[pycrypto] Verifying Signatures on Data and Certifictes
helderijs at gmail.com
Tue Oct 1 04:09:26 PDT 2013
The code you provide the link for also uses PyOpenSSL; I believe the
error you are getting originates from that library, not from PyCrypto.
2013/9/27 Kyle Cummings <kyle.cummings at forge-corp.com>:
> I apologize before hand for the long e-mail, but I just wanted to be
> thorough in what I was doing.
> I am trying to use the PyCrypto library to achieve two similar things. The
> first use is to verify that a piece of data has been signed by the private
> key of a certain certificate. The other use is to verify a certificate chain
> (verify that certificate A has signed B, and then that B has signed C).
> The process is as follows:
> Client generates certificate / key-pairs A, B, C and D. A signs B, and B
> signs C and D. Then the certificates for A, signed B, signed C and signed D
> are pushed to a server. The server responds with a randomly generated bit of
> binary data for each certificate. The client uses each certificate /
> key-pair to sign the respective binary data, and then pushes the (base64
> encoded) signed responses back to the server. The server then takes the
> responses, decodes them and tries to verify the signatures on the
> Code / Attempts:
> My first attempt -
> #Function - verifying the signed challenges
> Astr = storedcertificates["acert"]
> Achallenge = storedchallenges["achallenge"]
> Signedchallenge = (read in from http post request)
> Acert = load_certificate(FILETYPE_PEM, Astr)
> verify (Acert, Signedchallenge, Achallenge, "sha256")
> except Exception e:
> print "failed to verify for reason:"
> print e
> #Repeat above for B, C and D
> With this code I got the following error response from the verify function:
> "must be string without null bytes, not str".
> My second attempt -
> Having the above code fail, I then found and tried adapting the code here,
> but I first received that the function "get_signature_algorithm()" does not
> exists for X509 certificates, and then received the same error response back
> for the verify function if I commented out the signature algorithm and just
> manually provided the digest.
> #Function - verify the signed challenges modified example
> Acert = load_certificate(FILETYPE_PEM, storedcerts["root"])
> challenge = (original binary challenge sent to client)
> algorithm = Acert.get_signature_algorithm()
> dersigin = asn1.DerObject()
> sig0 = dersigin.payload
> if sig0 != '\x00':
> print "sig0 error"
> print sig0
> return False
> signature = sig0[1:]
> verify(Acert, signature, challenge, algorithm)
> #verify(Acert, signature, challenge, "sha256") #Alternate without the
> print "verifcation failed"
> return False
> print "THE VERIFICATION WORKED?!?!?!?!?!?!??!"
> return True
> For the chain verification stuff, I followed the example code from the above
> link exactly, but received the same errors as the second example code
> (algorithm and string / str).
> What am I doing wrong / How am I using the library incorrectly?
> Kyle Cummings
> pycrypto mailing list
> pycrypto at lists.dlitz.net
More information about the pycrypto