f



PHP's openssl_sign() using M2Crypto?

I'm trying to convert some PHP code using OpenSSL to Python and I'm stuck 
on openssl_sign() which uses an RSA private key to compute a signature.

Example PHP code:
  $privkeyid = openssl_get_privatekey($priv_key, $key_pass);
  openssl_sign($data, $signature, $privkeyid);
  openssl_free_key($privkeyid);

I've tried several permutations of the stuff in M2Crypto.EVP but I can't get
it to work...

The openssl module in PHP basicly does this (C code): 
  EVP_SignInit(&md_ctx, EVP_sha1());
  EVP_SignUpdate(&md_ctx, data, data_len);
  EVP_SignFinal(&md_ctx, sigbuf, &siglen, pkey);

Looks like some magic is used to get pkey, I think that's what I'm missing.
See php_openssl_evp_from_zval() in PHP's ext/openssl/openssl.c.

I've tried the following:
  key = M2Crypto.EVP.load_key(keyfile, lambda x: passphr)
  hmac = M2Crypto.EVP.HMAC(key, 'sha1')
  hmac.update(message)
  hmac.final()

But this results in:
    File "/usr/lib/python2.4/site-packages/M2Crypto/EVP.py", line 39, in __init__
      m2.hmac_init(self.ctx, key, self.md)
  TypeError: expected a readable buffer object
  Segmentation fault

Unfortunately M2Crypto documentation is practically nonexistent..

Best regards,
-- 
Konrad
0
5/20/2006 10:28:05 PM
comp.lang.python 77058 articles. 6 followers. Post Follow

5 Replies
591 Views

Similar Articles

[PageSpeed] 19

On 2006-05-20, KW wrote:
> I'm trying to convert some PHP code using OpenSSL to Python and I'm stuck 
> on openssl_sign() which uses an RSA private key to compute a signature.

I think basicly my question is: how do I extract the key from a private
key in M2Crypto?

Best regards,
-- 
Konrad
0
5/21/2006 10:38:35 AM
KW wrote:
> The openssl module in PHP basicly does this (C code):
>   EVP_SignInit(&md_ctx, EVP_sha1());
>   EVP_SignUpdate(&md_ctx, data, data_len);
>   EVP_SignFinal(&md_ctx, sigbuf, &siglen, pkey);
>
> Looks like some magic is used to get pkey, I think that's what I'm missing.
> See php_openssl_evp_from_zval() in PHP's ext/openssl/openssl.c.
>
> I've tried the following:
>   key = M2Crypto.EVP.load_key(keyfile, lambda x: passphr)
>   hmac = M2Crypto.EVP.HMAC(key, 'sha1')
>   hmac.update(message)
>   hmac.final()

Does this work?:

key = M2Crypto.EVP.load_key(keyfile, lambda x: passphr)
key.sign_init()
key.sign_update(message)
signature = key.final()

> Unfortunately M2Crypto documentation is practically nonexistent..

A lot of the OpenSSL documentation works fine, the names are usually
straight mapping.

0
heikki7794 (65)
5/22/2006 5:30:25 PM
On 2006-05-22, heikki@osafoundation.org wrote:
> Does this work?:
>
> key = M2Crypto.EVP.load_key(keyfile, lambda x: passphr)
> key.sign_init()
> key.sign_update(message)
> signature = key.final()

No, I get this:
AttributeError: PKey instance has no attribute 'sign_init'

Best regards,
-- 
Konrad
0
5/22/2006 9:24:56 PM
That is really strange, because PKey has had sign_init method since
2004. That code works for me (just tested). What version of M2Crypto
are you using? I'd advice you upgrade to 0.15 if possible. See

http://wiki.osafoundation.org/bin/view/Projects/MeTooCrypto

-- 
  Heikki Toivonen

0
heikki7794 (65)
5/23/2006 6:02:14 PM
On 2006-05-23, heikki@osafoundation.org wrote:
> That is really strange, because PKey has had sign_init method since
> 2004. That code works for me (just tested). What version of M2Crypto
> are you using? I'd advice you upgrade to 0.15 if possible. See
>
> http://wiki.osafoundation.org/bin/view/Projects/MeTooCrypto

Great! I was using 0.13.1 from both Debian en Ubuntu and I thought no
further development was done on it..

It would be nice to get this version into Debian.

Best regards,
-- 
Konrad
0
5/24/2006 11:33:02 AM
Reply: