization Filesystem. This is the first release of Tahoe-LAFS which was created solely as a labor of love by volunteers -- it is no longer funded by allmydata.com (see [1] for details). Tahoe-LAFS is a secure, decentralized, fault-tolerant cloud storage system. All of the source code is publicly available under Free Software, Open Source licences. This filesystem is distributed over multiple servers in such a way the filesystem continues to operate correctly even when some of the servers are unavailable, malfunctioning, or malicious. Here is the one-page explanation of Tahoe's unique security and fault-tolerance properties: http://allmydata.org/source/tahoe/trunk/docs/about.html This is the successor to Tahoe-LAFS v1.3, which was released February 13, 2009 [2]. This is a major new release, adding garbage collection, improved diagnostics and error-reporting, and fixing a critical performance problem when downloading large (many GB) files. See the NEWS file [3] and the known_issues.txt file [4] for more information. Besides the Tahoe core, a crop of related projects have sprung up, including frontends for Windows and Macintosh, two front-ends written in JavaScript, a Ruby interface, a plugin for duplicity, a plugin for TiddlyWiki, a new backup tool named "GridBackup", CIFS/SMB integration, an iPhone app, and three incomplete frontends for FUSE. See the Related Projects page on the wiki: [5]. COMPATIBILITY Tahoe v1.4 is fully compatible with the version 1 series of Tahoe. Files written by v1.4 clients can be read by clients of all versions back to v1.0. v1.4 clients can read files produced by clients of all versions since v1.0. v1.4 servers can serve clients of all versions back to v1.0 and v1.4 clients can use servers of all versions back to v1.0. This is the fifth release in the version 1 series. The version 1 series of Tahoe will be actively supported and maintained for the forseeable future, and future versions of Tahoe will retain the ability to read files and directories produced by Tahoe v1 for the forseeable future. The version 1 branch of Tahoe is the basis of the consumer backup product from Allmydata, Inc. -- http://allmydata.com . WHAT IS IT GOOD FOR? With Tahoe, you can distribute your filesystem across a set of servers, such that if some of them fail or even turn out to be malicious, the entire filesystem continues to be available. You can share your files with other users, using a simple and flexible access control scheme. Because this software is new, we do not categorically recommend it as the sole repository of data which is extremely confidential or precious. However, we believe that erasure coding, strong encryption, Free/Open Source Software and careful engineering make Tahoe safer than common alternatives, such as RAID, removable drive, tape, "on-line storage" or "Cloud storage" systems. This software comes with extensive tests, and there are no known security flaws which would compromise confidentiality or data integrity. (For all currently known issues please see the known_issues.txt file [3].) This release of Tahoe is suitable for the "friendnet" use case [6] -- it is easy to create a filesystem spread over the computers of you and your friends so that you can share disk space and files. LICENCE You may use this package under the GNU General Public License, version 2 or, at your option, any later version. See the file "COPYING.GPL" [7] for the terms of the GNU General Public License, version 2. You may use this package under the Transitive Grace Period Public Licence, version 1 or, at your option, any later version. (The Transitive Grace Period Public Licence has requirements similar to the GPL except that it allows you to wait for up to twelve months after you redistribute a derived work before releasing the source code of your derived work.) See the file "COPYING.TGPPL.html" [8] for the terms of the Transitive Grace Period Public Licence, version 1. (You may choose to use this package under the terms of either licence, at your option.) INSTALLATION Tahoe works on Linux, Mac OS X, Windows, Cygwin, and Solaris, and probably most other systems. Start with "docs/install.html" [9]. HACKING AND COMMUNITY Please join us on the mailing list [10]. Patches are gratefully accepted -- the RoadMap page [11] shows the next improvements that we plan to make and CREDITS [12] lists the names of people who've contributed to the project. The wiki Dev page [13] contains resources for hackers. SPONSORSHIP Tahoe was originally developed thanks to the sponsorship of Allmydata, Inc. [14], a provider of commercial backup services. Allmydata, Inc. created the Tahoe project, and contributed hardware, software, ideas, bug reports, suggestions, demands, and money (employing several Tahoe hackers and instructing them to spend part of their work time on this Free Software project). Also they awarded customized t-shirts to hackers who find security flaws in Tahoe (see http://hacktahoe.org ). After discontinuing funding of Tahoe R&D in early 2009, Allmydata, Inc. has continued to provide servers, co-lo space and bandwidth to the open source project. Thank you to Allmydata, Inc. for their generous and public-spirited support. Zooko Wilcox-O'Hearn on behalf of the allmydata.org team Special acknowledgment goes to Brian Warner, whose superb engineering skills and dedication are primarily responsible for the Tahoe implementation, and significantly responsible for the Tahoe design as well, not to mention most of the docs and tests and many other things besides. April 13, 2009 Boulder, Colorado, USA [1] http://allmydata.org/pipermail/tahoe-dev/2009-March/001461.html [2] http://allmydata.org/trac/tahoe/browser/relnotes.txt?rev=3620 [3] http://allmydata.org/trac/tahoe/browser/NEWS?rev=3835 [4] http://allmydata.org/trac/tahoe/browser/docs/known_issues.txt [5] http://allmydata.org/trac/tahoe/wiki/RelatedProjects [6] http://allmydata.org/trac/tahoe/wiki/UseCases [7] http://allmydata.org/trac/tahoe/browser/COPYING.GPL [8] http://allmydata.org/source/tahoe/trunk/COPYING.TGPPL.html [9] http://allmydata.org/source/tahoe/trunk/docs/install.html [10] http://allmydata.org/cgi-bin/mailman/listinfo/tahoe-dev [11] http://allmydata.org/trac/tahoe/roadmap [12] http://allmydata.org/trac/tahoe/browser/CREDITS?rev=3758 [13] http://allmydata.org/trac/tahoe/wiki/Dev [14] http://allmydata.com --- Tahoe, the Least-Authority Filesystem -- http://allmydata.org store your data: $10/month -- http://allmydata.com/?tracking=zsig I am available for work -- http://zooko.com/r?sum?.html