如何使用 DER 格式证书中的密钥通过 M2Crypto 对消息进行数字签名
我正在开发一个项目来实现传出消息的数字签名,并决定为此使用 M2Crypto。
我有一个证书(DER 格式),我可以从中提取密钥来签署消息。由于某种原因,当我调用“sign_update”方法时,我不断收到丑陋的分段错误错误。
鉴于我之前在这里阅读过的示例,我显然遗漏了一些东西。
这是我正在研究的示例:
from M2Crypto.X509 import *
cert = load_cert( 'certificate.cer', format=1 )
Pub_key = cert.get_pubkey()
Pub_key.reset_context(md='sha1')
Pub_key.sign_init()
Pub_key.sign_update( "This should be good." )
print Pub_key.sign_final()
提前感谢您的帮助,
Pablo
I am working on a project to implement digital signatures of outgoing messages and decided to use M2Crypto for that.
I have a certificate (in DER format) from which I extract the keys to sign the message. For some reason I keep getting an ugly segmentation fault error when I call the "sign_update" method.
Given the previous examples I have read here, I am clearly missing something.
Here is the example I am working on:
from M2Crypto.X509 import *
cert = load_cert( 'certificate.cer', format=1 )
Pub_key = cert.get_pubkey()
Pub_key.reset_context(md='sha1')
Pub_key.sign_init()
Pub_key.sign_update( "This should be good." )
print Pub_key.sign_final()
Thanks in advance for the help,
Pablo
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
一件明显的事情引起了我的注意:你说你的证书是 DER 格式,但你将
format=0传递给load_cert()这意味着 PEM。请参阅 X509 模块变量。不过,也许不是导致您问题的原因(我希望如果您混合证书类型,您会得到一个例外)。更新 经过更多的思考,我认为你试图在这里做错误的事情,这就是它崩溃的原因(尽管它当然不应该崩溃而是引发异常)。您无法使用证书中的公钥对消息进行签名。这就像进行数字伪造一样。
这样想吧。您会收到我的证书,其中包含我的公钥。您可以使用公钥来加密发给我的消息。只有我才能使用我的私钥解密。您可以使用您的私钥对消息进行签名,我可以使用您的公钥来验证您的签名。
One obvious thing jumps at me: you say your certificate is in DER format, but you are passing
format=0toload_cert()which means PEM. See X509 module variables. Maybe not what is causing your issue, though (I would expect you'd get an exception if you mix the cert type).Update After some more thought, I think you are trying to do the wrong thing here, which is why it is crashing (although it of course should not crash but raise an exception). You can't sign a message using the public key from a certificate. That would be like doing digital forgery.
Think of it this way. You receive my certificate, which contains my public key. You can use the public key to encrypt a message to me. Only I will be able to decrypt using my private key. You can sign the message using your private key, and I can use your public key to verify your signature.
没有私钥文件,这就是它崩溃的原因,我无法对其进行签名。
There is no private key file, thats why it crashes and I can not sign it.