使用M2Crypto的Python通过S/MIME签名消息 [英] Python using M2Crypto signing a message with S/MIME

问题描述

我现在花了几个小时，但找不到错误.我想要一个简单的例程，该例程创建一个S/MIME签名的消息，以后可以与smtplib一起使用.

I spent hours now and I can not find my error. I want a simple routine that creates a S/MIME signed message that could be used with smtplib later.

这就是我到目前为止所拥有的:

This is, what I have so far:

#!/usr/bin/python2.7
# -*- coding: utf-8 -*-

from __future__ import print_function
from __future__ import absolute_import

import sys

from M2Crypto import BIO, Rand, SMIME

text = """Das ist ein einfacher Satz"""

sign_cert = "cert.pem"
sign_key = "key.pem"

# -----------------------------------------------------------------------------

class SignError(Exception):
    pass


def sign(msg):
    if "unsigned" not in msg:
        raise SignError()

    # Seed the PRNG.
    Rand.load_file('.rnd', -1)

    # Make a MemoryBuffer of the message.
    msg_bio = BIO.MemoryBuffer(msg["unsigned"])

    signer = SMIME.SMIME()

    # Load key and certificate
    try:
        signer.load_key(sign_key, sign_cert)
    except BIO.BIOError:
        raise SignError()

    p7 = signer.sign(msg_bio, flags=SMIME.PKCS7_TEXT)

    # Recreate buf.
    msg_bio = BIO.MemoryBuffer(msg["unsigned"])

    # Output p7 in mail-friendly format.
    out = BIO.MemoryBuffer()
    out.write('From: <c@roessner.co>\r\n')
    out.write("To: <test@example.com>\r\n")
    out.write("Subject: M2Crypto S/MIME testing\r\n")
    signer.write(out, p7, data_bio=msg_bio, flags=SMIME.PKCS7_TEXT)

    msg["signed"] = out.read()
    out.close()

    # Save the PRNG's state.
    Rand.save_file(".rnd")


if __name__ == "__main__":
    msg = dict(unsigned=text)

    try:
        sign(msg)
    except SignError:
        print("Unable to sign message", file=sys.stderr)

    if "signed" in msg:
        print(msg["signed"])

    sys.exit()

# vim: ts=4 sw=4 expandtab

不幸的是，它只会产生:

Unfortunately, it only produces:

From: <c@roessner.co>
To: <test@example.com>
Subject: M2Crypto S/MIME testing
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha-256"; boundary="----B9B56E4AFF9BD5BC9B3B8FEDDE632A4C"

This is an S/MIME signed message

------B9B56E4AFF9BD5BC9B3B8FEDDE632A4C
Content-Type: text/plain

Das ist ein einfacher Satz

如果我添加了显示p7的代码，则可以看到它已经创建了一个数据blob.

If I add code to display the p7, I can see that it has created a data blob.

我使用原始证书和密钥.但是我之前也用自签名证书进行过测试.总是一样的结果.

I use an original certificate and key. But I also tested with a self signed certificate before. Always the same result.

我检查了M2Crypto的几乎所有示例，并且看起来一样(对我而言).我在这里想念什么?

I checked nearly all examples from M2Crypto and it looks the same (for me). What am I missing here?

非常感谢您提前提供帮助:-)

Thanks a lot for helping in advance :-)

推荐答案

这已经晚了几年，但是对于那些来自Google且功能突出的人，请尝试以下方法:

This is a few years late but for anyone coming from Google as it features prominently, try this:

p7 = smime.sign(buf, SMIME.PKCS7_DETACHED)

out = BIO.MemoryBuffer()
out.write('From: %s\n' % sender)
out.write('To: %s\n' % to)
out.write('Subject: %s\n' % subject)

buf = BIO.MemoryBuffer(msg_str)

smime.write(out, p7, buf)

这篇关于使用M2Crypto的Python通过S/MIME签名消息的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！