使用M2Crypto的Python通过S/MIME签名消息 [英] Python using M2Crypto signing a message with S/MIME
问题描述
我现在花了几个小时,但找不到错误.我想要一个简单的例程,该例程创建一个S/MIME签名的消息,以后可以与smtplib一起使用.
I spent hours now and I can not find my error. I want a simple routine that creates a S/MIME signed message that could be used with smtplib later.
这就是我到目前为止所拥有的:
This is, what I have so far:
#!/usr/bin/python2.7
# -*- coding: utf-8 -*-
from __future__ import print_function
from __future__ import absolute_import
import sys
from M2Crypto import BIO, Rand, SMIME
text = """Das ist ein einfacher Satz"""
sign_cert = "cert.pem"
sign_key = "key.pem"
# -----------------------------------------------------------------------------
class SignError(Exception):
pass
def sign(msg):
if "unsigned" not in msg:
raise SignError()
# Seed the PRNG.
Rand.load_file('.rnd', -1)
# Make a MemoryBuffer of the message.
msg_bio = BIO.MemoryBuffer(msg["unsigned"])
signer = SMIME.SMIME()
# Load key and certificate
try:
signer.load_key(sign_key, sign_cert)
except BIO.BIOError:
raise SignError()
p7 = signer.sign(msg_bio, flags=SMIME.PKCS7_TEXT)
# Recreate buf.
msg_bio = BIO.MemoryBuffer(msg["unsigned"])
# Output p7 in mail-friendly format.
out = BIO.MemoryBuffer()
out.write('From: <c@roessner.co>\r\n')
out.write("To: <test@example.com>\r\n")
out.write("Subject: M2Crypto S/MIME testing\r\n")
signer.write(out, p7, data_bio=msg_bio, flags=SMIME.PKCS7_TEXT)
msg["signed"] = out.read()
out.close()
# Save the PRNG's state.
Rand.save_file(".rnd")
if __name__ == "__main__":
msg = dict(unsigned=text)
try:
sign(msg)
except SignError:
print("Unable to sign message", file=sys.stderr)
if "signed" in msg:
print(msg["signed"])
sys.exit()
# vim: ts=4 sw=4 expandtab
不幸的是,它只会产生:
Unfortunately, it only produces:
From: <c@roessner.co>
To: <test@example.com>
Subject: M2Crypto S/MIME testing
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha-256"; boundary="----B9B56E4AFF9BD5BC9B3B8FEDDE632A4C"
This is an S/MIME signed message
------B9B56E4AFF9BD5BC9B3B8FEDDE632A4C
Content-Type: text/plain
Das ist ein einfacher Satz
如果我添加了显示p7的代码,则可以看到它已经创建了一个数据blob.
If I add code to display the p7, I can see that it has created a data blob.
我使用原始证书和密钥.但是我之前也用自签名证书进行过测试.总是一样的结果.
I use an original certificate and key. But I also tested with a self signed certificate before. Always the same result.
我检查了M2Crypto的几乎所有示例,并且看起来一样(对我而言).我在这里想念什么?
I checked nearly all examples from M2Crypto and it looks the same (for me). What am I missing here?
非常感谢您提前提供帮助:-)
Thanks a lot for helping in advance :-)
推荐答案
这已经晚了几年,但是对于那些来自Google且功能突出的人,请尝试以下方法:
This is a few years late but for anyone coming from Google as it features prominently, try this:
p7 = smime.sign(buf, SMIME.PKCS7_DETACHED)
out = BIO.MemoryBuffer()
out.write('From: %s\n' % sender)
out.write('To: %s\n' % to)
out.write('Subject: %s\n' % subject)
buf = BIO.MemoryBuffer(msg_str)
smime.write(out, p7, buf)
这篇关于使用M2Crypto的Python通过S/MIME签名消息的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!