Menu
▾
▴
Re: [pyOpenSSL] quick question, converting a small (two lines) of Ruby (OpenSSL) to PyOpenSSL
|
From: aaron s. <bei...@gm...> - 2009-08-27 18:14:25
|
Whoops, meant to say hey "Rick". Sorry.
On Thu, Aug 27, 2009 at 11:13 AM, aaron
smith<bei...@gm...> wrote:
> Hey Dean, thanks for the response. I'll end up using subprocess and
> openssl. One other question. What is "twinkle?"
>
>
> On Tue, Aug 25, 2009 at 9:26 PM, Rick Dean<ri...@fd...> wrote:
>>
>> Strangely, your provided result is an invalid base32 encoding
>> because it's an illegal length. It's not just missing equal
>> signs.
>>
>> So the openssl commands are...
>>
>> $ openssl dsaparam -genkey -out dsa_priv.pem 1024
>> $ echo twinkie | openssl dgst -dss1 -sign dsa_priv.pem -out foo
>> $ echo twinkie | openssl dgst -dss1 -prverify dsa_priv.pem -signature foo
>> Verified OK
>>
>> pyOpenSSL doesn't yet provide this functionality. You
>> can only sign with x509 certificates, not with just a
>> PKey. Apparently the certificateless signing is provided
>> by EVP_SignFinal() and EVP_VerifyFinal() as seen in
>> openssl-0.9.8j/app/dgst.c
>>
>> In the meantime, the python module called "subprocess"
>> may be of some help.
>>
>> --
>> Rick
>>
>>
>> On Tue, Aug 25, 2009 at 12:48:19PM -0700, aaron smith wrote:
>>> Thanks for the reply. Ultimately what I'm trying to accomplish is
>>> creating a software license key.
>>>
>>> The full ruby example is this:
>>>
>>> def make_license(product_code, name, copies)
>>> sign_dss1 = OpenSSL::Digest::DSS1.new
>>> priv = OpenSSL::PKey::DSA.new(File.read("lib/dsa_priv.pem"))
>>> b32 = Base32.encode(priv.sign(sign_dss1,
>>> make_license_source(product_code, name)))
>>> # Replace Os with 8s and Is with 9s
>>> # See http://members.shaw.ca/akochoi-old/blog/2004/11-07/index.html
>>> b32.gsub!(/O/, '8')
>>> b32.gsub!(/I/, '9')
>>> # chop off trailing padding
>>> b32.delete("=").scan(/.{1,5}/).join("-")
>>> end
>>>
>>> def make_license_source(product_code, name)
>>> product_code + "," + name
>>> end
>>>
>>> I think what this is doing is creating a new dsa from a private one,
>>> the file (lib/dsa_priv.pem). It converts it to base 32, and adds in
>>> some dashes (-). Which ultimately gives me something like:
>>> "GAWAE-FDWN3-BJHHK-KBGLL-D5SF7-6KHNP-7RWSE-C2FAC-CRR32-QB76K-T3F22-MZFGQ-LV4XA-7X423-6QJY"
>>>
>>>
>>>
>>>
>>>
>>> On Tue, Aug 25, 2009 at 9:13 AM, Rick Dean<ri...@fd...> wrote:
>>> >
>>> > The automated test cases are a good place to look for
>>> > examples. It's a directory named "test" in the pyOpenSSL
>>> > sources.
>>> >
>>> > Some comments about what you are trying to accomplish
>>> > would be useful. I don't know the Ruby API and you
>>> > didn't link to it's docs.
>>> >
>>> > Are you trying to create a DSA certificate? Is "test" the
>>> > common name of the subject for the new certificate being
>>> > created? If so, you need a bunch more stuff than those three
>>> > lines. I attached an example.
>>> >
>>> > --
>>> > Rick
>>> >
>>> >
>>> > On Mon, Aug 24, 2009 at 10:21:02PM -0700, aaron smith wrote:
>>> >> I'm trying to convert a small snippet of ruby code that handles some
>>> >> ssl stuff for me..
>>> >>
>>> >> The Ruby code is this:
>>> >>
>>> >> sign_dss1 = OpenSSL::Digest::DSS1.new
>>> >> priv = OpenSSL::PKey::DSA.new(File.read("lib/dsa_priv.pem"))
>>> >> priv.sign(sign_dss1, "test" )
>>> >>
>>> >> This is somewhat contrived, but this all i'm trying to convert. The
>>> >> docs for pyOpenSSL don't explain that much, so I'm not even sure where
>>> >> to look.
>>> >>
>>> >> Thanks for your help!
>>> >> -A
>>> >>
>>> >> ------------------------------------------------------------------------------
>>> >> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
>>> >> trial. Simplify your report design, integration and deployment - and focus on
>>> >> what you do best, core application coding. Discover what's new with
>>> >> Crystal Reports now. http://p.sf.net/sfu/bobj-july
>>> >> _______________________________________________
>>> >> pyopenssl-list mailing list
>>> >> pyo...@li...
>>> >> https://lists.sourceforge.net/lists/listinfo/pyopenssl-list
>>> >
>>> >
>>
>>
>
|
