On Thursday, Oct 9, 2003, at 15:57 America/New_York, Glenn Andreas
wrote:
>> On Thursday, Oct 9, 2003, at 15:30 America/New_York, amk at amk.ca wrote:
>>
>>> On Thu, Oct 09, 2003 at 09:06:43PM +0200, Jack Jansen wrote:
>>>> We are going to need digital signatures at some point, so if we're
>>>> not going to have them in Python we have to warn users and provide
>>>> them with an out-of-band way to test packages.
>>>
>>> Can we use GnuPG? It provides an interface for being run as a
>>> subprocess
>>> and reporting results back in a form usable for programs. Perhaps
>>> it could
>>> just require that GnuPG is available (via Fink or some other
>>> mechanism).
>>
>> I think it would be a lot easier on the users if we could just let
>> them install a particular Python package that can do the signature
>> verification. Is there anything in OpenSSL that could be exploited
>> for this purpose?
>
> According to http://www.openssl.org/docs/crypto/DSA_sign.html it sure
> looks that way.
>
> Now if this is directly usable, that's another question...
PyOpenSSL documentation (probably does it):
http://pyopenssl.sourceforge.net/pyOpenSSL.txt
(3.1.3 - X509Req objects)
sign(pkey, digest)
Sign the certificate, using the key pkey and the message
digest
algorithm identified by the string digest.
verify(pkey)
Verify a certificate request using the public key pkey.
M2Crypto has an example implementation of S/MIME as a HOWTO on its page
(sign, encrypt, decrypt, verify)!
http://sandbox.rulemaker.net/ngps/m2/howto.smime.html
It looks like doing this w/ M2Crypto would likely be more
straightforward, but it's probably possible in either. It's
*definitely* possible to verify a SSL certificate with either :)
-bob
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4