crypto: verify external pkcs7 signature

Prev: ANN: eGenix mxODBC Zope Database Adapter 2.0.0
Next: Sniffing encoding type by looking at file BOM header

From: Thomas Guettler on 24 Mar 2010 10:29

---

Hi,

some black box system gives me secKey.pkcs7 signature and
a data file. The signature should be correct, but it fails.


On newer system I get this: M2Crypto.SMIME.PKCS7_Error: digest failure

on older systems (openssl-0.9.8h-28.10.1) I get PKCS7 routines:PKCS7_verify:signature failure:pk7_smime.c:312

On a system with openssl-0.9.8e-45.13 the script creates a core dump.

Any hints?

{{{
def verify(file):
s = SMIME.SMIME()
cert_file='CN=NW4.cert'
x509=X509.load_cert(cert_file)
sk=X509.X509_Stack()
sk.push(x509)
s.set_x509_stack(sk)

# Load the signer's CA cert. In this case, because the signer's
# cert is self-signed, it is the signer's cert itself.

st = X509.X509_Store()
st.load_info(cert_file) # CA Cert
s.set_x509_store(st)
from M2Crypto.BIO import File

# Load the data, verify it.
p7=SMIME.load_pkcs7('secKey.pkcs7')
try:
print s.verify(p7, File(open(file)))
except (M2Crypto.SMIME.PKCS7_Error, M2Crypto.SMIME.SMIME_Error), exc:
print '%s failed: %s' % (file, str(exc).strip())
return False
return True
}}}


--
Thomas Guettler, http://www.thomas-guettler.de/
E-Mail: guettli (*) thomas-guettler + de

 | 
Pages: 1
Prev: ANN: eGenix mxODBC Zope Database Adapter 2.0.0
Next: Sniffing encoding type by looking at file BOM header