From: James C. <jam...@jv...> - 2012-08-30 17:13:20
|
Hi, I believe that as of 0.11, pyOpenSSL has started supporting the verification of signatures. I am working on a project which was started by someone else using M2Crypto. M2Crypto is really painful to include on platforms such as Heroku as it requires the use of SWIG. Consequently I am trying to remove the dependency on M2Crypto and replace with pyOpenSSL which is easy to install via Pip, and doesn't require custom buildpacks and more which SWIG-related things do. The link to the original code is [here](https://github.com/pyroven/django-pyroven) and requires a reasonably significant refactoring, as it falls a long way from 12 Factor App ideals. However, I wanted to know whether I was on the right track for replacing the M2Crypto functions, which at present consist: key = cert.get_pubkey() # Cert is an M2Crypto X509 object key = key.get_rsa() ret = key.verify(hashed, self.sig) if ret != 1: # Cert invalid ... etc. I tried to replace this with: crypto.verify(cert, self.sig, hashed, 'sha1') # cert X509 object from crypto.load_certificate() Which I had assumed was roughly equivalent to the above, but I wonder whether I got the wrong end of the stick having read through the source as to what crypto.verify was actually doing. At the present time I end up with the Exception: [('rsa routines', 'RSA_verify', 'bad signature')] Which is difficult to tell whether the code is right and the hash/verification is correctly failing, or whether I'm actually doing something which is fundamentally incorrect. Thanks for your help! J |