def encrypt(input_bio, cert, keyring_source, cypher): """ Encrypts the input data with the public key in the certificate from keyring source with selected cypher. @type input_bio: M2Crypto.BIO @param input_bio: input data to encrypt. @type cert: filepath or M2Crypto.BIO or M2Crypto.X509.X509 @param cert: the recipient certificate reference from filepath, could be from file, from memory or from pkcs11 smartcard, based on keyring_soruce input parameter. @type keyring_source: str @keyword keyring_source: the type of the source for input certificate, used to recall the appropriate method for encrypter settings. Ammitted values are: file, memory, pkcs11. @type cypher: str @keyword cypher: the cypher to use for encryption of the data, run "openssl enc -help" for supported cyphers, you have to choose a public key cypher from availables. @rtype: M2Crypto.SMIME.PKCS7 @return: the PKCS#7 encrypted data in PEM format. """ encrypter = SMIME.SMIME() x509 = set_certificate(cert, keyring_source) sk = X509.X509_Stack() sk.push(x509) encrypter.set_x509_stack(sk) encrypter.set_cipher(SMIME.Cipher(cypher)) Rand.load_file('randpool.dat', -1) try: p7 = encrypter.encrypt(input_bio) except SMIME.SMIME_Error, e: logging.error('smime error: ' + str(e)) raise
def threadSMIME(): # Seed the PRNG. Rand.load_file('randpool.dat', -1) # Instantiate an SMIME object. s = SMIME.SMIME() # Load target cert to encrypt to. x509 = X509.load_cert('recipient.pem') sk = X509.X509_Stack() sk.push(x509) s.set_x509_stack(sk) # Set cipher: 3-key triple-DES in CBC mode. s.set_cipher(SMIME.Cipher('des_ede3_cbc')) # Encrypt the buffer. p7 = s.encrypt(buf) # Output p7 in mail-friendly format. out = BIO.MemoryBuffer() out.write('From: [email protected]\n') out.write('To: [email protected]\n') out.write('Subject: M2Crypto S/MIME testing\n') s.write(out, p7) print out.read() # Save the PRNG's state. Rand.save_file('randpool.dat')
def sign_tra(tra, cert=CERT, key=PRIVATEKEY): from M2Crypto import BIO, Rand, SMIME def makebuf(text): return BIO.MemoryBuffer(text) # Make a MemoryBuffer of the message. buf = makebuf(tra.encode()) # Seed the PRNG. Rand.load_file('randpool.dat', -1) # Instantiate an SMIME object; set it up; sign the buffer. s = SMIME.SMIME() s.load_key(key, cert) p7 = s.sign(buf) out = BIO.MemoryBuffer() s.write(out, p7) msg = email.message_from_bytes(out.read()) for part in msg.walk(): filename = part.get_filename() if filename == "smime.p7m": # es la parte firmada? return part.get_payload(decode=False) # devolver CMS
def sign(self): # Make a MemoryBuffer of the message. buf = makebuf('a sign of our times') # Seed the PRNG. Rand.load_file(randpool, -1) # Instantiate an SMIME object; set it up; sign the buffer. s = SMIME.SMIME() s.load_key(signer_key, signer_cert) p7 = s.sign(buf, SMIME.PKCS7_DETACHED) # Recreate buf. buf = makebuf('a sign of our times') # Output p7 in mail-friendly format. out = BIO.MemoryBuffer() out.write('From: [email protected]\n') out.write('To: [email protected]\n') out.write('Subject: M2Crypto S/MIME testing\n') s.write(out, p7, buf) result = out.read() # Save the PRNG's state. Rand.save_file(randpool) open('smime-m2-sign.txt', 'wt').write(result)
def main(keylen, hashalg): global rsa, dgst # this exists ONLY for speed testing Rand.load_file('randpool.dat', -1) pvtkeyfilename = 'rsa%dpvtkey.pem' % (keylen) pubkeyfilename = 'rsa%dpubkey.pem' % (keylen) if makenewkey: print ' making and saving a new key' rsa = RSA.gen_key(keylen, exponent) rsa.save_key(pvtkeyfilename, None ) # no pswd callback rsa.save_pub_key(pubkeyfilename) else: print ' loading an existing key' rsa = RSA.load_key(pvtkeyfilename) print ' rsa key length:', len(rsa) if not rsa.check_key(): raise 'key is not initialised' # since we are testing signing and verification, let's not # be fussy about the digest. Just make one. md = EVP.MessageDigest(hashalg) md.update('can you spell subliminal channel?') dgst = md.digest() print ' hash algorithm: %s' % hashalg if showdigest: print ' %s digest: \n%s' % (hashalg, base64.encodestring(dgst)) test(rsa, dgst) # test_asn1(rsa, dgst) test_speed(rsa, dgst) Rand.save_file('randpool.dat')
def main(keylen, hashalg): global rsa, dgst # this exists ONLY for speed testing Rand.load_file('randpool.dat', -1) pvtkeyfilename = 'rsa%dpvtkey.pem' % (keylen) pubkeyfilename = 'rsa%dpubkey.pem' % (keylen) if makenewkey: print ' making and saving a new key' rsa = RSA.gen_key(keylen, exponent) rsa.save_key(pvtkeyfilename, None) # no pswd callback rsa.save_pub_key(pubkeyfilename) else: print ' loading an existing key' rsa = RSA.load_key(pvtkeyfilename) print ' rsa key length:', len(rsa) if not rsa.check_key(): raise 'key is not initialised' # since we are testing signing and verification, let's not # be fussy about the digest. Just make one. md = EVP.MessageDigest(hashalg) md.update('can you spell subliminal channel?') dgst = md.digest() print ' hash algorithm: %s' % hashalg if showdigest: print ' %s digest: \n%s' % (hashalg, base64.encodestring(dgst)) test(rsa, dgst) # test_asn1(rsa, dgst) test_speed(rsa, dgst) Rand.save_file('randpool.dat')
def test_load_save(self): try: os.remove('tests/randpool.dat') except OSError: pass self.assertIn(Rand.load_file('tests/randpool.dat', -1), [0, -1]) self.assertEqual(Rand.save_file('tests/randpool.dat'), 1024) self.assertEqual(Rand.load_file('tests/randpool.dat', -1), 1024)
def test_load_save(self): try: os.remove('tests/randpool.dat') except OSError: pass assert Rand.load_file('tests/randpool.dat', -1) == 0 assert Rand.save_file('tests/randpool.dat') == 1024 assert Rand.load_file('tests/randpool.dat', -1) == 1024
def test_load_save(self): try: os.remove("test/randpool.dat") except OSError: pass assert Rand.load_file("test/randpool.dat", -1) == 0 assert Rand.save_file("test/randpool.dat") == 1024 assert Rand.load_file("test/randpool.dat", -1) == 1024
def get_ssl_context(): from M2Crypto import Rand Rand.load_file('randpool.dat', -1) ctx = init_context('sslv23', 'server.pem', 'ca.pem', SSL.verify_none) #SSL.verify_peer | SSL.verify_fail_if_no_peer_cert) ctx.set_tmp_dh('dh1024.pem') Rand.save_file('randpool.dat') return ctx
def startup(profileDir): """ Initialize the cryptographic services before doing any other cryptographic operations. @param profileDir: The profile directory. Additional entropy will be loaded from a file in this directory. It is not a fatal error if the file does not exist. """ m2threading.init() Rand.load_file(_randpoolPath(profileDir), -1)
def sign(cert_file, key_file, message, flags): """ Returns a der encoded signed message """ signer = SMIME.SMIME() signer.load_key(key_file, cert_file) Rand.load_file('randpool.dat', -1) p7 = signer.sign(BIO_from_buffer(message), flags=flags) Rand.save_file('randpool.dat') signed_message = BIO_from_buffer() p7.write_der(signed_message) return signed_message.read()
def __init__(self, handler, host='localhost', port=8000): threading.init() Rand.load_file('../randpool.dat', -1) ctx=echod_lib.init_context('sslv3','server.pem', 'ca.pem', SSL.verify_peer) ctx.set_tmp_dh('dh1024.pem') config = Config() server = TCPServer.__connection(self, host, port) while 1: server.OpenConnection() server.HandleConnection(handler,config.config,ctx) server.CloseConnection() Rand.save_file('../randpool.dat') threading.cleanup()
def set_message(self, message, certificates=[]): """Sign and encrypt the email and prepare it to send""" self.message = message # Seed the PRNG. Rand.load_file('randpool.dat', -1) smime = SMIME.SMIME() # put message with attachments into into SSL" I/O buffer msg_str = self.message.msg.as_string() msg_bio = BIO.MemoryBuffer(bytes(msg_str, 'utf-8')) if self.sign: smime.load_key(self.key, self.cert) p7 = smime.sign(msg_bio, SMIME.PKCS7_DETACHED) # Recreate the message because sign function has consumed it msg_bio = BIO.MemoryBuffer(bytes(msg_str, 'utf-8')) if self.encrypt: sk = X509.X509_Stack() for cert in certificates: sk.push(X509.load_cert(cert)) smime.set_x509_stack(sk) smime.set_cipher(SMIME.Cipher(self.cipher)) tmp_bio = BIO.MemoryBuffer() if self.sign: smime.write(tmp_bio, p7, msg_bio) else: tmp_bio.write(msg_str) p7 = smime.encrypt(tmp_bio) out = BIO.MemoryBuffer() out.write('From: %s\r\n' % self.message.sender) out.write('To: %s\r\n' % ", ".join(self.message.recipients)) out.write('Subject: %s\r\n' % self.message.subject) if self.encrypt: smime.write(out, p7) elif self.sign: smime.write(out, p7, msg_bio) else: out.write(msg_str) out.close() # Save the PRNG's state. Rand.save_file('randpool.dat') return out.read().decode("utf-8")
def start(self, handler, ssl, host, port,config): if ssl: Rand.load_file('ssl/randpool.dat', -1) ctx=echod_lib.init_context('sslv3','ssl/server.pem', 'ssl/ca.pem', SSL.verify_none) ctx.set_tmp_dh('ssl/dh1024.pem') if port==8000: port += 1 else: ctx = None server = self.__connection(host, port) while 1: server.OpenConnection() server.HandleConnection(handler,config.config,ctx) server.CloseConnection()
def sign_and_encrypt(self): # Make a MemoryBuffer of the message. buf = makebuf('a sign of our times') # Seed the PRNG. Rand.load_file(randpool, -1) # Instantiate an SMIME object. s = SMIME.SMIME() # Load signer's key and cert. Sign the buffer. s.load_key(signer_key, signer_cert) p7 = s.sign(buf, SMIME.PKCS7_DETACHED) # Load target cert to encrypt the signed message to. x509 = X509.load_cert(recipient_cert) sk = X509.X509_Stack() sk.push(x509) s.set_x509_stack(sk) # Set cipher: 3-key triple-DES in CBC mode. s.set_cipher(SMIME.Cipher('des_ede3_cbc')) # Create a temporary buffer. tmp = BIO.MemoryBuffer() # Write the signed message into the temporary buffer. s.write(tmp, p7, buf) # Encrypt the temporary buffer. p7 = s.encrypt(tmp) # Output p7 in mail-friendly format. out = BIO.MemoryBuffer() out.write('From: [email protected]\n') out.write('To: [email protected]\n') out.write('Subject: M2Crypto S/MIME testing\n') s.write(out, p7) result = out.read() # Save the PRNG's state. Rand.save_file(randpool) open('smime-m2-sign-encrypt.txt', 'wt').write(result)
def main(curve, hashalg): global ec, dgst # this exists ONLY for speed testing Rand.load_file('randpool.dat', -1) if curve in curves2: curve = 'X9_62_' + curve ec_curve = eval('EC.NID_%s' % curve) pvtkeyfilename = '%spvtkey.pem' % (curve) pubkeyfilename = '%spubkey.pem' % (curve) if makenewkey: print ' making and saving a new key' ec = EC.gen_params(ec_curve) ec.gen_key() ec.save_key(pvtkeyfilename, None) ec.save_pub_key(pubkeyfilename) else: print ' loading an existing key' ec = EC.load_key(pvtkeyfilename) print ' ecdsa key length:', len(ec) print ' curve: %s' % curve if not ec.check_key(): raise 'key is not initialised' if showpubkey: ec_pub = ec.pub() pub_der = ec_pub.get_der() pub_pem = base64.encodestring(pub_der) print ' PEM public key is: \n', pub_pem # since we are testing signing and verification, let's not # be fussy about the digest. Just make one. md = EVP.MessageDigest(hashalg) md.update('can you spell subliminal channel?') dgst = md.digest() print ' hash algorithm: %s' % hashalg if showdigest: print ' %s digest: \n%s' % (base64.encodestring(dgst)) test(ec, dgst) # test_asn1(ec, dgst) test_speed(ec, dgst) Rand.save_file('randpool.dat')
def main(curve, hashalg): global ec, dgst # this exists ONLY for speed testing Rand.load_file('randpool.dat', -1) if curve in curves2: curve = 'X9_62_' + curve ec_curve = eval('EC.NID_%s' % curve) pvtkeyfilename = '%spvtkey.pem' % (curve) pubkeyfilename = '%spubkey.pem' % (curve) if makenewkey: print ' making and saving a new key' ec = EC.gen_params(ec_curve) ec.gen_key() ec.save_key(pvtkeyfilename, None ) ec.save_pub_key(pubkeyfilename) else: print ' loading an existing key' ec=EC.load_key(pvtkeyfilename) print ' ecdsa key length:', len(ec) print ' curve: %s' % curve if not ec.check_key(): raise 'key is not initialised' if showpubkey: ec_pub = ec.pub() pub_der = ec_pub.get_der() pub_pem = base64.encodestring(pub_der) print ' PEM public key is: \n',pub_pem # since we are testing signing and verification, let's not # be fussy about the digest. Just make one. md = EVP.MessageDigest(hashalg) md.update('can you spell subliminal channel?') dgst = md.digest() print ' hash algorithm: %s' % hashalg if showdigest: print ' %s digest: \n%s' % (base64.encodestring(dgst)) test(ec, dgst) # test_asn1(ec, dgst) test_speed(ec, dgst) Rand.save_file('randpool.dat')
def runall(report_leaks=0): report_leaks = report_leaks if report_leaks: import gc gc.enable() gc.set_debug(gc.DEBUG_LEAK & ~gc.DEBUG_SAVEALL) import os, unittest from M2Crypto import Rand try: Rand.load_file('tests/randpool.dat', -1) unittest.TextTestRunner(verbosity=2).run(suite()) Rand.save_file('tests/randpool.dat') finally: if os.name == 'posix': from test_ssl import zap_servers zap_servers() if report_leaks: dump_garbage()
def runall(report_leaks=0): report_leaks = report_leaks if report_leaks: import gc gc.enable() gc.set_debug(gc.DEBUG_LEAK & ~gc.DEBUG_SAVEALL) import os, unittest from M2Crypto import Rand try: Rand.load_file('test/randpool.dat', -1) unittest.TextTestRunner(verbosity=2).run(suite()) Rand.save_file('test/randpool.dat') finally: if os.name == 'posix': from test_ssl import zap_servers zap_servers() if report_leaks: dump_garbage()
def sign(input_bio, private_key, cert, keyring_source, type): """ Signs the input data with the private key and the certificate from keyring source. @type input_bio: M2Crypto.BIO @param input_bio: input data to sign. @type private_key: filepath or M2Crypto.BIO or M2Crypto.EVP.PKey @param private_key: sender private key reference, could be from file, from memory or from pkcs11 smartcard, based on keyring_soruce input parameter. @type cert: filepath or M2Crypto.BIO or M2Crypto.X509.X509 @param cert: sender certificate, could be from filepath, from memory or from pkcs11 smartcard, based on keyring_soruce input parameter. @type keyring_source: str @keyword keyring_source: the type of the source for input certificate, used to recall the appropriate method for signer settings. Ammitted values are: file, memory, pkcs11. @type type: str @keyword type: specifies the type of output PKCS#7 data: PEM or DER @rtype: M2Crypto.SMIME.PKCS7 @return: the PKCS#7 signed data in PEM or DER format. """ signer = SMIME.SMIME() set_keyring(signer, private_key, cert, keyring_source) Rand.load_file('randpool.dat', -1) try: if type == 'PEM': p7 = signer.sign(input_bio, flags=SMIME.PKCS7_DETACHED) elif type == 'DER': p7 = signer.sign(input_bio) else: logging.error('pkcs7 type error: unknown type') raise BadPKCS7Type('unknown type: ' + type + '; possible values: PEM, DER') except SMIME.SMIME_Error, e: logging.error('smime error: ' + str(e)) raise
r = BN.rand_range(1) assert r == 0 for x in range(loops): r = BN.rand_range(4) assert 0 <= r < 4 # large range r512 = BN.rand(512, top=0) for x in range(loops): r = BN.rand_range(r512) assert 0 <= r < r512 def test_randfname(self): m = re.compile('^[a-zA-Z0-9]{8}$') for x in range(loops): r = BN.randfname(8) assert m.match(r) def suite(): return unittest.makeSuite(BNTestCase) if __name__ == '__main__': Rand.load_file('randpool.dat', -1) unittest.TextTestRunner().run(suite()) Rand.save_file('randpool.dat')
from M2Crypto import BIO, Rand, SMIME def makebuf(text): return BIO.MemoryBuffer(text) # Make a MemoryBuffer of the message. buf = makebuf('a sign of our times') # Seed the PRNG. Rand.load_file('randpool.dat', -1) # Instantiate an SMIME object; set it up; sign the buffer. s = SMIME.SMIME() s.load_key('mycert-private.pem', 'mycert.pem') p7 = s.sign(buf, SMIME.PKCS7_DETACHED) # Recreate buf. buf = makebuf("""Content-Type: text/plain a sign of our times""") # Output p7 in mail-friendly format. out = BIO.MemoryBuffer() s.write(out, p7, buf) #p7.write(out) print out.read() # Save the PRNG's state. Rand.save_file('randpool.dat')
def retfun(*args, **kwargs): Rand.load_file(global_randfile, -1) r = function(*args, **kwargs) Rand.save_file(global_randfile) return r
def sign_and_attachment(self): server = 'mail.example.dom' sender = '*****@*****.**' to = [ '*****@*****.**', ] subject = 'test' text = 'test message' files = ['m2-demo.py'] attachments = {} bcc = [] if isinstance(to, str): to = [to] # create multipart message msg = MIMEMultipart() # attach message text as first attachment msg.attach(MIMEText(text)) # attach files to be read from file system for file in files: part = MIMEBase('application', "octet-stream") part.set_payload(open(file, "rb").read()) Encoders.encode_base64(part) part.add_header( 'Content-Disposition', 'attachment; filename="%s"' % os.path.basename(file)) msg.attach(part) # attach filest read from dictionary for name in attachments: part = MIMEBase('application', "octet-stream") part.set_payload(attachments[name]) Encoders.encode_base64(part) part.add_header('Content-Disposition', 'attachment; filename="%s"' % name) msg.attach(part) # put message with attachments into into SSL' I/O buffer msg_str = msg.as_string() buf = BIO.MemoryBuffer(msg_str) # load seed file for PRNG Rand.load_file(randpool, -1) smime = SMIME.SMIME() # load certificate smime.load_key(signer_key, signer_cert) # sign whole message p7 = smime.sign(buf, SMIME.PKCS7_DETACHED) # create buffer for final mail and write header out = BIO.MemoryBuffer() out.write('From: %s\n' % sender) out.write('To: %s\n' % COMMASPACE.join(to)) out.write('Date: %s\n' % formatdate(localtime=True)) out.write('Subject: %s\n' % subject) out.write('Auto-Submitted: %s\n' % 'auto-generated') # convert message back into string buf = BIO.MemoryBuffer(msg_str) # append signed message and original message to mail header smime.write(out, p7, buf) # load save seed file for PRNG Rand.save_file(randpool) # extend list of recipents with bcc adresses to.extend(bcc) result = out.read() open('smime-m2-attachment.txt', 'wt').write(result) return # finaly send mail smtp = smtplib.SMTP(server) smtp.sendmail(sender, to, result) smtp.close()
"""S/MIME HOWTO demo program. Copyright (c) 1999-2001 Ng Pheng Siong. All rights reserved.""" from M2Crypto import BIO, Rand, SMIME, X509 def makebuf(text): return BIO.MemoryBuffer(text) # Make a MemoryBuffer of the message. buf = makebuf("a sign of our times") # Seed the PRNG. Rand.load_file("randpool.dat", -1) # Instantiate an SMIME object. s = SMIME.SMIME() # Load signer's key and cert. Sign the buffer. s.load_key("signer_key.pem", "signer.pem") p7 = s.sign(buf) # Load target cert to encrypt the signed message to. x509 = X509.load_cert("recipient.pem") sk = X509.X509_Stack() sk.push(x509) s.set_x509_stack(sk) # Set cipher: 3-key triple-DES in CBC mode.
def setUp(self): """ override TestAsServer """ TestAsServer.setUp(self) Rand.load_file('randpool.dat', -1)
from M2Crypto import BIO, SMIME, X509, Rand # cert=".certs/book.com/cert.pem" rand=".certs/book.com/rand.pem" json='{ "name":"hdknr","address":"shibuya" }' # Buffer buf = BIO.MemoryBuffer(json) # Seed the PRNG Rand.load_file(rand,-1) # S/MIME object s = SMIME.SMIME() # Load certificate x509 = X509.load_cert(cert) sk=X509.X509_Stack() sk.push(x509) s.set_x509_stack(sk) #Set cipher: 3-key triple-DES in CBC mode. s.set_cipher(SMIME.Cipher('des_ede3_cbc')) # Encrypt the buffer. p7 = s.encrypt(buf) #p7 = s.sign(buf) out = BIO.MemoryBuffer() s.write(out, p7) smime = out.read()
def send_mail_ssl(server, sender, to, to_cert, subject, text, files=[], attachments={}, send=False): """ Sends SSL signed mail server - mailserver domain name eg. smtp.foo.bar sender - content of From field eg. "No Reply" <*****@*****.**> to - string with email addresses of recipent subject - subject of a mail text - text of email files - list of strings with paths to file to be attached attachmets - dict where keys are file names and values are content of files to be attached send - bool whether message should really be sent """ # create multipart message msg = MIMEMultipart() # attach message text as first attachment msg.attach(MIMEText(text)) # attach files to be read from file system for file in files: part = MIMEBase('application', "octet-stream") part.set_payload(open(file, "rb").read() ) Encoders.encode_base64(part) part.add_header('Content-Disposition', 'attachment; filename="%s"' % os.path.basename(file)) msg.attach(part) # attach filest read from dictionary for name in attachments: part = MIMEBase('application', "octet-stream") part.set_payload(attachments[name]) Encoders.encode_base64(part) part.add_header('Content-Disposition', 'attachment; filename="%s"' % name) msg.attach(part) msg_str = msg.as_string() # Make a MemoryBuffer of the message. buf = BIO.MemoryBuffer(msg_str) # Seed the PRNG. Rand.load_file('randpool.dat', -1) # Instantiate an SMIME object. s = SMIME.SMIME() # Load target cert to encrypt to. x509 = X509.load_cert_string(to_cert) sk = X509.X509_Stack() sk.push(x509) s.set_x509_stack(sk) # Set cipher: 3-key triple-DES in CBC mode. s.set_cipher(SMIME.Cipher('des_ede3_cbc')) # Encrypt the buffer. p7 = s.encrypt(buf) # Output p7 in mail-friendly format. out = BIO.MemoryBuffer() out.write('From: %s\n' % sender) out.write('To: %s\n' % to) out.write('Subject: %s\n' % subject) # append signed message and original message to mail header s.write(out, p7) # Save the PRNG's state. Rand.save_file('randpool.dat') # finally send mail if send: # print("would have sent") smtp = smtplib.SMTP(server) smtp.sendmail(sender, to, out.read() ) smtp.close() else: print("sending is disabled (use --send)")
pass except: raise # Check umask sanity if we're on posix. if os.name == 'posix' and not os.environ.get('Z_DEBUG_MODE'): # umask is silly, blame POSIX. We have to set it to get its value. current_umask = os.umask(0) os.umask(current_umask) if current_umask != 077: current_umask = '%03o' % current_umask zLOG.LOG("z2", zLOG.INFO, ( 'Your umask of %s may be too permissive; for the security of ' 'your Zope data, it is recommended you use 077' % current_umask )) except: # Log startup exception and tell zdaemon not to restart us. try: zLOG.LOG("z2", zLOG.PANIC, "Startup exception", error=sys.exc_info()) except: pass sys.exit(0) # Start Medusa, Ye Hass! Rand.load_file('%s/randpool.dat' % INSTANCE_HOME, -1) sys.ZServerExitCode=0 asyncore.loop() Rand.save_file('%s/randpool.dat' % INSTANCE_HOME) sys.exit(sys.ZServerExitCode)
class HTTPS_Server(SSLServer): def __init__(self, ME, HandlerClass, sslctx): SSLServer.__init__(self, ME, HandlerClass, sslctx) self.tracefile = None def finish(self): self.request.set_shutdown(SSL.SSL_RECEIVED_SHUTDOWN | SSL.SSL_SENT_SHUTDOWN) self.request.close() def init_ssl_context(dir, debug=None): ctx = SSL.Context('sslv23') if debug: ctx.set_info_callback() ctx.load_cert(certfile=dir+'/cert.pem', keyfile=dir+'/plainkey.pem') ctx.set_verify(SSL.verify_none, 1) ctx.set_allow_unknown_ca(1) ctx.set_session_id_ctx('xkms_srv') return ctx dir = os.environ.get('XKMSHOME', '/opt/xkms') + '/openssl/ssl' randfile = dir + '/xkms-ca/.rand' Rand.load_file(randfile, -1) sslctx = init_ssl_context(dir, 1) s = HTTPS_Server(('', 9999), XKMSRequestHandler, sslctx) s.tracefile=sys.stderr try: s.serve_forever() except KeyboardInterrupt: print "Quitting..." pass Rand.save_file(randfile)
from M2Crypto import BIO, SMIME, X509, Rand # cert = ".certs/book.com/cert.pem" rand = ".certs/book.com/rand.pem" json = '{ "name":"hdknr","address":"shibuya" }' # Buffer buf = BIO.MemoryBuffer(json) # Seed the PRNG Rand.load_file(rand, -1) # S/MIME object s = SMIME.SMIME() # Load certificate x509 = X509.load_cert(cert) sk = X509.X509_Stack() sk.push(x509) s.set_x509_stack(sk) #Set cipher: 3-key triple-DES in CBC mode. s.set_cipher(SMIME.Cipher('des_ede3_cbc')) # Encrypt the buffer. p7 = s.encrypt(buf) #p7 = s.sign(buf) out = BIO.MemoryBuffer() s.write(out, p7) smime = out.read()