468,116 Members | 2,168 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 468,116 developers. It's quick & easy.

PHP's openssl_sign() using M2Crypto?

KW
I'm trying to convert some PHP code using OpenSSL to Python and I'm stuck
on openssl_sign() which uses an RSA private key to compute a signature.

Example PHP code:
$privkeyid = openssl_get_privatekey($priv_key, $key_pass);
openssl_sign($data, $signature, $privkeyid);
openssl_free_key($privkeyid);

I've tried several permutations of the stuff in M2Crypto.EVP but I can't get
it to work...

The openssl module in PHP basicly does this (C code):
EVP_SignInit(&md_ctx, EVP_sha1());
EVP_SignUpdate(&md_ctx, data, data_len);
EVP_SignFinal(&md_ctx, sigbuf, &siglen, pkey);

Looks like some magic is used to get pkey, I think that's what I'm missing.
See php_openssl_evp_from_zval() in PHP's ext/openssl/openssl.c.

I've tried the following:
key = M2Crypto.EVP.load_key(keyfile, lambda x: passphr)
hmac = M2Crypto.EVP.HMAC(key, 'sha1')
hmac.update(message)
hmac.final()

But this results in:
File "/usr/lib/python2.4/site-packages/M2Crypto/EVP.py", line 39, in __init__
m2.hmac_init(self.ctx, key, self.md)
TypeError: expected a readable buffer object
Segmentation fault

Unfortunately M2Crypto documentation is practically nonexistent..

Best regards,
--
Konrad
May 21 '06 #1
5 3810
KW
On 2006-05-20, KW wrote:
I'm trying to convert some PHP code using OpenSSL to Python and I'm stuck
on openssl_sign() which uses an RSA private key to compute a signature.


I think basicly my question is: how do I extract the key from a private
key in M2Crypto?

Best regards,
--
Konrad
May 21 '06 #2
KW wrote:
The openssl module in PHP basicly does this (C code):
EVP_SignInit(&md_ctx, EVP_sha1());
EVP_SignUpdate(&md_ctx, data, data_len);
EVP_SignFinal(&md_ctx, sigbuf, &siglen, pkey);

Looks like some magic is used to get pkey, I think that's what I'm missing.
See php_openssl_evp_from_zval() in PHP's ext/openssl/openssl.c.

I've tried the following:
key = M2Crypto.EVP.load_key(keyfile, lambda x: passphr)
hmac = M2Crypto.EVP.HMAC(key, 'sha1')
hmac.update(message)
hmac.final()
Does this work?:

key = M2Crypto.EVP.load_key(keyfile, lambda x: passphr)
key.sign_init()
key.sign_update(message)
signature = key.final()
Unfortunately M2Crypto documentation is practically nonexistent..


A lot of the OpenSSL documentation works fine, the names are usually
straight mapping.

May 22 '06 #3
KW
On 2006-05-22, he****@osafoundation.org wrote:
Does this work?:

key = M2Crypto.EVP.load_key(keyfile, lambda x: passphr)
key.sign_init()
key.sign_update(message)
signature = key.final()


No, I get this:
AttributeError: PKey instance has no attribute 'sign_init'

Best regards,
--
Konrad
May 22 '06 #4
That is really strange, because PKey has had sign_init method since
2004. That code works for me (just tested). What version of M2Crypto
are you using? I'd advice you upgrade to 0.15 if possible. See

http://wiki.osafoundation.org/bin/vi...ts/MeTooCrypto

--
Heikki Toivonen

May 23 '06 #5
KW
On 2006-05-23, he****@osafoundation.org wrote:
That is really strange, because PKey has had sign_init method since
2004. That code works for me (just tested). What version of M2Crypto
are you using? I'd advice you upgrade to 0.15 if possible. See

http://wiki.osafoundation.org/bin/vi...ts/MeTooCrypto


Great! I was using 0.13.1 from both Debian en Ubuntu and I thought no
further development was done on it..

It would be nice to get this version into Debian.

Best regards,
--
Konrad
May 24 '06 #6

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

7 posts views Thread by Carl Waldbieser | last post: by
5 posts views Thread by jsmilan | last post: by
4 posts views Thread by Marc Poulhiès | last post: by
1 post views Thread by morphex | last post: by
8 posts views Thread by John Nagle | last post: by
7 posts views Thread by John Nagle | last post: by
reply views Thread by Heikki Toivonen | last post: by
6 posts views Thread by didacticone | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.