m2crypto

问题 To generate an RSA key pair I used openssl: openssl genrsa -out my_key.private.pem 1024 openssl rsa -in my_key.private.pem -pubout -out my_key.public.pem Now I want to use this my_key.public.pem file in a function of another .py file: import M2Crypto from M2Crypto import RSA,SSL def encrypt(): pk = open( 'my_key.public.pem', 'rb' ).read() rsa = M2Crypto.RSA.load_pub_key(pk) print rsa; Am I doing it right? Both files are in same directory, but this function is not giving any output. 回答1:

问题 Is there a port underway of m2crypto to Python3? I'm going to be starting a new toy project that needs cross-platform/cross-language crypto, and m2crypto looks like the way to go, but I'd rather work with Py3, to avoid having to explicitly convert to UTF8 everywhere. Is there any chance that a port of this library is underway? 回答1: A person started working on this and produced a partial patch which is available in https://bugzilla.osafoundation.org/show_bug.cgi?id=12853. It would need someone

问题 I have a CSR file and CA keys Thanks 回答1: See the x509 unit tests and the PKI demo in contribs. The latter might need tweaks since it has not been maintained. 来源： https://stackoverflow.com/questions/2643903/how-to-generate-ca-signed-x509-certificate-by-m2crypto

问题 I am using M2Crypto-0.20.2. I want to use engine_pkcs11 from the OpenSC project and the Aladdin PKI client for token based authentication making xmlrpc calls over ssl. from M2Crypto import Engine Engine.load_dynamic() dynamic = Engine.Engine('dynamic') # Load the engine_pkcs from the OpenSC project dynamic.ctrl_cmd_string("SO_PATH", "/usr/local/ssl/lib/engines/engine_pkcs11.so") Engine.cleanup() Engine.load_dynamic() # Load the Aladdin PKI Client aladdin = Engine.Engine('dynamic') aladdin

问题 I'm attempting to use M2Crypto to verify a signature contained in an XML response returned from my SSO/SAML provider in my django/python app, but I can't seem to get it to work. My XML response looks sort of like the second example here. ETA: And here's a pastebin of my actual XML. I'm using some code like this to attempt the verification: def verify_signature(signed_info, cert, signature): from M2Crypto import EVP, RSA, X509 x509 = X509.load_cert_string(base64.decodestring(cert), X509.FORMAT

问题 I'm trying to implement the following in Python: openssl enc -e -aes-256-cbc -base64 -k "Secret Passphrase" -in plaintext.txt -out ciphertext.txt openssl enc -d -aes-256-cbc -base64 -k "Secret Passphrase" -in ciphertext.txt -out verification.txt I've tried several different modules, PyCrypto, M2Crypto, etc but can't seem to get the correct combination of changing the password to the right size key and encoding everything correctly. I've found https://github.com/nvie/SimpleAES but that

问题 I need to verify that a certificate was signed by my custom CA. Using OpenSSL command-line utilities this is easy to do: # Custom CA file: ca-cert.pem # Cert signed by above CA: bob.cert $ openssl verify -CAfile test-ca-cert.pem bob.cert bob.cert: OK But I need to do the same thing in Python, and I really don't want to call out to command-line utilities. As far as I'm aware, M2Crypto is the "most complete" python wrapper for OpenSSL, but I can't figure out how to accomplish what the command

问题 I need to verify that a certificate was signed by my custom CA. Using OpenSSL command-line utilities this is easy to do: # Custom CA file: ca-cert.pem # Cert signed by above CA: bob.cert $ openssl verify -CAfile test-ca-cert.pem bob.cert bob.cert: OK But I need to do the same thing in Python, and I really don't want to call out to command-line utilities. As far as I'm aware, M2Crypto is the "most complete" python wrapper for OpenSSL, but I can't figure out how to accomplish what the command

问题 I need to scan through a list of IPs and retrieve the common name from the certificate on that IP (for every IP that allows port 443 connections). I have been able to successfully do this using the sockets and ssl modules. It works for all IPs with valid, signed certificates but it isn't working for self-signed certificates. If I use this method, it requires a valid cert that is verified by my CA-bundle: from socket import socket import ssl s = socket() c = ssl.wrap_socket(s,cert_reqs=ssl

问题 I need to scan through a list of IPs and retrieve the common name from the certificate on that IP (for every IP that allows port 443 connections). I have been able to successfully do this using the sockets and ssl modules. It works for all IPs with valid, signed certificates but it isn't working for self-signed certificates. If I use this method, it requires a valid cert that is verified by my CA-bundle: from socket import socket import ssl s = socket() c = ssl.wrap_socket(s,cert_reqs=ssl