On Tue, May 09, 2000 at 04:25:02PM +0200, Hellan,Kim KHE wrote:
> I have a private key (PEM), certificate/root certificate (DER) and a small
> text: "This is a test".
> Using PKCS#7, I would like to make a small test program, where I sign the
> text with the private key, write this PKCS#7 object to a file, read the file
> again and then verify the signature.
Here's a bit of Python using M2Crypto, my Python wrapper for OpenSSL:
ptxt = 'This is a test'
def makebuf():
buf = BIO.MemoryBuffer(ptxt)
return buf
def sv():
print 'test sign/verify...',
buf = makebuf()
s = SMIME.SMIME()
# Load a private key.
s.load_key('client.pem')
# Sign.
p7 = s.sign(buf)
# Output the stuff.
bio = BIO.MemoryBuffer()
s.write(bio, p7, buf)
# Plumbing for verification: CA's cert.
st = X509.X509_Store()
st.load_info('ca.pem')
s.set_x509_store(st)
# Plumbing for verification: Signer's cert.
x509 = X509.load_cert('client.pem')
sk = X509.X509_Stack()
sk.push(x509)
s.set_x509_stack(sk)
# Verify.
p7, buf = SMIME.load_pkcs7_bio(bio)
v = s.verify(p7, flags=SMIME.PKCS7_DETACHED)
if v:
print 'ok'
else:
print 'not ok'
Using M2Crypto, I have implemented an S/MIME sender for Zope, an
open source web application server written in Python and C.
M2Crypto is here:
http://www.post1.com/home/ngps/m2
The S/MIME sender stuff, called ZSmime, is here:
http://www.post1.com/home/ngps/zope/zsmime
Zope is here:
http://www.zope.org
Cheers.
--
Ng Pheng Siong <[EMAIL PROTECTED]> * http://www.post1.com/home/ngps
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
