Menu
▾
▴
Re: [pyOpenSSL] quick question, converting a small (two lines) of Ruby (OpenSSL) to PyOpenSSL
|
From: aaron s. <bei...@gm...> - 2009-08-27 18:33:10
|
perfect. thanks much.
On Thu, Aug 27, 2009 at 11:30 AM, Rick Dean<ri...@fd...> wrote:
>
> Twinkie is a silly placeholder for the string to be signed.
> In your case twinkie would be product_code + "," + name,
> and needs to be known by the recipient to verify the base32
> string, but is not included therein.
>
> --
> Rick
>
>
> On Thu, Aug 27, 2009 at 11:13:55AM -0700, aaron smith wrote:
>> Hey Dean, thanks for the response. I'll end up using subprocess and
>> openssl. One other question. What is "twinkle?"
>>
>>
>> On Tue, Aug 25, 2009 at 9:26 PM, Rick Dean<ri...@fd...> wrote:
>> >
>> > Strangely, your provided result is an invalid base32 encoding
>> > because it's an illegal length. It's not just missing equal
>> > signs.
>> >
>> > So the openssl commands are...
>> >
>> > $ openssl dsaparam -genkey -out dsa_priv.pem 1024
>> > $ echo twinkie | openssl dgst -dss1 -sign dsa_priv.pem -out foo
>> > $ echo twinkie | openssl dgst -dss1 -prverify dsa_priv.pem -signature foo
>> > Verified OK
>> >
>> > pyOpenSSL doesn't yet provide this functionality. You
>> > can only sign with x509 certificates, not with just a
>> > PKey. Apparently the certificateless signing is provided
>> > by EVP_SignFinal() and EVP_VerifyFinal() as seen in
>> > openssl-0.9.8j/app/dgst.c
>> >
>> > In the meantime, the python module called "subprocess"
>> > may be of some help.
>> >
>> > --
>> > Rick
>> >
>> >
>> > On Tue, Aug 25, 2009 at 12:48:19PM -0700, aaron smith wrote:
>> >> Thanks for the reply. Ultimately what I'm trying to accomplish is
>> >> creating a software license key.
>> >>
>> >> The full ruby example is this:
>> >>
>> >> def make_license(product_code, name, copies)
>> >> sign_dss1 = OpenSSL::Digest::DSS1.new
>> >> priv = OpenSSL::PKey::DSA.new(File.read("lib/dsa_priv.pem"))
>> >> b32 = Base32.encode(priv.sign(sign_dss1,
>> >> make_license_source(product_code, name)))
>> >> # Replace Os with 8s and Is with 9s
>> >> # See http://members.shaw.ca/akochoi-old/blog/2004/11-07/index.html
>> >> b32.gsub!(/O/, '8')
>> >> b32.gsub!(/I/, '9')
>> >> # chop off trailing padding
>> >> b32.delete("=").scan(/.{1,5}/).join("-")
>> >> end
>> >>
>> >> def make_license_source(product_code, name)
>> >> product_code + "," + name
>> >> end
>> >>
>> >> I think what this is doing is creating a new dsa from a private one,
>> >> the file (lib/dsa_priv.pem). It converts it to base 32, and adds in
>> >> some dashes (-). Which ultimately gives me something like:
>> >> "GAWAE-FDWN3-BJHHK-KBGLL-D5SF7-6KHNP-7RWSE-C2FAC-CRR32-QB76K-T3F22-MZFGQ-LV4XA-7X423-6QJY"
>> >>
>> >>
>> >>
>> >>
>> >>
>> >> On Tue, Aug 25, 2009 at 9:13 AM, Rick Dean<ri...@fd...> wrote:
>> >> >
>> >> > The automated test cases are a good place to look for
>> >> > examples. It's a directory named "test" in the pyOpenSSL
>> >> > sources.
>> >> >
>> >> > Some comments about what you are trying to accomplish
>> >> > would be useful. I don't know the Ruby API and you
>> >> > didn't link to it's docs.
>> >> >
>> >> > Are you trying to create a DSA certificate? Is "test" the
>> >> > common name of the subject for the new certificate being
>> >> > created? If so, you need a bunch more stuff than those three
>> >> > lines. I attached an example.
>> >> >
>> >> > --
>> >> > Rick
>> >> >
>> >> >
>> >> > On Mon, Aug 24, 2009 at 10:21:02PM -0700, aaron smith wrote:
>> >> >> I'm trying to convert a small snippet of ruby code that handles some
>> >> >> ssl stuff for me..
>> >> >>
>> >> >> The Ruby code is this:
>> >> >>
>> >> >> sign_dss1 = OpenSSL::Digest::DSS1.new
>> >> >> priv = OpenSSL::PKey::DSA.new(File.read("lib/dsa_priv.pem"))
>> >> >> priv.sign(sign_dss1, "test" )
>> >> >>
>> >> >> This is somewhat contrived, but this all i'm trying to convert. The
>> >> >> docs for pyOpenSSL don't explain that much, so I'm not even sure where
>> >> >> to look.
>> >> >>
>> >> >> Thanks for your help!
>> >> >> -A
>> >> >>
>> >> >> ------------------------------------------------------------------------------
>> >> >> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
>> >> >> trial. Simplify your report design, integration and deployment - and focus on
>> >> >> what you do best, core application coding. Discover what's new with
>> >> >> Crystal Reports now. http://p.sf.net/sfu/bobj-july
>> >> >> _______________________________________________
>> >> >> pyopenssl-list mailing list
>> >> >> pyo...@li...
>> >> >> https://lists.sourceforge.net/lists/listinfo/pyopenssl-list
>> >> >
>> >> >
>> >
>> >
>
> --
> Rick
>
|
