需要使用 M2Crypto.Engine 访问 USB 令牌的帮助
我正在使用 M2Crypto-0.20.2。我想使用 OpenSC 项目中的 engine_pkcs11 和 Aladdin PKI 客户端进行基于令牌的身份验证,通过 ssl 进行 xmlrpc 调用。
from M2Crypto import Engine
Engine.load_dynamic()
dynamic = Engine.Engine('dynamic')
# Load the engine_pkcs from the OpenSC project
dynamic.ctrl_cmd_string("SO_PATH", "/usr/local/ssl/lib/engines/engine_pkcs11.so")
Engine.cleanup()
Engine.load_dynamic()
# Load the Aladdin PKI Client
aladdin = Engine.Engine('dynamic')
aladdin.ctrl_cmd_string("SO_PATH", "/usr/lib/libeTPkcs11.so")
key = aladdin.load_private_key("PIN","password")
这是我收到的错误:
key = pkcs.load_private_key("PIN","eT0ken")
File "/usr/local/lib/python2.4/site-packages/M2Crypto/Engine.py", line 70, in load_private_key
return self._engine_load_key(m2.engine_load_private_key, name, pin)
File "/usr/local/lib/python2.4/site-packages/M2Crypto/Engine.py", line 60, in _engine_load_key
raise EngineError(Err.get_error())
M2Crypto.Engine.EngineError: 23730:error:26096075:engine routines:ENGINE_load_private_key:not initialised:eng_pkey.c:112:
对于 load_private_key(),应该将什么作为第一个参数传递? M2Crypto 文档没有对此进行解释。
我在加载引擎时没有遇到任何错误,但我不确定是否正确加载了它们。看起来引擎 ID 必须是一个特定的名称,但我在任何地方都找不到该列表。 'dynamic' 对我有用。
任何帮助将不胜感激!
I am using M2Crypto-0.20.2. I want to use engine_pkcs11 from the OpenSC project and the Aladdin PKI client for token based authentication making xmlrpc calls over ssl.
from M2Crypto import Engine
Engine.load_dynamic()
dynamic = Engine.Engine('dynamic')
# Load the engine_pkcs from the OpenSC project
dynamic.ctrl_cmd_string("SO_PATH", "/usr/local/ssl/lib/engines/engine_pkcs11.so")
Engine.cleanup()
Engine.load_dynamic()
# Load the Aladdin PKI Client
aladdin = Engine.Engine('dynamic')
aladdin.ctrl_cmd_string("SO_PATH", "/usr/lib/libeTPkcs11.so")
key = aladdin.load_private_key("PIN","password")
This is the error I receive:
key = pkcs.load_private_key("PIN","eT0ken")
File "/usr/local/lib/python2.4/site-packages/M2Crypto/Engine.py", line 70, in load_private_key
return self._engine_load_key(m2.engine_load_private_key, name, pin)
File "/usr/local/lib/python2.4/site-packages/M2Crypto/Engine.py", line 60, in _engine_load_key
raise EngineError(Err.get_error())
M2Crypto.Engine.EngineError: 23730:error:26096075:engine routines:ENGINE_load_private_key:not initialised:eng_pkey.c:112:
For load_private_key(), what should be passed as the first argument? The M2Crypto documentation does not explain it.
I don't get any errors loading the engines, but I'm not sure if I'm loading them correctly. It seems like the engine ID has to be a specific name but I don't find that list anywhere. 'dynamic' is working for me.
Any help would be appreciated!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(6)
成立 !!!!
是的,正是我来时的方式。
因此,实际上 ENGINE_init() 并未在 M2Crypto.Engine 中实现。所以,只有一个解决办法:打补丁!!! (非常小...)所以我创建了一个新的 Engine 方法(在 Engine.py 中)
为什么是 engine_initz ?因为engine_init已经在SWIG/_engine.i中定义了,:
我真的不知道做了什么,所以我更喜欢创建一个新的......所以我刚刚将以下内容添加到SWIG/_engine.i:
并重新编译 __m2crypto.so,现在只需在启动私钥之前添加“pkcs11.engine_initz()”,即可运行......
Found !!!!
Yes, exactly the way where I came from.
So, actually the ENGINE_init() is not implemented in M2Crypto.Engine. So, only one solution: patching!!! (very small...) so I've created a new Engine method (in Engine.py)
Why engine_initz ? because engine_init is already define in SWIG/_engine.i,:
I don't really know what is done, so I've prefered creating a new one... So I've just added the following to SWIG/_engine.i:
And recompile the __m2crypto.so, now just add a "pkcs11.engine_initz()" before launching the private key, and it works.....
我不知道当前 M2Crypto 中存在的 engine_init 代码应该做什么以及为什么。使用以下 M2Crypto 补丁将 ENGINE_init() 公开为 engine_init2 会有所帮助:
在此之后,以下代码将帮助我进一步(但 urllib 目前不能完全为我工作):
I don't know what and why the engine_init code present in current M2Crypto is supposed to do. Exposing ENGINE_init() as engine_init2 with the following patch to M2Crypto helps:
After this, the following code takes me further (but urllib does not fully work for me currently):
看看 Becky 提供的 pastebin 链接,我相信它在新的 API 中会翻译成这样
:我打赌,如果你用“/usr/local/ssl/lib/engines/engine_pkcs11.so”和“/Library/OpenSC/lib/opensc”替换“/Users/martin/prefix/lib/engines/engine_pkcs11.so” -pkcs11.so”和“/usr/lib/libeTPkcs11.so”,你可能会让它与阿拉丁一起工作。
Looking at the pastebin link Becky provided, I believe it translates to something like this in the new API:
So I am betting that if you substitute "/Users/martin/prefix/lib/engines/engine_pkcs11.so" with "/usr/local/ssl/lib/engines/engine_pkcs11.so" and "/Library/OpenSC/lib/opensc-pkcs11.so" with "/usr/lib/libeTPkcs11.so" you might get it to work with Aladdin.
这正是我尝试过的代码。但它以以下错误结束:
我使用的是 OpenSC PKCS11 lib,而不是 aladdin lib。但我认为问题还没有结束。
That is exactly the code I've tried. But It ended with the following error:
I'm using OpenSC PKCS11 lib, not aladdin lib. But I don't think the problem is closed.
我尝试了 Heikki 建议的代码(减去一行)并得到了与 Erlo 相同的错误。对于 load_private_key(),我如何知道在参数中输入什么?
I tried the code that Heikki suggested (minus one line) and got the same error as Erlo. For load_private_key(), how do I know what to put in for the argument?
我认为问题并不是真正的“load_private_key()”。就像“MODULE_PATH”定义和 load_private_key() 调用之间缺少一些东西。如果你用错误的路径替换“/usr/lib/libeTPkcs11.so”会发生什么?就我而言,我没有与此相关的错误。
我已经在前台以高调试级别运行了“pcscd”,在 python 执行期间没有调用智能卡...所以肯定,我不明白出了什么问题...
“openssl”中的等效项是使用“-前”命令。 “-pre”(与“-post”相反)是在加载之前发送到引擎的命令。也许我们需要调用一个方法,在所有“ctrl_cmd_string”调用之后“加载”引擎? ...
丢失的 :-/
I think the problem is not really the "load_private_key()". It's like something is missing between "MODULE_PATH" definition and the load_private_key() call. What happen if you remplace "/usr/lib/libeTPkcs11.so" by a wrong path ? In my case I have no error related to this.
I've run "pcscd" in foreground with high debug level, there is no call to smartcard during the python execution... So definitly, I don't understand what's wrong...
The equivalent in "openssl" is using "-pre" command. The "-pre" (by opposite to the "-post") are command sent to the engine before loading. Perhaps we need to call a methode which "load" the engine after all "ctrl_cmd_string" calls ?? ...
Lost :-/