certificate - Getting PKCS7 signer chain in python -

-

i have pkcs7 message signed. contains data , signing certificate (with whole chain of trust).

i have code uses m2crypto certificate out of it.

bio = bio.memorybuffer(pkcs7message) p7 = smime.pkcs7(m2.pkcs7_read_bio_der(bio._ptr())) sk = x509.x509_stack() certstack = p7.get0_signers(sk)

it works. however, certstack returns 1 certificate (instead of returning whole chain of certificates.

two questions:

  • am missing (may there option let know need whole chain)
  • are there other methods how whole chain (may using pyopenssl)?

i guess making confusion between signers , certificate chain of signer. pkcs7_get0_signers return list of signers.

in order building pkcs7 message 2 signers, can use following steps:

  1. build key , certificate first signer:

    openssl genrsa -out key1.pem openssl req -new -key key1.pem -subj "/cn=key1" | openssl x509 -req -signkey key1.pem -out cert1.pem

  2. build key , certificate second signer:

    openssl genrsa -out key2.pem openssl req -new -key key2.pem -subj "/cn=key2" | openssl x509 -req -signkey key2.pem -out cert2.pem

  3. create pkcs7 message using both signers :

    echo "hello" | openssl smime -sign -nodetach \   -out signature.der -outform der \   -inkey key1.pem -signer cert1.pem -inkey key2.pem -signer cert2.pem

then signers printed running python script:

from m2crypto import *  bio=bio.file(open('signature.der')) smime_object = smime.pkcs7(m2.pkcs7_read_bio_der(bio._ptr()))     signers = smime_object.get0_signers(x509.x509_stack())  cert in signers:     print(cert.get_issuer().as_text())

it give signers' issuer:

cn=key1
cn=key2


Comments

Post a Comment

Popular posts from this blog

how to insert data php javascript mysql with multiple array session 2 -

-
i have method method discussed , successful data entered 1 when more 1 can not database this programs my php form : <form class="form-horizontal" id="form-produk"> <div class="control-group" > <label class="control-label" for="kelas">kategori</label> <div class="controls"> <select class='form-control' name='id_kategori'> <?php $tampil=mysql_query("select * kategori order nama_kategori"); if ($id_kat==0){ echo "<option value=0 selected>- pilih kategori -</option>"; } while($w=mysql_fetch_array($tampil)){ if ($id_kat==$w[id_kategori]){ echo "<option value=$w[id_kategori] selected>$w[nama_kategori]</option>"; } else{ echo "<option value=$w[id_kategori]>$...
Read more

multithreading - Exception in Application constructor -

-
i wanna write snake game javafx , there exception don't know , want know how fix it. ( know it's not complete yet ) and want know , class extends application ( start override ) main in other programs? see , here not static void main bc didn't need, if want add main shoud do? it's exeption... exception in application constructor exception in thread "main" java.lang.nosuchmethodexception: main_snake.main([ljava.lang.string;) @ java.lang.class.getmethod(class.java:1819) @ com.intellij.rt.execution.application.appmain.main(appmain.java:125) and code : import javafx.animation.animationtimer; import javafx.application.application; import javafx.event.eventhandler; import javafx.scene.scene; import javafx.scene.canvas.canvas; import javafx.scene.canvas.graphicscontext; import javafx.scene.input.keyevent; import javafx.scene.layout.borderpane; import javafx.scene.paint.color; import javafx.stage.stage; import java.util.arraylist; /** * creat...
Read more

windows - CertCreateCertificateContext returns CRYPT_E_ASN1_BADTAG / 8009310b -

-
i realize similar post others (e.g. this one ), there details missing posts might significant case. to start with, here's simplified program: #include "stdafx.h" #include <windows.h> #include <wincrypt.h> int _tmain(int argc, _tchar* argv[]) { // usage: certextract certpath char keyfile[] = "c:\\certificates\\public.crt"; byte lp[65536]; security_attributes sa; handle hkeyfile; dword bytes; pccert_context certcontext; sa.nlength = sizeof(sa); sa.lpsecuritydescriptor = null; sa.binherithandle = false; hkeyfile = createfile(keyfile, generic_read, file_share_read, &sa, open_existing, file_attribute_normal, null); if (hkeyfile) { if (readfile(hkeyfile, lp, getfilesize(hkeyfile, null), &bytes, null) && bytes > 0) { certcontext = certcreatecertificatecontext(x509_asn_encoding, lp, bytes); if (certcontext) { printf("yay...
Read more