Hi - I am using M2Crypto 0.20.2 and python 2.4.3. I connect to the server with the fully qualified domain name. The common name in the server certificate does not use the FQDN so I get this error: M2Crypto.SSL.Checker.WrongHost: Peer certificate commonName does not match host How do I override the post connection check of the host na...
Hi everyone. I am working on a project to implement digital signatures of outgoing messages and decided to use M2Crypto for that. I have a certificate (in DER format) from which I extract the keys to sign the message. For some reason I keep getting an ugly segmentation fault error when I call the "sign_update" method. Given the previo...
How to set compression method for SSL/TLS connection created with M2Crypto and TwistedProtocolWrapper ...
Hello - I'm making a secure SSL connection to a server using python and M2Crypto. See code below. from M2Crypto import SSL, m2,x509 from M2Crypto.m2xmlrpclib import Server, SSL_Tranport ctx = SSL.Context() m2.ssl_ctx_use_pkey_privkey(ctx.ctx,myKey.pkey) m2.ssl_ctx_use_x509(ctx.ctx,myCert.x509) server = Server(serverUrl, SSL_Transport...
Hello, I'm attempting to write a script to generate SSH Identity key pairs for me. from M2Crypto import RSA key = RSA.gen_key(1024, 65337) key.save_key("/tmp/my.key", cipher=None) The file /tmp/my.key looks great now. By running ssh-keygen -y -f /tmp/my.key > /tmp/my.key.pub I can extract the public key. My question is how can I ext...
Dear list, I would like to send a mail with a s/mime v3 attachment through SMTP. The excellent HOWTO below describes the procedure in detail for s/mime v2. http://sandbox.rulemaker.net/ngps/m2/howto.smime.html I would greatly appreciate any help in doing the same for s/mime v3. Arye. ...
Hello - I am having problems loading Engine PKCS #11 as a dynamic engine using python and M2Crypto. I am trying to access an Aladdin USB eToken. Here are the important steps from my python code: dynamic = Engine.load_dynamic_engine("pkcs11", "/usr/local/ssl/lib/engines/engine_pkcs11.so") pkcs11 = Engine.Engine("pkcs11") pkcs11.ctrl_...
Hi, RSA.gen_key function always asks for password when it's used to generate keys. Is there a way to feed it the password from the python code instead of typing it manually? Thanks, -R ...
I need a Python library that supports PEM files and both RSA signing and DES3 encryption. pycrypto doesn't seem to support PEM, and its mechanism for loading existing keys is undocumented and cryptic. m2crypto doesn't seem to support DES/DES3, oddly. I've been running an openssl subprocess, but I'd rather have something built in and pre...
I'm trying to figure out how to, using m2crypto, validate the chain of trust from a public key version of a X509 certificate back to one of a set of known root CA's when the chain may be arbitrarily long. The SSL.Context module looks promising except that I'm not doing this in the context of a SSL connection and I can't see how the infor...
Hello All - I am using M2Crypto revision 723 from the repository. I am trying to clean up my engine. If I have the pkcs11.finish() line in my script, the script finishes but gets a segmentation fault at the end. Without the finish() line, no segmentation fault occurs. Is there something wrong with the way I'm using finish()? dynam...
I have a CSR file and CA keys Thanks ...
I would expect that if I have a X509 cert as an object in memory, saved it as a pem file, then loaded it back in, I would end up with the same cert I started with. This seems not to be the case however. Let's call the original cert A, and the cert loaded from the pem file B. A.as_text() is identical to B.as_text(), but A.as_pem() differs...
In the PKey class documentation of the M2Crypto python package (an OpenSSL wrapper for Python) it is said that PKey is a reference to a Public key. My opinion is instead that it's a reference to a Private Key because the init method of the PKey class calls the evp_pkey_new openssl function that, from this link: http://linux.die.net/man/...
$ echo 'this is text' > text.1 $ openssl enc -aes-256-cbc -a -k "thisisapassword" -in text.1 -out text.enc $ openssl enc -d -aes-256-cbc -a -k "thisisapassword" -in text.enc -out text.2 $ cat text.2 this is text I can do this with openssl. Now, how do I do the same in m2crypto. Documentation is lacking this. I looked at the snv test...
After some goggling I found some usual answers for this question, like: http://stackoverflow.com/questions/595114/how-to-load-an-rsa-key-from-a-pem-file-and-use-it-in-python-crypto some code: x509 = X509.load_cert_string(certificate) pubkey = x509.get_pubkey() pubkey.reset_context(md=sha1) pubkey.verify_init() pubkey.verify_update(cont...
Hello! I'm trying to implement tsa server on python using twisted. Currently I'm using openssl binary to generate response, but this seems ugly to me, that's why I'm trying to figure out how to make response token with m2crypto. Thanks in advance for help! Maris. EDITED: how to achieve with m2crypto?: openssl ts -reply -section tsa_...
How to implement dtls protocol using twisted with m2crypto (or pyopenssl)? ...
Using M2Crypto I'd like to create a DSA_pub object for verifying a DSA signature. I know q, p, g, and the public key, but the only way I know to instantiate a DSA object is using: dsa = DSA.set_params(q,p,g) dsa.gen_key() How do I assign the known public key? ...
I'm looking to create an application in Django which will allow for each client to point their domain to my server. At this point, I would want their domain to be accessed via https protocol and have a valid SSL connection. With OpenSSL, more specifically M2Crypto, can I do this right out the gate? Or, do I still need to purchase an SSL ...