How use public key with pyOpenSSL for verify a signed message?
I try to use pyOpenSSL for signed a data, I create key pair (private and publique) and certificate. I'm a beginner with this technology, I use OpenSSl, but if you have suggestions for generate a signed message with private and public key in python, I'm take ! I want to use RSA and DSA algorithm for my tests. I find m2Crypto, pyCrypto and other. I do not know what is the best for this. gnupg for python and pyOpenSSl are more recent visibly. I used function for signed a message with my private key, and I verify the data. But when I see the function for verify the signature, in parameters I need : private key, signature, data and digest type. I do not know where I am wrong in this code, I find some examples, but I do not understand how this can work because the first parameters for the verify function is a X509 object "certificate is a X509 instance corresponding to the private key which generated the signature." and the second is the signature generated with the private key.. This code work perfectly with the private key : from OpenSSL import crypto _k = crypto.PKey() _cert = crypto.X509() # Create keys _k.generate_key(crypto.TYPE_RSA, 2048) # Add argument for create certificate _cert.gmtime_adj_notBefore(0) _cert.gmtime_adj_notAfter(0*365*24*60*60) #10 years expiry date _cert.set_pubkey(_k) _cert.sign(_k, 'sha256') # Create key's file with open("public_key.pem",'w') as f: f.write(crypto.dump_publickey(crypto.FILETYPE_PEM, _k)) with open("private_key.pem",'w') as f: f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, _k)) with open("certificate.pem",'w') as f: f.write(crypto.dump_certificate(crypto.FILETYPE_PEM, _cert)) #------------------------------------------------------------------------------- # Open key and load in var with open("private_key.pem",'r') as f: priv_key = crypto.load_privatekey(crypto.FILETYPE_PEM, f.read()) with open("public_key.pem",'r') as f: pub_key = crypto.load_publickey(crypto.FILETYPE_PEM, f.read()) with open("certificate.pem",'r') as f: cert = crypto.load_certificate(crypto.FILETYPE_PEM, f.read()) # sign message 'hello world' with private key and certificate sign = crypto.sign(priv_key, "hello world", 'sha256') print crypto.verify(cert, sign, "hello world", 'sha256') So, my question is, how use the public key for verify the data ? If Bob give a public key to alice, How it checks the message with this public key ? You have a idea ? Thanks a lot, Romain
How do I limit the number of active threads in python?
Calculating the pixel size of a string with Python
Python nested lists and recursion problem
Problems PUTting binary data to Django
How to use long integers in Python to build a range?
Should I use Lex or a home-brewed solution to parse a formula?
Launching default application for given type of file, OS X
Python CGI script IOError Broken Pipe
Django, grouping query items
Regular expression works normally, but fails when placed in an XML schema
too many threads due to synch communication
How can I specify a relative path in a Python logging config file?
Python “draw() must be called with Label instance as first argument (got _WindowMetaclass instance instead)”
Writing to a file in Python inserts null bytes
Disable logging during manage.py test?
turbogears request/user object in templates and request context