How to digitally sign a message with M2Crypto using the keys within a DER format certificate
I am working on a project to implement digital signatures of outgoing messages and decided to use M2Crypto for that.
I have a certificate (in DER format) from which I extract the keys to sign the message. For some reason I keep getting an ugly segmentation fault error when I call the "sign_update" method.
Given the previous examples I have read here, I am clearly missing something.
Here is the example I am working on:
from M2Crypto.X509 import *
cert = load_cert( 'certificate.cer', format=1 )
Pub_key = cert.get_pubkey()
Pub_key.reset_context(md='sha1')
Pub_key.sign_init()
Pub_key.sign_update( "This shoul开发者_开发技巧d be good." )
print Pub_key.sign_final()
Thanks in advance for the help,
Pablo
One obvious thing jumps at me: you say your certificate is in DER format, but you are passing format=0
to load_cert()
which means PEM. See X509 module variables. Maybe not what is causing your issue, though (I would expect you'd get an exception if you mix the cert type).
Update After some more thought, I think you are trying to do the wrong thing here, which is why it is crashing (although it of course should not crash but raise an exception). You can't sign a message using the public key from a certificate. That would be like doing digital forgery.
Think of it this way. You receive my certificate, which contains my public key. You can use the public key to encrypt a message to me. Only I will be able to decrypt using my private key. You can sign the message using your private key, and I can use your public key to verify your signature.
There is no private key file, thats why it crashes and I can not sign it.
精彩评论