0

I used a GUI tool to make a X509 certificate and tried to use M2Crypto of Python to extract useful information from that cert, but came across issues. Code as below:

ca=X509.load_cert("MyCA.crt", X509.FORMAT_PEM) print ca_pub.as_pem(cipher=None)

-----BEGIN PRIVATE KEY----- MIIBJwIBADANBgkqhkiG9w0BAQEFAASCAREwggENAgEAAoIBAQDol4gW9mDc8IRW Ack4Y0/Nk+OnikJPMj65YDIexVuW/ptCEnRAX+EZmB3lM4labS0Ou5gydKj3vpoR dUM6Un1d8YYyw8Q2gJGXDHbTFjn/eU98VxIa7nHYlZGLvG5g0Eo4fCTUw3CBhI3Y B8U3C89Ez1IL6sqly9Fhc5BICFtxVtCngWhapR3tIcR85h3vlUCmavhRyBmtdiku As6ceH9GxfaFmONph/GzKVHy7iA6MSAIf/EDyz5jRKfWwhLQh4Uq9BWfioaFlQPF iZlxs45iE3pAxrAAejkguUrjeAmIojQvQq9T0YNtdf3LQCUVn2Vfd9KkqncqADew tujidoEZAgMBAAE= -----END PRIVATE KEY-----

My questions:

  1. Why get_pubkey() displays "Private Key" information? Should it begin with ---Begin Public Key ----- ?
  2. The certificate is self-signed, and how to get the digital signature from the certificate?

Many thanks!!

frogcd
  • 61
  • 1
  • 9
  • What does your X509 certificate start with? I would guess that it is a PKCS#12 container instead of just a certificate. Such a container contains both private key(s) and certificate(s). You may need to extract the certificate first. – Maarten Bodewes Mar 20 '15 at 13:07
  • Hi, thanks for your reply. Now I'm able to get pub key from x509, but still unable to get signature because there is no method X509.get_signature(). – frogcd Mar 24 '15 at 00:38
  • There seems to be a `verify(self, pkey=None)` method though. Why do you need the signature for anything other than certificate verification? For self signed certs, I would expect you can leave `pkey` (undoubtedly short for public key) empty. – Maarten Bodewes Mar 24 '15 at 00:43
  • yea, the major purpose of signature is for verification. Other posts indicate there are some flaws of M2Crypto for verification in complex surroundings. Is M2Crypto widely used in production? or do you have any other recommendation of other great crypto stuff for python? – frogcd Mar 24 '15 at 01:00
  • another issue is if you cant get signature, how do you verify? – frogcd Mar 24 '15 at 01:09
  • Sorry, I don't do much crypto in Python, but because of my experience with applied crypto I generally figure out an API pretty soon. So no other recommendations I'm sure, and no experience with M2Crypto (I think :) ). The signature obviously does not have to be returned to you, it just needs to be extracted during verification. As indicated, there is not much use for the signature after verification, so why would the API return it? – Maarten Bodewes Mar 24 '15 at 01:17

0 Answers0