tags:

views:

241

answers:

2
+1  Q: 

How to digitally sign a message with M2Crypto using the keys within a DER format certificate

Hi everyone.

I am working on a project to implement digital signatures of outgoing messages and decided to use M2Crypto for that.

I have a certificate (in DER format) from which I extract the keys to sign the message. For some reason I keep getting an ugly segmentation fault error when I call the "sign_update" method.

Given the previous examples I have read here, I am clearly missing something.

Here is the example I am working on:

from M2Crypto.X509 import *

cert = load_cert( 'certificate.cer', format=1 )
Pub_key = cert.get_pubkey()
Pub_key.reset_context(md='sha1')
Pub_key.sign_init()
Pub_key.sign_update( "This should be good." )

print Pub_key.sign_final()

Thanks in advance for the help,

Pablo

+1  A: 

One obvious thing jumps at me: you say your certificate is in DER format, but you are passing format=0 to load_cert() which means PEM. See X509 module variables. Maybe not what is causing your issue, though (I would expect you'd get an exception if you mix the cert type).

Update After some more thought, I think you are trying to do the wrong thing here, which is why it is crashing (although it of course should not crash but raise an exception). You can't sign a message using the public key from a certificate. That would be like doing digital forgery.

Think of it this way. You receive my certificate, which contains my public key. You can use the public key to encrypt a message to me. Only I will be able to decrypt using my private key. You can sign the message using your private key, and I can use your public key to verify your signature.

Heikki Toivonen  2010-03-08 23:48:39
Thanks for pointing that out. You are right, that is not the cause of the issue. I forgot to change that piece of code: I was doing a few tests to see if by converting the certificate to PEM format I managed to get around the problem - with no success.
Pablo Santos  2010-03-09 00:54:31
Nore sure if you'll receive the edited notice, so just adding a comment here so you'll remember to check my updated comment :)
Heikki Toivonen  2010-03-09 08:06:19
Hi there, and thanks for the update.Yes, I think you are right. It was told me that the private key was inside that certificate, but after some verification, we discovered that the private key file was lost and no one has backup of it.That is why it crashes, probably: theres no private key to be used for signing.Thanks for your reply, it helped us to see the real problem =)Pablo
Pablo Santos  2010-03-10 16:21:19
No problem. Since this cleared your issue, you should mark my answer accepted. That way people will be more likely to answer your questions in the future (we can see the % of answers accepted, and low % does not encourage answering).
Heikki Toivonen  2010-03-10 17:48:09
Ok, your answer is marked. =)
Pablo Santos  2010-03-15 13:26:44
A: 

There is no private key file, thats why it crashes and I can not sign it.

Pablo Santos  2010-03-10 16:23:07

related questions

Programmatically talking to a Serial Port in OS X or Linux
Best ways to teach a beginner to program?
Calling a Function From a String With the Function's Name in Python
An executable Python app
Text Editor For Linux (Besides Vi)?
What Hosting Service is best for Django applications?
File size differences after copying a file to a server vía FTP
Python: what is the difference between (1,2,3) and [1,2,3], and when should I use each?
Python: What OS am I running on?
How do I make a menu in python that does not require the user to press (enter) to make a selection?
How do you express binary literals in Python?
What is the most efficient graph data structure in Python?
Adding a Method to an Existing Object
How to learn Python: Good Example Code?
How do I use Python's itertools.groupby()?
Python and MySQL
Class views in Django
Is there an IDE that provides code completion for Python
Using 'in' to match an attribute of Python objects in an array
cx_Oracle - what is the best way to iterate over a result set?
cx_Oracle - How do I access Oracle from Python?
Continuous Integration System for a Python Codebase
Get a preview jpeg of a pdf on windows?
How can I find the full path to a font from its display name on a Mac?
XML Processing in Python