无 M2Crypto 的非分离 PKCS#7 SHA1+RSA 签名

Question

我正在尝试在 python3 上创建非分离签名。我目前有使用 m2crypto 在 python2 上执行此操作的代码，但 m2crypto 不适用于 python3。

我一直在尝试 rsa、pycrypto 和 openssl，但还没找到方法。

这是等效的 OpenSSL 命令：

openssl smime -sign -signer $CRTFILE -inkey $KEYFILE -outformDER -nodetach

这是nodetach选项，我无法用rsa, pyopenssl or pycrypto模仿。

有人在 python3 上这样做过吗？我想尽可能避免使用 Popen+openssl。

Answer 1

我实际上最终用 OpenSSL.crypto 解决了这个问题，尽管使用了一些内部方法：

from OpenSSL import crypto

PKCS7_NOSIGS = 0x4  # defined in pkcs7.h


def create_embeded_pkcs7_signature(data, cert, key):
    """
    Creates an embeded ("nodetached") pkcs7 signature.

    This is equivalent to the output of::

        openssl smime -sign -signer cert -inkey key -outform DER -nodetach < data

    :type data: bytes
    :type cert: str
    :type key: str
    """  # noqa: E501

    assert isinstance(data, bytes)
    assert isinstance(cert, str)

    try:
        pkey = crypto.load_privatekey(crypto.FILETYPE_PEM, key)
        signcert = crypto.load_certificate(crypto.FILETYPE_PEM, cert)
    except crypto.Error as e:
        raise ValueError('Certificates files are invalid') from e

    bio_in = crypto._new_mem_buf(data)
    pkcs7 = crypto._lib.PKCS7_sign(
        signcert._x509, pkey._pkey, crypto._ffi.NULL, bio_in, PKCS7_NOSIGS
    )
    bio_out = crypto._new_mem_buf()
    crypto._lib.i2d_PKCS7_bio(bio_out, pkcs7)
    signed_data = crypto._bio_to_string(bio_out)

    return signed_data

Answer 2

如果您不介意进行一些较低级别的 OpenSSL 编程，您似乎可以使用 pyca/cryptography 实现此目的。你可以试一试：

from cryptography import x509
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.bindings.openssl.binding import Binding

_lib = Binding.lib
_ffi = Binding.ffi

msg = "Hello, World!"

with open('key.pem', 'rb') as key_file:
    private_key = serialization.load_pem_private_key(
        key_file.read(), None, default_backend())

with open('cert.pem', 'rb') as cert_file:
    cert = x509.load_pem_x509_certificate(
        cert_file.read(), default_backend())

bio_in = _lib.BIO_new_mem_buf(msg.encode('utf-8'), len(msg))
pkcs7 = _lib.PKCS7_sign(cert._x509, private_key._evp_pkey, _ffi.NULL, bio_in, 0)

bio_out=_lib.BIO_new(_lib.BIO_s_mem())
_lib.PEM_write_bio_PKCS7(bio_out, pkcs7)

result_buffer = _ffi.new('char**')
buffer_length = _lib.BIO_get_mem_data(bio_out, result_buffer)
sout = _ffi.buffer(result_buffer[0], buffer_length)[:]

print(sout.decode('utf-8'))

此脚本仅用于说明目的，可能有更好的方法来实现。这种方法基本上模仿了您的 openssl smime 命令。

如果您确实想走这条路，则必须仔细研究内存管理并在完成后释放内存。 this stuff is called hazmat...

是有原因的

Answer 3

这可以使用 python 中的 cryptography 包 3.

这是我试图复制的 OpenSSL 命令

openssl smime -sign
    -signer cert.crt
    -inkey cert.key
    -certfile intermediate.pem 
    -nodetach 
    -outform der 
    -in mdm.mobileconfig 
    -out mdm-signed.mobileconfig

import cyptography


with open('cert.crt', 'rb') as fp:
    cert = cryptography.x509.load_pem_x509_certificate(fp.read())

with open('intermediate.pem', 'rb') as fp:
    ca = cryptography.x509.load_pem_x509_certificate(fp.read())

with open('cert.key', 'rb') as fp:            
    key = cryptography.hazmat.primitives.serialization.load_pem_private_key(
        fp.read(), None,
    ) 

with open('data.bin', 'rb') as fp:
    data = fp.read()


signed_data = cryptography.hazmat.primitives.serialization.pkcs7.PKCS7SignatureBuilder(
    data=data,
    signers=[
        (cert, key, cryptography.hazmat.primitives.hashes.SHA512()),
    ],
    additional_certs=[ca],
).sign(
    cryptography.hazmat.primitives.serialization.Encoding.DER, options=[],
)

-nodetach默认使用options=[]实现，因为openssl默认添加分离标志。

无 M2Crypto 的非分离 PKCS#7 SHA1+RSA 签名

Non-detached PKCS#7 SHA1+RSA signature without M2Crypto

python

rsa

signing

pycrypto

pyopenssl