We need to choose between two signature schemes:
For that our python software needs to support one of this scheme. Currently for some political reasons the ECDSA solution is prefered.
Is the ECDSA solution supported by any of the python crypto modules (M2Crypto, ...) and do you have an example for that ?
The ECDSA support seems very young even for openssl.
Thanks in advance
Ecliptic Curve Cryptography (ECDSA) as well as the more common RSA is supported by the OpenSSL library. I recommend using the pyOpenSSL bridge.
ECDSA is supported in M2Crypto, but it can be optionally disabled. For example Fedora-based systems ship with ECDSA disabled in OpenSSL and M2Crypto. M2Crypto has some SMIME support as well, but since I haven't used it much I am not sure if that would be of help in this case. See the M2Crypto SMIME doc and SMIME unit tests, as well as ec unit tests.
I did some tests with M2Crypto and also openssl and it turns out that SMIME signing with ecdsa doesn't work with the current openssl stable version openssl-0.9.8l. It worked though when I upgraded the library to openssl-1.0.0-beta5.tar.gz.
The chain verification also works (checking up to the CA cert).
I have one last question. How can you change the digest algorithm in SMIME in M2Crypto ?.
I could not find how to do it ? We would like to use SHA256 and not SHA1.