Re: [pyOpenSSL] quick question, converting a small (two lines) of Ruby (OpenSSL) to PyOpenSSL

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Strangely, your provided result is an invalid base32 encoding
because it's an illegal length.  It's not just missing equal
signs.

So the openssl commands are...

$ openssl dsaparam -genkey -out dsa_priv.pem 1024
$ echo twinkie | openssl dgst -dss1 -sign dsa_priv.pem -out foo
$ echo twinkie | openssl dgst -dss1 -prverify dsa_priv.pem -signature foo
Verified OK

pyOpenSSL doesn't yet provide this functionality.  You
can only sign with x509 certificates, not with just a 
PKey.  Apparently the certificateless signing is provided 
by EVP_SignFinal() and EVP_VerifyFinal() as seen in 
openssl-0.9.8j/app/dgst.c

In the meantime, the python module called "subprocess"
may be of some help.

--
Rick

On Tue, Aug 25, 2009 at 12:48:19PM -0700, aaron smith wrote:
> Thanks for the reply. Ultimately what I'm trying to accomplish is
> creating a software license key.
> 
> The full ruby example is this:
> 
> def make_license(product_code, name, copies)
>   sign_dss1 = OpenSSL::Digest::DSS1.new
>   priv = OpenSSL::PKey::DSA.new(File.read("lib/dsa_priv.pem"))
>   b32 = Base32.encode(priv.sign(sign_dss1,
> make_license_source(product_code, name)))
>   # Replace Os with 8s and Is with 9s
>   # See http://members.shaw.ca/akochoi-old/blog/2004/11-07/index.html
>   b32.gsub!(/O/, '8')
>   b32.gsub!(/I/, '9')
>   # chop off trailing padding
>   b32.delete("=").scan(/.{1,5}/).join("-")
> end
> 
> def make_license_source(product_code, name)
>   product_code + "," + name
> end
> 
> I think what this is doing is creating a new dsa from a private one,
> the file (lib/dsa_priv.pem). It converts it to base 32, and adds in
> some dashes (-). Which ultimately gives me something like:
> "GAWAE-FDWN3-BJHHK-KBGLL-D5SF7-6KHNP-7RWSE-C2FAC-CRR32-QB76K-T3F22-MZFGQ-LV4XA-7X423-6QJY"
> 
> 
> 
> 
> 
> On Tue, Aug 25, 2009 at 9:13 AM, Rick Dean<ri...@fd...> wrote:
> >
> > The automated test cases are a good place to look for
> > examples.  It's a directory named "test" in the pyOpenSSL
> > sources.
> >
> > Some comments about what you are trying to accomplish
> > would be useful.  I don't know the Ruby API and you
> > didn't link to it's docs.
> >
> > Are you trying to create a DSA certificate?  Is "test" the
> > common name of the subject for the new certificate being
> > created?  If so, you need a bunch more stuff than those three
> > lines.  I attached an example.
> >
> > --
> > Rick
> >
> >
> > On Mon, Aug 24, 2009 at 10:21:02PM -0700, aaron smith wrote:
> >> I'm trying to convert a small snippet of ruby code that handles some
> >> ssl stuff for me..
> >>
> >> The Ruby code is this:
> >>
> >> sign_dss1 = OpenSSL::Digest::DSS1.new
> >> priv = OpenSSL::PKey::DSA.new(File.read("lib/dsa_priv.pem"))
> >> priv.sign(sign_dss1, "test" )
> >>
> >> This is somewhat contrived, but this all i'm trying to convert. The
> >> docs for pyOpenSSL don't explain that much, so I'm not even sure where
> >> to look.
> >>
> >> Thanks for your help!
> >> -A
> >>
> >> ------------------------------------------------------------------------------
> >> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
> >> trial. Simplify your report design, integration and deployment - and focus on
> >> what you do best, core application coding. Discover what's new with
> >> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
> >> _______________________________________________
> >> pyopenssl-list mailing list
> >> pyo...@li...
> >> https://lists.sourceforge.net/lists/listinfo/pyopenssl-list
> >
> >