{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Animai°情兽 的问题《PKCS #7 detached signature with Python and PyOpenS》','https://www.manongdao.com/q-512663.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I need to get a detached PKCS #7 signature of some string in Python, using PyOpenSSL. I've got a key in .p12 file.
So far, I'm trying to do so:
from OpenSSL.crypto import load_pkcs12, sign
pkcs12 = load_pkcs12(key_dat, key_pwd)
algo = pkcs12.get_certificate().get_signature_algorithm()
pkey = pkcs12.get_privatekey()
sg = sign(pkey, manifest, algo)
But it's not what required.
I've searched net, but most examples are related to signing email chunks and use M2Crypto. Is there any way of doing it in bare PyOpenSSL?
The PKCS#7 OpenSSL functions that you need for this do not seem to be exported by the Python OpenSSL wrapper. You could try to do this via the internals of the crypto module, for example like the following snippet:
After this,
sigbytescontains the signature, ASN.1 DER encoded. The constant value forPKCS7_DETACHEDis defined in thepkcs7.hheader file in OpenSSL.As you probably know, any identifiers that start with
_are internal to thecryptomodule and are not supposed to be used by you directly. Therefore, this answer is just for illustration purposes. A proper solution (with correct memory management) should be added to thecryptomodule itself.