What package to use for certificate manipulation (signing, hashing)

Nenad Cikic nenad.cikic at gmail.com
Sat Dec 15 16:19:50 CET 2012


I have managed to sign xml so I am reporting here in case some else needs this info.Also if someone more experienced see some possible improvment please leave a note.
So my input is a pfx file.
I am forced to use both pyopeenssl and m2crypto.
I am using PyOpenssl to extract certificate and private key.
    pfx=open('/home/cikic/manc.pfx','rb').read()
    PKCS=crypto.load_pkcs12(pfx,'mypfxpass')
    cert=PKCS.get_certificate()
    #PKey=cert.get_pubkey()
    pk=PKCS.get_privatekey()
    pkStr=crypto.dump_privatekey(crypto.FILETYPE_PEM,pk)

I am using PyOpenssl to extract pem, serial number and issuer from certificate but you could do it also with m2crypto.
I am constructin m2crypto RSA object with
   rsa=RSA.load_key_string(pkStr)
I am using m2crypto MessageDigest('sha1') or MessageDigest('md5') as needed and I am singing the hash with
  dig=MessageDigest('sha1')
  dig.update(xmlstring)
  dgst=dig.digest()
  retVal=rsa.sign(dgst,'sha1')
Then I use 
   sval=base64.b64encode(retVal)
to get the signature value

Essentially I use pyopenssl just to get private key since I didn't find m2crypto function that reads pfx file.

Nenad



More information about the Python-list mailing list