def recipient_info(self, cert, session_key): public_key = cert.get_pubkey().to_cryptography_key() encrypted_key = public_key.encrypt(session_key, padding.PKCS1v15()) cert = signer.cert2asn(cert.to_cryptography()) tbs_cert = cert['tbs_certificate'] # TODO: use subject_key_identifier when available return cms.RecipientInfo(name=u'ktri', value={ 'version': u'v0', 'rid': cms.RecipientIdentifier( name=u'issuer_and_serial_number', value={ 'issuer': tbs_cert['issuer'], 'serial_number': tbs_cert['serial_number'] }), 'key_encryption_algorithm': { 'algorithm': u'rsa', }, 'encrypted_key': core.OctetString(encrypted_key) })
def recipient_info(self, cert, session_key, oaep): public_key = cert.public_key() cert = signer.cert2asn(cert) tbs_cert = cert['tbs_certificate'] # TODO: use subject_key_identifier when available if oaep: encrypted_key = public_key.encrypt( session_key, padding.OAEP(mgf=padding.MGF1(hashes.SHA512()), algorithm=hashes.SHA512(), label=None)) kea = cms.KeyEncryptionAlgorithm({ 'algorithm': cms.KeyEncryptionAlgorithmId('rsaes_oaep'), 'parameters': algos.RSAESOAEPParams({ 'hash_algorithm': algos.DigestAlgorithm({'algorithm': 'sha512'}), 'mask_gen_algorithm': algos.MaskGenAlgorithm({ 'algorithm': algos.MaskGenAlgorithmId('mgf1'), 'parameters': { 'algorithm': algos.DigestAlgorithmId('sha512'), } }), 'p_source_algorithm': algos.PSourceAlgorithm({ 'algorithm': algos.PSourceAlgorithmId('p_specified'), 'parameters': b'', }) }) }) else: kea = {'algorithm': 'rsa'} encrypted_key = public_key.encrypt(session_key, padding.PKCS1v15()) result = cms.RecipientInfo(name='ktri', value={ 'version': 'v0', 'rid': cms.RecipientIdentifier( name='issuer_and_serial_number', value={ 'issuer': tbs_cert['issuer'], 'serial_number': tbs_cert['serial_number'] }), 'key_encryption_algorithm': kea, 'encrypted_key': core.OctetString(encrypted_key) }) return result
def assina_xml(self, arquivo): def signproc(tosign, algosig): key = self.certificado.key signed_value_signature = key.sign( tosign, padding.PKCS1v15(), getattr(hashes, algosig.upper())()) return signed_value_signature cert = self.certificado.cert certcontent = signer.cert2asn(cert).dump() cls = xades.BES() doc = cls.build('documento.xml', arquivo, 'application/xml', cert, certcontent, signproc, False, True) return etree.tostring(doc, encoding='UTF-8', xml_declaration=True, standalone=False)
def main(): p12 = load_pkcs12(open('demo2_user1.p12', 'rb').read(), '1234') def signproc(tosign, algosig): key = p12.get_privatekey().to_cryptography_key() signed_value_signature = key.sign(tosign, padding.PKCS1v15(), getattr(hashes, algosig.upper())()) return signed_value_signature data = open('xml.xml', 'rb').read() cert = p12.get_certificate().to_cryptography() certcontent = signer.cert2asn(cert).dump() cls = xades.BES() doc = cls.build('xml.xml', data, 'text/xml', cert, certcontent, signproc, False, False, True) data = etree.tostring(doc, encoding='UTF-8', xml_declaration=True, standalone=False) open('xml-xades-bes-detached.xml', 'wb').write(data)
def main(): with open('demo2_user1.p12', 'rb') as fp: p12 = pkcs12.load_key_and_certificates(fp.read(), b'1234', backends.default_backend()) def signproc(tosign, algosig): key = p12[0] signed_value_signature = key.sign( tosign, padding.PKCS1v15(), getattr(hashes, algosig.upper())() ) return signed_value_signature data = open('xml.xml', 'rb').read() cert = p12[1] certcontent = signer.cert2asn(cert).dump() cls = xades.BES() doc = cls.build('xml.xml', data, 'text/xml', cert, certcontent, signproc, False, False, True) data = etree.tostring(doc, encoding='UTF-8', xml_declaration=True, standalone=False) open('xml-xades-bes-detached.xml', 'wb').write(data)
def showCert(self, der): pem = cert2asn(der, False) # pem.debug() print(pem.serial_number) print(pem.issuer.native) print(pem.subject.native)