def verify(certificate_path, ca_certificate_path, sign_request_path, output): certificate = None try: certificate = X509.load_cert(certificate_path) except (X509.X509Error, IOError): print('ERROR verify: Could not load certificate for verifying') exit(1) smime = SMIME.SMIME() stack = X509.X509_Stack() stack.push(certificate) smime.set_x509_stack(stack) store = X509.X509_Store() store.load_info(ca_certificate_path) smime.set_x509_store(store) pks7, data = SMIME.smime_load_pkcs7(sign_request_path) clear_text = smime.verify(pks7, data) if not output: output = path.abspath(path.curdir) + '/%s.csr' % DEFAULT_FIELDS['CN'] if clear_text: request = X509.load_request_string(clear_text) request.save(output) print('Verification OK') print('Request file was saved to %s' % output) else: print('Verification failed')
def test_load_bad(self): s = SMIME.SMIME() with self.assertRaises(EVP.EVPError): s.load_key('tests/signer.pem', 'tests/signer.pem') with self.assertRaises(BIO.BIOError): SMIME.load_pkcs7('nosuchfile-dfg456') with self.assertRaises(SMIME.PKCS7_Error): SMIME.load_pkcs7('tests/signer.pem') with self.assertRaises(SMIME.PKCS7_Error): SMIME.load_pkcs7_bio(BIO.MemoryBuffer(b'no pkcs7')) with self.assertRaises(SMIME.SMIME_Error): SMIME.smime_load_pkcs7('tests/signer.pem') with self.assertRaises(SMIME.SMIME_Error): SMIME.smime_load_pkcs7_bio(BIO.MemoryBuffer(b'no pkcs7'))
def decrypt_and_verify(self): # Instantiate an SMIME object. s = SMIME.SMIME() # Load private key and cert. s.load_key(recipient_key, recipient_cert) # Load the signed/encrypted data. p7, data = SMIME.smime_load_pkcs7('smime-m2-sign-encrypt.txt') # After the above step, 'data' == None. # Decrypt p7. 'out' now contains a PKCS #7 signed blob. out = s.decrypt(p7) # Load the signer's cert. x509 = X509.load_cert(signer_cert) sk = X509.X509_Stack() sk.push(x509) s.set_x509_stack(sk) # Load the signer's CA cert. st = X509.X509_Store() st.load_info(ca_cert) s.set_x509_store(st) # Recall 'out' contains a PKCS #7 blob. # Transform 'out'; verify the resulting PKCS #7 blob. p7_bio = BIO.MemoryBuffer(out) p7, data = SMIME.smime_load_pkcs7_bio(p7_bio) v = s.verify(p7) print v
def decrypt_email_body(client: Client, args: Dict, file_path=None): """ Decrypt the message Args: client: Client args: Dict file_path: relevant for the test module """ if file_path: encrypt_message = file_path else: encrypt_message = demisto.getFilePath(args.get('encrypt_message')) client.smime.load_key(client.private_key_file, client.public_key_file) try: p7, data = SMIME.smime_load_pkcs7(encrypt_message['path']) out = client.smime.decrypt(p7).decode('utf-8') except SMIME.SMIME_Error as e: if str( e ) == 'no content type': # If no content type; see if we can process as DER format with open(encrypt_message['path'], "rb") as message_file: p7data = message_file.read() p7bio = BIO.MemoryBuffer(p7data) p7 = SMIME.PKCS7(m2.pkcs7_read_bio_der(p7bio._ptr())) out = client.smime.decrypt( p7, flags=SMIME.PKCS7_NOVERIFY).decode('utf-8') entry_context = {'SMIME.Decrypted': {'Message': out}} human_readable = f'The decrypted message is: \n{out}' return human_readable, entry_context
def get_keyfile(directory, name, ext='yaml'): """Returns the DECRYPTED keyfile named by the given `directory', `name' and `ext' (as passed to ``keyfile_path'').""" s = SMIME.SMIME() s.load_key(env.ec2.pk, env.ec2.cert) p7, data = SMIME.smime_load_pkcs7(keyfile_path(directory, name, ext)) return s.decrypt(p7)
def test_load_bad(self): s = SMIME.SMIME() with self.assertRaises(EVP.EVPError): s.load_key('tests/signer.pem', 'tests/signer.pem') with self.assertRaises(BIO.BIOError): SMIME.load_pkcs7('nosuchfile-dfg456') with self.assertRaises(SMIME.PKCS7_Error): SMIME.load_pkcs7('tests/signer.pem') with self.assertRaises(SMIME.PKCS7_Error): SMIME.load_pkcs7_bio(BIO.MemoryBuffer('no pkcs7')) with self.assertRaises(SMIME.SMIME_Error): SMIME.smime_load_pkcs7('tests/signer.pem') with self.assertRaises(SMIME.SMIME_Error): SMIME.smime_load_pkcs7_bio(BIO.MemoryBuffer('no pkcs7'))
def verify_netscape(): print 'test load & verify netscape messager output...', s = SMIME.SMIME() #x509 = X509.load_cert('client.pem') sk = X509.X509_Stack() #sk.push(x509) s.set_x509_stack(sk) st = X509.X509_Store() st.load_info('ca.pem') s.set_x509_store(st) p7, data = SMIME.smime_load_pkcs7('ns.p7') v = s.verify(p7, data) print '\n', v, '\n...ok'
def decrypt(self): # Instantiate an SMIME object. s = SMIME.SMIME() # Load private key and cert. s.load_key(recipient_key, recipient_cert) # Load the encrypted data. p7, data = SMIME.smime_load_pkcs7('smime-m2-encrypt.txt') # Decrypt p7. out = s.decrypt(p7) print out
def verify_opaque(): print 'test load & verify opaque...', s = SMIME.SMIME() x509 = X509.load_cert('client.pem') sk = X509.X509_Stack() sk.push(x509) s.set_x509_stack(sk) st = X509.X509_Store() st.load_info('ca.pem') s.set_x509_store(st) p7, data = SMIME.smime_load_pkcs7('opaque.p7') v = s.verify(p7, data) if v: print 'ok' else: print 'not ok'
def test_detailed_error_message(self): from M2Crypto import SMIME, X509 s = SMIME.SMIME() x509 = X509.load_cert('tests/recipient.pem') sk = X509.X509_Stack() sk.push(x509) s.set_x509_stack(sk) st = X509.X509_Store() st.load_info('tests/recipient.pem') s.set_x509_store(st) p7, data = SMIME.smime_load_pkcs7('tests/sample-p7.pem') self.assertIsInstance(p7, SMIME.PKCS7, p7) try: s.verify(p7, data) except SMIME.PKCS7_Error as e: self.assertRegexpMatches(str(e), "unable to get local issuer certificate", "Not received expected error message")
def decrypt_email_body(client: Client, args: Dict, file_path=None): """ Decrypt the message Args: client: Client args: Dict file_path: relevant for the test module """ if file_path: encrypt_message = file_path else: encrypt_message = demisto.getFilePath(args.get('encrypt_message')) client.smime.load_key(client.private_key_file, client.public_key_file) p7, data = SMIME.smime_load_pkcs7(encrypt_message['path']) out = client.smime.decrypt(p7).decode('utf-8') entry_context = {'SMIME.Decrypted': {'Message': out}} human_readable = f'The decrypted message is: \n{out}' return human_readable, entry_context
def verify(client: Client, args: Dict): """ Verify the signature Args: client: Client args: Dict """ signed_message = demisto.getFilePath(args.get('signed_message')) x509 = X509.load_cert(client.public_key_file) sk = X509.X509_Stack() sk.push(x509) client.smime.set_x509_stack(sk) st = X509.X509_Store() st.load_info(client.public_key_file) client.smime.set_x509_store(st) try: p7, data = SMIME.smime_load_pkcs7(signed_message['path']) v = client.smime.verify(p7, data, flags=SMIME.PKCS7_NOVERIFY) human_readable = f'The signature verified\n\n{v}' except SMIME.SMIME_Error as e: if str( e ) == 'no content type': # If no content type; see if we can process as DER format with open(signed_message['path'], "rb") as message_file: p7data = message_file.read() p7bio = BIO.MemoryBuffer(p7data) p7 = SMIME.PKCS7(m2.pkcs7_read_bio_der(p7bio._ptr())) v = client.smime.verify(p7, flags=SMIME.PKCS7_NOVERIFY) return_results( fileResult('unwrapped-' + signed_message.get('name'), v)) human_readable = 'The signature verified\n\n' return human_readable, {}
def verify(self): # Instantiate an SMIME object. s = SMIME.SMIME() # Load the signer's cert. x509 = X509.load_cert(signer_cert) sk = X509.X509_Stack() sk.push(x509) s.set_x509_stack(sk) # Load the signer's CA cert. st = X509.X509_Store() st.load_info(ca_cert) s.set_x509_store(st) # Load the data, verify it. p7, data = SMIME.smime_load_pkcs7('smime-m2-sign.txt') v = s.verify(p7) print v print data print data.read()
def verify(client: Client, args: Dict): """ Verify the signature Args: client: Client args: Dict """ signed_message = demisto.getFilePath(args.get('signed_message')) x509 = X509.load_cert(client.public_key_file) sk = X509.X509_Stack() sk.push(x509) client.smime.set_x509_stack(sk) st = X509.X509_Store() st.load_info(client.public_key_file) client.smime.set_x509_store(st) p7, data = SMIME.smime_load_pkcs7(signed_message['path']) v = client.smime.verify(p7, data, flags=SMIME.PKCS7_NOVERIFY) human_readable = f'The signature verified\n\n{v}' return human_readable, {}
from M2Crypto import SMIME, X509 # Instantiate an SMIME object. s = SMIME.SMIME() # Load the signer's cert. x509 = X509.load_cert('mycert.pem') sk = X509.X509_Stack() sk.push(x509) s.set_x509_stack(sk) # Load the signer's CA cert. In this case, because the signer's # cert is self-signed, it is the signer's cert itself. st = X509.X509_Store() st.load_info('mycert.pem') s.set_x509_store(st) # Load the data, verify it. p7, data = SMIME.smime_load_pkcs7('target/smime_signed.txt') v = s.verify(p7, data) print v print data print data.read()
from M2Crypto import BIO, SMIME, X509 s = SMIME.SMIME() # Load private key and cert. s.load_key('mycert-private.pem', 'mycert.pem') # Load the signed/encrypted data. p7, data = SMIME.smime_load_pkcs7('target/python_encrypted_signed.txt') # After the above step, 'data' == None. # Decrypt p7. 'out' now contains a PKCS #7 signed blob. out = s.decrypt(p7) # Load the signer's cert. x509 = X509.load_cert('mycert.pem') sk = X509.X509_Stack() sk.push(x509) s.set_x509_stack(sk) # Load the signer's CA cert. In this case, because the signer's # cert is self-signed, it is the signer's cert itself. st = X509.X509_Store() st.load_info('mycert.pem') s.set_x509_store(st) # Recall 'out' contains a PKCS #7 blob. # Transform 'out'; verify the resulting PKCS #7 blob. p7_bio = BIO.MemoryBuffer(out) p7, data = SMIME.smime_load_pkcs7_bio(p7_bio) v = s.verify(p7, data)
# The putpose of this code is to serve as example # not to do anthing useful for the library from M2Crypto import SMIME, X509 # Instantiate an SMIME object. sk = X509.X509_Stack() # Load the data, verify it. p7, data = SMIME.smime_load_pkcs7('bill') stack = p7.get0_signers(sk) looping = True while looping: one = stack.pop() if one == None: break print one.get_subject() print one.get_serial_number() print one.get_issuer() crl = X509.load_crl('/etc/grid-security/certificates/dd4b34ea.r0') print crl.as_text() #print crl.crl.own() s = SMIME.SMIME() x509c = X509.load_cert('/etc/grid-security/certificates/dd4b34ea.0') sk = X509.X509_Stack() sk.push(x509c) s.set_x509_stack(sk)
def test_load_smime(self): a, b = SMIME.smime_load_pkcs7(self.filenameSmime) assert isinstance(a, SMIME.PKCS7), a assert isinstance(b, BIO.BIO), b assert a.type() == SMIME.PKCS7_SIGNED
from M2Crypto import SMIME, X509 # Instantiate an SMIME object. s = SMIME.SMIME() # Load the signer's cert. x509 = X509.load_cert('mycert.pem') sk = X509.X509_Stack() sk.push(x509) s.set_x509_stack(sk) # Load the signer's CA cert. In this case, because the signer's # cert is self-signed, it is the signer's cert itself. st = X509.X509_Store() st.load_info('mycert.pem') s.set_x509_store(st) # Load the data, verify it. p7, data = SMIME.smime_load_pkcs7('smime_signed.txt') v = s.verify(p7, data) print v print data print data.read()
#!/usr/bin/env python """S/MIME HOWTO demo program. Copyright (c) 1999-2001 Ng Pheng Siong. All rights reserved.""" from M2Crypto import BIO, SMIME, X509 # Instantiate an SMIME object. s = SMIME.SMIME() # Load private key and cert. s.load_key('recipient_key.pem', 'recipient.pem') # Load the encrypted data. p7, data = SMIME.smime_load_pkcs7('encrypt.p7') # Decrypt p7. out = s.decrypt(p7) print out
def test_load_smime(self): a, b = SMIME.smime_load_pkcs7(self.filenameSmime) self.assertIsInstance(a, SMIME.PKCS7, a) self.assertIsInstance(b, BIO.BIO, b) self.assertEqual(a.type(), SMIME.PKCS7_SIGNED)
from M2Crypto import SMIME, X509 # Instantiate an SMIME object. s = SMIME.SMIME() # Load the signer's cert. x509 = X509.load_cert('signer.pem') sk = X509.X509_Stack() sk.push(x509) s.set_x509_stack(sk) # Load the signer's CA cert. In this case, because the signer's # cert is self-signed, it is the signer's cert itself. st = X509.X509_Store() st.load_info('signer.pem') s.set_x509_store(st) # Load the data, verify it. p7, data = SMIME.smime_load_pkcs7('sign.p7') ''' v = s.verify(p7,data) print v print data print data.read() '''
from M2Crypto import BIO, SMIME, X509 s = SMIME.SMIME() s.load_key('mycert-private.pem', 'mycert.pem') p7, data = SMIME.smime_load_pkcs7('smime.txt') out = s.decrypt(p7) print out
#!/usr/bin/env python """S/MIME HOWTO demo program. Copyright (c) 1999-2001 Ng Pheng Siong. All rights reserved.""" from M2Crypto import SMIME, X509 # Instantiate an SMIME object. s = SMIME.SMIME() # Load the signer's cert. x509 = X509.load_cert('signer.pem') sk = X509.X509_Stack() sk.push(x509) s.set_x509_stack(sk) # Load the signer's CA cert. In this case, because the signer's # cert is self-signed, it is the signer's cert itself. st = X509.X509_Store() st.load_info('signer.pem') s.set_x509_store(st) # Load the data, verify it. p7, data = SMIME.smime_load_pkcs7('sign.p7') v = s.verify(p7) print v print data print data.read()
# The putpose of this code is to serve as example # not to do anthing useful for the library from M2Crypto import SMIME, X509 # Instantiate an SMIME object. sk = X509.X509_Stack() # Load the data, verify it. p7, data = SMIME.smime_load_pkcs7('bill') stack = p7.get0_signers(sk) looping = True while looping: one = stack.pop() if one == None: break print one.get_subject() print one.get_serial_number() print one.get_issuer() crl = X509.load_crl('/etc/grid-security/certificates/dd4b34ea.r0') print crl.as_text() #print crl.crl.own() s = SMIME.SMIME() x509c = X509.load_cert('/etc/grid-security/certificates/dd4b34ea.0') sk = X509.X509_Stack()