views:

241

answers:

2

Hi everyone.

I am working on a project to implement digital signatures of outgoing messages and decided to use M2Crypto for that.

I have a certificate (in DER format) from which I extract the keys to sign the message. For some reason I keep getting an ugly segmentation fault error when I call the "sign_update" method.

Given the previous examples I have read here, I am clearly missing something.

Here is the example I am working on:

from M2Crypto.X509 import *

cert = load_cert( 'certificate.cer', format=1 )
Pub_key = cert.get_pubkey()
Pub_key.reset_context(md='sha1')
Pub_key.sign_init()
Pub_key.sign_update( "This should be good." )

print Pub_key.sign_final()

Thanks in advance for the help,

Pablo

+1  A: 

One obvious thing jumps at me: you say your certificate is in DER format, but you are passing format=0 to load_cert() which means PEM. See X509 module variables. Maybe not what is causing your issue, though (I would expect you'd get an exception if you mix the cert type).

Update After some more thought, I think you are trying to do the wrong thing here, which is why it is crashing (although it of course should not crash but raise an exception). You can't sign a message using the public key from a certificate. That would be like doing digital forgery.

Think of it this way. You receive my certificate, which contains my public key. You can use the public key to encrypt a message to me. Only I will be able to decrypt using my private key. You can sign the message using your private key, and I can use your public key to verify your signature.

Heikki Toivonen
Thanks for pointing that out. You are right, that is not the cause of the issue. I forgot to change that piece of code: I was doing a few tests to see if by converting the certificate to PEM format I managed to get around the problem - with no success.
Pablo Santos
Nore sure if you'll receive the edited notice, so just adding a comment here so you'll remember to check my updated comment :)
Heikki Toivonen
Hi there, and thanks for the update.Yes, I think you are right. It was told me that the private key was inside that certificate, but after some verification, we discovered that the private key file was lost and no one has backup of it.That is why it crashes, probably: theres no private key to be used for signing.Thanks for your reply, it helped us to see the real problem =)Pablo
Pablo Santos
No problem. Since this cleared your issue, you should mark my answer accepted. That way people will be more likely to answer your questions in the future (we can see the % of answers accepted, and low % does not encourage answering).
Heikki Toivonen
Ok, your answer is marked. =)
Pablo Santos
A: 

There is no private key file, thats why it crashes and I can not sign it.

Pablo Santos