[pycrypto] Verifying Signatures on Data and Certifictes

Legrandin helderijs at gmail.com
Tue Oct 1 04:09:26 PDT 2013


Hi Kyle,

The code you provide the link for also uses PyOpenSSL; I believe the
error you are getting originates from that library, not from PyCrypto.

L.

2013/9/27 Kyle Cummings <kyle.cummings at forge-corp.com>:
> I apologize before hand for the long e-mail, but I just wanted to be
> thorough in what I was doing.
>
> I am trying to use the PyCrypto library to achieve two similar things. The
> first use is to verify that a piece of data has been signed by the private
> key of a certain certificate. The other use is to verify a certificate chain
> (verify that certificate A has signed B, and then that B has signed C).
>
> The process is as follows:
> Client generates certificate / key-pairs A, B, C and D. A signs B, and B
> signs C and D. Then the certificates for A, signed B, signed C and signed D
> are pushed to a server. The server responds with a randomly generated bit of
> binary data for each certificate. The client uses each certificate /
> key-pair to sign the respective binary data, and then pushes the (base64
> encoded) signed responses back to the server. The server then takes the
> responses, decodes them and tries to verify the signatures on the
>
> Code / Attempts:
> My first attempt -
>
> ###
> #Function - verifying the signed challenges
> ###
> Astr = storedcertificates["acert"]
> Achallenge = storedchallenges["achallenge"]
> Signedchallenge = (read in from http post request)
> Acert = load_certificate(FILETYPE_PEM, Astr)
>
> try:
>    verify (Acert, Signedchallenge, Achallenge, "sha256")
> except Exception e:
>    print "failed to verify for reason:"
>    print e
>
> #Repeat above for B, C and D
> ###
>
> With this code I got the following error response from the verify function:
> "must be string without null bytes, not str".
>
>
> My second attempt -
>
> Having the above code fail, I then found and tried adapting the code here,
> but I first received that the function "get_signature_algorithm()" does not
> exists for X509 certificates, and then received the same error response back
> for the verify function if I commented out the signature algorithm and just
> manually provided the digest.
> ###
> #Function - verify the signed challenges modified example
> ###
> Acert = load_certificate(FILETYPE_PEM, storedcerts["root"])
> challenge = (original binary challenge sent to client)
> algorithm = Acert.get_signature_algorithm()
> dersigin = asn1.DerObject()
> dersigin.decode(rootchal)
> sig0 = dersigin.payload
> if sig0[0] != '\x00':
> print "sig0 error"
> print sig0
> return False
>
> signature = sig0[1:]
> try:
> verify(Acert, signature, challenge, algorithm)
> #verify(Acert, signature, challenge, "sha256") #Alternate without the
> get_sig_alg()
> except:
> print "verifcation failed"
> return False
> print "THE VERIFICATION WORKED?!?!?!?!?!?!??!"
> return True
>
>
>
> For the chain verification stuff, I followed the example code from the above
> link exactly, but received the same errors as the second example code
> (algorithm and string / str).
>
> What am I doing wrong / How am I using the library incorrectly?
>
>
> Thanks,
> Kyle Cummings
>
> _______________________________________________
> pycrypto mailing list
> pycrypto at lists.dlitz.net
> http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto
>


More information about the pycrypto mailing list