diff options
Diffstat (limited to 'doc/html/howto.smime.html')
-rw-r--r-- | doc/html/howto.smime.html | 724 |
1 files changed, 367 insertions, 357 deletions
diff --git a/doc/html/howto.smime.html b/doc/html/howto.smime.html index d1ae312..75a4ecf 100644 --- a/doc/html/howto.smime.html +++ b/doc/html/howto.smime.html @@ -1,50 +1,42 @@ - <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> - <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> - - <title>HOWTO: Programming S/MIME in Python with M2Crypto — M2Crypto documentation</title> - - <link rel="stylesheet" href="_static/default.css" type="text/css" /> + <title>HOWTO: Programming S/MIME in Python with M2Crypto — M2Crypto documentation</title> + <link rel="stylesheet" href="_static/alabaster.css" type="text/css" /> <link rel="stylesheet" href="_static/pygments.css" type="text/css" /> - <script type="text/javascript"> var DOCUMENTATION_OPTIONS = { - URL_ROOT: '', + URL_ROOT: './', VERSION: '', COLLAPSE_INDEX: false, FILE_SUFFIX: '.html', - HAS_SOURCE: true + HAS_SOURCE: true, + SOURCELINK_SUFFIX: '.txt' }; </script> <script type="text/javascript" src="_static/jquery.js"></script> <script type="text/javascript" src="_static/underscore.js"></script> <script type="text/javascript" src="_static/doctools.js"></script> - <link rel="top" title="M2Crypto documentation" href="index.html" /> + <link rel="index" title="Index" href="genindex.html" /> + <link rel="search" title="Search" href="search.html" /> + + <link rel="stylesheet" href="_static/custom.css" type="text/css" /> + + + <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" /> + </head> <body> - <div class="related"> - <h3>Navigation</h3> - <ul> - <li class="right" style="margin-right: 10px"> - <a href="genindex.html" title="General Index" - accesskey="I">index</a></li> - <li class="right" > - <a href="py-modindex.html" title="Python Module Index" - >modules</a> |</li> - <li><a href="index.html">M2Crypto documentation</a> »</li> - </ul> - </div> + <div class="document"> <div class="documentwrapper"> <div class="bodywrapper"> - <div class="body"> + <div class="body" role="main"> <div class="section" id="howto-programming-s-mime-in-python-with-m2crypto"> <span id="howto-smime"></span><h1>HOWTO: Programming S/MIME in Python with M2Crypto<a class="headerlink" href="#howto-programming-s-mime-in-python-with-m2crypto" title="Permalink to this headline">¶</a></h1> @@ -86,7 +78,7 @@ said public key.</p> <p>To create an S/MIME-encrypted message, you need an X.509 certificate for each recipient.</p> <p>To create an S/MIME-signed <em>and</em> -encrypted message, first create a -signed message, then encrypt the signed message with the recipients’ +signed message, then encrypt the signed message with the recipients’ certificates.</p> <p>You may generate key pairs and obtain certificates by using a commercial <em>certification authority</em> service.</p> @@ -97,122 +89,127 @@ this approach is cheap and effective.</p> certificates. This assumes you have OpenSSL installed properly on your system.</p> <p>First, we generate an X.509 certificate to be used for signing:</p> -<div class="highlight-python"><pre>openssl req -newkey rsa:1024 -nodes -x509 -days 365 -out signer.pem - -Using configuration from /usr/local/pkg/openssl/openssl.cnf -Generating a 1024 bit RSA private key -..++++++ -....................++++++ -writing new private key to 'privkey.pem' ------ -You are about to be asked to enter information that will be incorporated -into your certificate request. -What you are about to enter is what is called a Distinguished Name or a DN. -There are quite a few fields but you can leave some blank -For some fields there will be a default value, -If you enter '.', the field will be left blank. ------ -Country Name (2 letter code) [AU]:SG -State or Province Name (full name) [Some-State]:. -Locality Name (eg, city) []:. -Organization Name (eg, company) [Internet Widgits Pty Ltd]:M2Crypto -Organizational Unit Name (eg, section) []:. -Common Name (eg, YOUR name) []:S/MIME Sender -Email Address []:sender@example.dom</pre> +<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">openssl</span> <span class="n">req</span> <span class="o">-</span><span class="n">newkey</span> <span class="n">rsa</span><span class="p">:</span><span class="mi">1024</span> <span class="o">-</span><span class="n">nodes</span> <span class="o">-</span><span class="n">x509</span> <span class="o">-</span><span class="n">days</span> <span class="mi">365</span> <span class="o">-</span><span class="n">out</span> <span class="n">signer</span><span class="o">.</span><span class="n">pem</span> + +<span class="n">Using</span> <span class="n">configuration</span> <span class="kn">from</span> <span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">local</span><span class="o">/</span><span class="n">pkg</span><span class="o">/</span><span class="n">openssl</span><span class="o">/</span><span class="n">openssl</span><span class="o">.</span><span class="n">cnf</span> +<span class="n">Generating</span> <span class="n">a</span> <span class="mi">1024</span> <span class="n">bit</span> <span class="n">RSA</span> <span class="n">private</span> <span class="n">key</span> +<span class="o">..++++++</span> +<span class="o">....................++++++</span> +<span class="n">writing</span> <span class="n">new</span> <span class="n">private</span> <span class="n">key</span> <span class="n">to</span> <span class="s1">'privkey.pem'</span> +<span class="o">-----</span> +<span class="n">You</span> <span class="n">are</span> <span class="n">about</span> <span class="n">to</span> <span class="n">be</span> <span class="n">asked</span> <span class="n">to</span> <span class="n">enter</span> <span class="n">information</span> <span class="n">that</span> <span class="n">will</span> <span class="n">be</span> <span class="n">incorporated</span> +<span class="n">into</span> <span class="n">your</span> <span class="n">certificate</span> <span class="n">request</span><span class="o">.</span> +<span class="n">What</span> <span class="n">you</span> <span class="n">are</span> <span class="n">about</span> <span class="n">to</span> <span class="n">enter</span> <span class="ow">is</span> <span class="n">what</span> <span class="ow">is</span> <span class="n">called</span> <span class="n">a</span> <span class="n">Distinguished</span> <span class="n">Name</span> <span class="ow">or</span> <span class="n">a</span> <span class="n">DN</span><span class="o">.</span> +<span class="n">There</span> <span class="n">are</span> <span class="n">quite</span> <span class="n">a</span> <span class="n">few</span> <span class="n">fields</span> <span class="n">but</span> <span class="n">you</span> <span class="n">can</span> <span class="n">leave</span> <span class="n">some</span> <span class="n">blank</span> +<span class="n">For</span> <span class="n">some</span> <span class="n">fields</span> <span class="n">there</span> <span class="n">will</span> <span class="n">be</span> <span class="n">a</span> <span class="n">default</span> <span class="n">value</span><span class="p">,</span> +<span class="n">If</span> <span class="n">you</span> <span class="n">enter</span> <span class="s1">'.'</span><span class="p">,</span> <span class="n">the</span> <span class="n">field</span> <span class="n">will</span> <span class="n">be</span> <span class="n">left</span> <span class="n">blank</span><span class="o">.</span> +<span class="o">-----</span> +<span class="n">Country</span> <span class="n">Name</span> <span class="p">(</span><span class="mi">2</span> <span class="n">letter</span> <span class="n">code</span><span class="p">)</span> <span class="p">[</span><span class="n">AU</span><span class="p">]:</span><span class="n">SG</span> +<span class="n">State</span> <span class="ow">or</span> <span class="n">Province</span> <span class="n">Name</span> <span class="p">(</span><span class="n">full</span> <span class="n">name</span><span class="p">)</span> <span class="p">[</span><span class="n">Some</span><span class="o">-</span><span class="n">State</span><span class="p">]:</span><span class="o">.</span> +<span class="n">Locality</span> <span class="n">Name</span> <span class="p">(</span><span class="n">eg</span><span class="p">,</span> <span class="n">city</span><span class="p">)</span> <span class="p">[]:</span><span class="o">.</span> +<span class="n">Organization</span> <span class="n">Name</span> <span class="p">(</span><span class="n">eg</span><span class="p">,</span> <span class="n">company</span><span class="p">)</span> <span class="p">[</span><span class="n">Internet</span> <span class="n">Widgits</span> <span class="n">Pty</span> <span class="n">Ltd</span><span class="p">]:</span><span class="n">M2Crypto</span> +<span class="n">Organizational</span> <span class="n">Unit</span> <span class="n">Name</span> <span class="p">(</span><span class="n">eg</span><span class="p">,</span> <span class="n">section</span><span class="p">)</span> <span class="p">[]:</span><span class="o">.</span> +<span class="n">Common</span> <span class="n">Name</span> <span class="p">(</span><span class="n">eg</span><span class="p">,</span> <span class="n">YOUR</span> <span class="n">name</span><span class="p">)</span> <span class="p">[]:</span><span class="n">S</span><span class="o">/</span><span class="n">MIME</span> <span class="n">Sender</span> +<span class="n">Email</span> <span class="n">Address</span> <span class="p">[]:</span><span class="n">sender</span><span class="nd">@example</span><span class="o">.</span><span class="n">dom</span> +</pre></div> </div> <p>This generates a 1024-bit RSA key pair, unencrypted, into -<tt class="docutils literal"><span class="pre">privkey.pem</span></tt>; it also generates a self-signed X.509 certificate for -the public key into <tt class="docutils literal"><span class="pre">signer.pem</span></tt>. The certificate is valid for 365 +<code class="docutils literal"><span class="pre">privkey.pem</span></code>; it also generates a self-signed X.509 certificate for +the public key into <code class="docutils literal"><span class="pre">signer.pem</span></code>. The certificate is valid for 365 days, i.e., a year.</p> -<p>Let’s rename <tt class="docutils literal"><span class="pre">privkey.pem</span></tt> so that we know it is a companion of -<tt class="docutils literal"><span class="pre">signer.pem</span></tt>‘s:</p> -<div class="highlight-python"><pre>mv privkey.pem signer_key.pem</pre> -</div> -<p>To verify the content of <tt class="docutils literal"><span class="pre">signer.pem</span></tt>, execute the following:</p> -<div class="highlight-python"><pre>openssl x509 -noout -text -in signer.pem - -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 0 (0x0) - Signature Algorithm: md5WithRSAEncryption - Issuer: C=SG, O=M2Crypto, CN=S/MIME Sender/Email=sender@example.dom - Validity - Not Before: Mar 24 12:56:16 2001 GMT - Not After : Mar 24 12:56:16 2002 GMT - Subject: C=SG, O=M2Crypto, CN=S/MIME Sender/Email=sender@example.dom - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:a9:d6:e2:b5:11:3b:ae:3c:e2:17:31:70:e1:6e: - 01:f4:19:6d:bd:2a:42:36:2b:37:34:e2:83:1d:0d: - 11:2e:b4:99:44:db:10:67:be:97:5f:5b:1a:26:33: - 46:23:2f:95:04:7a:35:da:9d:f9:26:88:39:9e:17: - cd:3e:eb:a8:19:8d:a8:2a:f1:43:da:55:a9:2e:2c: - 65:ed:04:71:42:ce:73:53:b8:ea:7e:c7:f0:23:c6: - 63:c5:5e:68:96:64:a7:b4:2a:94:26:76:eb:79:ea: - e3:4e:aa:82:09:4f:44:87:4a:12:62:b5:d7:1f:ca: - f2:ce:d5:ba:7e:1f:48:fd:b9 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Subject Key Identifier: - 29:FB:38:B6:BF:E2:40:BB:FF:D5:71:D7:D5:C4:F0:83:1A:2B:C7:99 - X509v3 Authority Key Identifier: - keyid:29:FB:38:B6:BF:E2:40:BB:FF:D5:71:D7:D5:C4:F0:83:1A:2B:C7:99 - DirName:/C=SG/O=M2Crypto/CN=S/MIME Sender/Email=sender@example.dom - serial:00 - - X509v3 Basic Constraints: - CA:TRUE - Signature Algorithm: md5WithRSAEncryption - 68:c8:6b:1b:fa:7c:9a:39:35:76:18:15:c9:fd:89:97:62:db: - 7a:b0:2d:13:dd:97:e8:1b:7a:9f:22:27:83:24:9d:2e:56:ec: - 97:89:3c:ef:16:55:80:5a:18:7c:22:d0:f6:bb:e3:a4:e8:59: - 30:ff:99:5a:93:3e:ea:bc:ee:7f:8d:d6:7d:37:8c:ac:3d:74: - 80:ce:7a:99:ba:27:b9:2a:a3:71:fa:a5:25:ba:47:17:df:07: - 56:96:36:fd:60:b9:6c:96:06:e8:e3:7b:9f:4b:6a:95:71:a8: - 34:fc:fc:b5:88:8b:c4:3f:1e:24:f6:52:47:b2:7d:44:67:d9: - 83:e8</pre> +<p>Let’s rename <code class="docutils literal"><span class="pre">privkey.pem</span></code> so that we know it is a companion of +<code class="docutils literal"><span class="pre">signer.pem</span></code>’s:</p> +<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">mv</span> <span class="n">privkey</span><span class="o">.</span><span class="n">pem</span> <span class="n">signer_key</span><span class="o">.</span><span class="n">pem</span> +</pre></div> +</div> +<p>To verify the content of <code class="docutils literal"><span class="pre">signer.pem</span></code>, execute the following:</p> +<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">openssl</span> <span class="n">x509</span> <span class="o">-</span><span class="n">noout</span> <span class="o">-</span><span class="n">text</span> <span class="o">-</span><span class="ow">in</span> <span class="n">signer</span><span class="o">.</span><span class="n">pem</span> + +<span class="n">Certificate</span><span class="p">:</span> + <span class="n">Data</span><span class="p">:</span> + <span class="n">Version</span><span class="p">:</span> <span class="mi">3</span> <span class="p">(</span><span class="mh">0x2</span><span class="p">)</span> + <span class="n">Serial</span> <span class="n">Number</span><span class="p">:</span> <span class="mi">0</span> <span class="p">(</span><span class="mh">0x0</span><span class="p">)</span> + <span class="n">Signature</span> <span class="n">Algorithm</span><span class="p">:</span> <span class="n">md5WithRSAEncryption</span> + <span class="n">Issuer</span><span class="p">:</span> <span class="n">C</span><span class="o">=</span><span class="n">SG</span><span class="p">,</span> <span class="n">O</span><span class="o">=</span><span class="n">M2Crypto</span><span class="p">,</span> <span class="n">CN</span><span class="o">=</span><span class="n">S</span><span class="o">/</span><span class="n">MIME</span> <span class="n">Sender</span><span class="o">/</span><span class="n">Email</span><span class="o">=</span><span class="n">sender</span><span class="nd">@example</span><span class="o">.</span><span class="n">dom</span> + <span class="n">Validity</span> + <span class="n">Not</span> <span class="n">Before</span><span class="p">:</span> <span class="n">Mar</span> <span class="mi">24</span> <span class="mi">12</span><span class="p">:</span><span class="mi">56</span><span class="p">:</span><span class="mi">16</span> <span class="mi">2001</span> <span class="n">GMT</span> + <span class="n">Not</span> <span class="n">After</span> <span class="p">:</span> <span class="n">Mar</span> <span class="mi">24</span> <span class="mi">12</span><span class="p">:</span><span class="mi">56</span><span class="p">:</span><span class="mi">16</span> <span class="mi">2002</span> <span class="n">GMT</span> + <span class="n">Subject</span><span class="p">:</span> <span class="n">C</span><span class="o">=</span><span class="n">SG</span><span class="p">,</span> <span class="n">O</span><span class="o">=</span><span class="n">M2Crypto</span><span class="p">,</span> <span class="n">CN</span><span class="o">=</span><span class="n">S</span><span class="o">/</span><span class="n">MIME</span> <span class="n">Sender</span><span class="o">/</span><span class="n">Email</span><span class="o">=</span><span class="n">sender</span><span class="nd">@example</span><span class="o">.</span><span class="n">dom</span> + <span class="n">Subject</span> <span class="n">Public</span> <span class="n">Key</span> <span class="n">Info</span><span class="p">:</span> + <span class="n">Public</span> <span class="n">Key</span> <span class="n">Algorithm</span><span class="p">:</span> <span class="n">rsaEncryption</span> + <span class="n">RSA</span> <span class="n">Public</span> <span class="n">Key</span><span class="p">:</span> <span class="p">(</span><span class="mi">1024</span> <span class="n">bit</span><span class="p">)</span> + <span class="n">Modulus</span> <span class="p">(</span><span class="mi">1024</span> <span class="n">bit</span><span class="p">):</span> + <span class="mi">00</span><span class="p">:</span><span class="n">a9</span><span class="p">:</span><span class="n">d6</span><span class="p">:</span><span class="n">e2</span><span class="p">:</span><span class="n">b5</span><span class="p">:</span><span class="mi">11</span><span class="p">:</span><span class="mi">3</span><span class="n">b</span><span class="p">:</span><span class="n">ae</span><span class="p">:</span><span class="mi">3</span><span class="n">c</span><span class="p">:</span><span class="n">e2</span><span class="p">:</span><span class="mi">17</span><span class="p">:</span><span class="mi">31</span><span class="p">:</span><span class="mi">70</span><span class="p">:</span><span class="n">e1</span><span class="p">:</span><span class="mi">6</span><span class="n">e</span><span class="p">:</span> + <span class="mi">01</span><span class="p">:</span><span class="n">f4</span><span class="p">:</span><span class="mi">19</span><span class="p">:</span><span class="mi">6</span><span class="n">d</span><span class="p">:</span><span class="n">bd</span><span class="p">:</span><span class="mi">2</span><span class="n">a</span><span class="p">:</span><span class="mi">42</span><span class="p">:</span><span class="mi">36</span><span class="p">:</span><span class="mi">2</span><span class="n">b</span><span class="p">:</span><span class="mi">37</span><span class="p">:</span><span class="mi">34</span><span class="p">:</span><span class="n">e2</span><span class="p">:</span><span class="mi">83</span><span class="p">:</span><span class="mi">1</span><span class="n">d</span><span class="p">:</span><span class="mi">0</span><span class="n">d</span><span class="p">:</span> + <span class="mi">11</span><span class="p">:</span><span class="mi">2</span><span class="n">e</span><span class="p">:</span><span class="n">b4</span><span class="p">:</span><span class="mi">99</span><span class="p">:</span><span class="mi">44</span><span class="p">:</span><span class="n">db</span><span class="p">:</span><span class="mi">10</span><span class="p">:</span><span class="mi">67</span><span class="p">:</span><span class="n">be</span><span class="p">:</span><span class="mi">97</span><span class="p">:</span><span class="mi">5</span><span class="n">f</span><span class="p">:</span><span class="mi">5</span><span class="n">b</span><span class="p">:</span><span class="mi">1</span><span class="n">a</span><span class="p">:</span><span class="mi">26</span><span class="p">:</span><span class="mi">33</span><span class="p">:</span> + <span class="mi">46</span><span class="p">:</span><span class="mi">23</span><span class="p">:</span><span class="mi">2</span><span class="n">f</span><span class="p">:</span><span class="mi">95</span><span class="p">:</span><span class="mi">04</span><span class="p">:</span><span class="mi">7</span><span class="n">a</span><span class="p">:</span><span class="mi">35</span><span class="p">:</span><span class="n">da</span><span class="p">:</span><span class="mi">9</span><span class="n">d</span><span class="p">:</span><span class="n">f9</span><span class="p">:</span><span class="mi">26</span><span class="p">:</span><span class="mi">88</span><span class="p">:</span><span class="mi">39</span><span class="p">:</span><span class="mi">9</span><span class="n">e</span><span class="p">:</span><span class="mi">17</span><span class="p">:</span> + <span class="n">cd</span><span class="p">:</span><span class="mi">3</span><span class="n">e</span><span class="p">:</span><span class="n">eb</span><span class="p">:</span><span class="n">a8</span><span class="p">:</span><span class="mi">19</span><span class="p">:</span><span class="mi">8</span><span class="n">d</span><span class="p">:</span><span class="n">a8</span><span class="p">:</span><span class="mi">2</span><span class="n">a</span><span class="p">:</span><span class="n">f1</span><span class="p">:</span><span class="mi">43</span><span class="p">:</span><span class="n">da</span><span class="p">:</span><span class="mi">55</span><span class="p">:</span><span class="n">a9</span><span class="p">:</span><span class="mi">2</span><span class="n">e</span><span class="p">:</span><span class="mi">2</span><span class="n">c</span><span class="p">:</span> + <span class="mi">65</span><span class="p">:</span><span class="n">ed</span><span class="p">:</span><span class="mi">04</span><span class="p">:</span><span class="mi">71</span><span class="p">:</span><span class="mi">42</span><span class="p">:</span><span class="n">ce</span><span class="p">:</span><span class="mi">73</span><span class="p">:</span><span class="mi">53</span><span class="p">:</span><span class="n">b8</span><span class="p">:</span><span class="n">ea</span><span class="p">:</span><span class="mi">7</span><span class="n">e</span><span class="p">:</span><span class="n">c7</span><span class="p">:</span><span class="n">f0</span><span class="p">:</span><span class="mi">23</span><span class="p">:</span><span class="n">c6</span><span class="p">:</span> + <span class="mi">63</span><span class="p">:</span><span class="n">c5</span><span class="p">:</span><span class="mi">5</span><span class="n">e</span><span class="p">:</span><span class="mi">68</span><span class="p">:</span><span class="mi">96</span><span class="p">:</span><span class="mi">64</span><span class="p">:</span><span class="n">a7</span><span class="p">:</span><span class="n">b4</span><span class="p">:</span><span class="mi">2</span><span class="n">a</span><span class="p">:</span><span class="mi">94</span><span class="p">:</span><span class="mi">26</span><span class="p">:</span><span class="mi">76</span><span class="p">:</span><span class="n">eb</span><span class="p">:</span><span class="mi">79</span><span class="p">:</span><span class="n">ea</span><span class="p">:</span> + <span class="n">e3</span><span class="p">:</span><span class="mi">4</span><span class="n">e</span><span class="p">:</span><span class="n">aa</span><span class="p">:</span><span class="mi">82</span><span class="p">:</span><span class="mi">09</span><span class="p">:</span><span class="mi">4</span><span class="n">f</span><span class="p">:</span><span class="mi">44</span><span class="p">:</span><span class="mi">87</span><span class="p">:</span><span class="mi">4</span><span class="n">a</span><span class="p">:</span><span class="mi">12</span><span class="p">:</span><span class="mi">62</span><span class="p">:</span><span class="n">b5</span><span class="p">:</span><span class="n">d7</span><span class="p">:</span><span class="mi">1</span><span class="n">f</span><span class="p">:</span><span class="n">ca</span><span class="p">:</span> + <span class="n">f2</span><span class="p">:</span><span class="n">ce</span><span class="p">:</span><span class="n">d5</span><span class="p">:</span><span class="n">ba</span><span class="p">:</span><span class="mi">7</span><span class="n">e</span><span class="p">:</span><span class="mi">1</span><span class="n">f</span><span class="p">:</span><span class="mi">48</span><span class="p">:</span><span class="n">fd</span><span class="p">:</span><span class="n">b9</span> + <span class="n">Exponent</span><span class="p">:</span> <span class="mi">65537</span> <span class="p">(</span><span class="mh">0x10001</span><span class="p">)</span> + <span class="n">X509v3</span> <span class="n">extensions</span><span class="p">:</span> + <span class="n">X509v3</span> <span class="n">Subject</span> <span class="n">Key</span> <span class="n">Identifier</span><span class="p">:</span> + <span class="mi">29</span><span class="p">:</span><span class="n">FB</span><span class="p">:</span><span class="mi">38</span><span class="p">:</span><span class="n">B6</span><span class="p">:</span><span class="n">BF</span><span class="p">:</span><span class="n">E2</span><span class="p">:</span><span class="mi">40</span><span class="p">:</span><span class="n">BB</span><span class="p">:</span><span class="n">FF</span><span class="p">:</span><span class="n">D5</span><span class="p">:</span><span class="mi">71</span><span class="p">:</span><span class="n">D7</span><span class="p">:</span><span class="n">D5</span><span class="p">:</span><span class="n">C4</span><span class="p">:</span><span class="n">F0</span><span class="p">:</span><span class="mi">83</span><span class="p">:</span><span class="mi">1</span><span class="n">A</span><span class="p">:</span><span class="mi">2</span><span class="n">B</span><span class="p">:</span><span class="n">C7</span><span class="p">:</span><span class="mi">99</span> + <span class="n">X509v3</span> <span class="n">Authority</span> <span class="n">Key</span> <span class="n">Identifier</span><span class="p">:</span> + <span class="n">keyid</span><span class="p">:</span><span class="mi">29</span><span class="p">:</span><span class="n">FB</span><span class="p">:</span><span class="mi">38</span><span class="p">:</span><span class="n">B6</span><span class="p">:</span><span class="n">BF</span><span class="p">:</span><span class="n">E2</span><span class="p">:</span><span class="mi">40</span><span class="p">:</span><span class="n">BB</span><span class="p">:</span><span class="n">FF</span><span class="p">:</span><span class="n">D5</span><span class="p">:</span><span class="mi">71</span><span class="p">:</span><span class="n">D7</span><span class="p">:</span><span class="n">D5</span><span class="p">:</span><span class="n">C4</span><span class="p">:</span><span class="n">F0</span><span class="p">:</span><span class="mi">83</span><span class="p">:</span><span class="mi">1</span><span class="n">A</span><span class="p">:</span><span class="mi">2</span><span class="n">B</span><span class="p">:</span><span class="n">C7</span><span class="p">:</span><span class="mi">99</span> + <span class="n">DirName</span><span class="p">:</span><span class="o">/</span><span class="n">C</span><span class="o">=</span><span class="n">SG</span><span class="o">/</span><span class="n">O</span><span class="o">=</span><span class="n">M2Crypto</span><span class="o">/</span><span class="n">CN</span><span class="o">=</span><span class="n">S</span><span class="o">/</span><span class="n">MIME</span> <span class="n">Sender</span><span class="o">/</span><span class="n">Email</span><span class="o">=</span><span class="n">sender</span><span class="nd">@example</span><span class="o">.</span><span class="n">dom</span> + <span class="n">serial</span><span class="p">:</span><span class="mi">00</span> + + <span class="n">X509v3</span> <span class="n">Basic</span> <span class="n">Constraints</span><span class="p">:</span> + <span class="n">CA</span><span class="p">:</span><span class="n">TRUE</span> + <span class="n">Signature</span> <span class="n">Algorithm</span><span class="p">:</span> <span class="n">md5WithRSAEncryption</span> + <span class="mi">68</span><span class="p">:</span><span class="n">c8</span><span class="p">:</span><span class="mi">6</span><span class="n">b</span><span class="p">:</span><span class="mi">1</span><span class="n">b</span><span class="p">:</span><span class="n">fa</span><span class="p">:</span><span class="mi">7</span><span class="n">c</span><span class="p">:</span><span class="mi">9</span><span class="n">a</span><span class="p">:</span><span class="mi">39</span><span class="p">:</span><span class="mi">35</span><span class="p">:</span><span class="mi">76</span><span class="p">:</span><span class="mi">18</span><span class="p">:</span><span class="mi">15</span><span class="p">:</span><span class="n">c9</span><span class="p">:</span><span class="n">fd</span><span class="p">:</span><span class="mi">89</span><span class="p">:</span><span class="mi">97</span><span class="p">:</span><span class="mi">62</span><span class="p">:</span><span class="n">db</span><span class="p">:</span> + <span class="mi">7</span><span class="n">a</span><span class="p">:</span><span class="n">b0</span><span class="p">:</span><span class="mi">2</span><span class="n">d</span><span class="p">:</span><span class="mi">13</span><span class="p">:</span><span class="n">dd</span><span class="p">:</span><span class="mi">97</span><span class="p">:</span><span class="n">e8</span><span class="p">:</span><span class="mi">1</span><span class="n">b</span><span class="p">:</span><span class="mi">7</span><span class="n">a</span><span class="p">:</span><span class="mi">9</span><span class="n">f</span><span class="p">:</span><span class="mi">22</span><span class="p">:</span><span class="mi">27</span><span class="p">:</span><span class="mi">83</span><span class="p">:</span><span class="mi">24</span><span class="p">:</span><span class="mi">9</span><span class="n">d</span><span class="p">:</span><span class="mi">2</span><span class="n">e</span><span class="p">:</span><span class="mi">56</span><span class="p">:</span><span class="n">ec</span><span class="p">:</span> + <span class="mi">97</span><span class="p">:</span><span class="mi">89</span><span class="p">:</span><span class="mi">3</span><span class="n">c</span><span class="p">:</span><span class="n">ef</span><span class="p">:</span><span class="mi">16</span><span class="p">:</span><span class="mi">55</span><span class="p">:</span><span class="mi">80</span><span class="p">:</span><span class="mi">5</span><span class="n">a</span><span class="p">:</span><span class="mi">18</span><span class="p">:</span><span class="mi">7</span><span class="n">c</span><span class="p">:</span><span class="mi">22</span><span class="p">:</span><span class="n">d0</span><span class="p">:</span><span class="n">f6</span><span class="p">:</span><span class="n">bb</span><span class="p">:</span><span class="n">e3</span><span class="p">:</span><span class="n">a4</span><span class="p">:</span><span class="n">e8</span><span class="p">:</span><span class="mi">59</span><span class="p">:</span> + <span class="mi">30</span><span class="p">:</span><span class="n">ff</span><span class="p">:</span><span class="mi">99</span><span class="p">:</span><span class="mi">5</span><span class="n">a</span><span class="p">:</span><span class="mi">93</span><span class="p">:</span><span class="mi">3</span><span class="n">e</span><span class="p">:</span><span class="n">ea</span><span class="p">:</span><span class="n">bc</span><span class="p">:</span><span class="n">ee</span><span class="p">:</span><span class="mi">7</span><span class="n">f</span><span class="p">:</span><span class="mi">8</span><span class="n">d</span><span class="p">:</span><span class="n">d6</span><span class="p">:</span><span class="mi">7</span><span class="n">d</span><span class="p">:</span><span class="mi">37</span><span class="p">:</span><span class="mi">8</span><span class="n">c</span><span class="p">:</span><span class="n">ac</span><span class="p">:</span><span class="mi">3</span><span class="n">d</span><span class="p">:</span><span class="mi">74</span><span class="p">:</span> + <span class="mi">80</span><span class="p">:</span><span class="n">ce</span><span class="p">:</span><span class="mi">7</span><span class="n">a</span><span class="p">:</span><span class="mi">99</span><span class="p">:</span><span class="n">ba</span><span class="p">:</span><span class="mi">27</span><span class="p">:</span><span class="n">b9</span><span class="p">:</span><span class="mi">2</span><span class="n">a</span><span class="p">:</span><span class="n">a3</span><span class="p">:</span><span class="mi">71</span><span class="p">:</span><span class="n">fa</span><span class="p">:</span><span class="n">a5</span><span class="p">:</span><span class="mi">25</span><span class="p">:</span><span class="n">ba</span><span class="p">:</span><span class="mi">47</span><span class="p">:</span><span class="mi">17</span><span class="p">:</span><span class="n">df</span><span class="p">:</span><span class="mi">07</span><span class="p">:</span> + <span class="mi">56</span><span class="p">:</span><span class="mi">96</span><span class="p">:</span><span class="mi">36</span><span class="p">:</span><span class="n">fd</span><span class="p">:</span><span class="mi">60</span><span class="p">:</span><span class="n">b9</span><span class="p">:</span><span class="mi">6</span><span class="n">c</span><span class="p">:</span><span class="mi">96</span><span class="p">:</span><span class="mi">06</span><span class="p">:</span><span class="n">e8</span><span class="p">:</span><span class="n">e3</span><span class="p">:</span><span class="mi">7</span><span class="n">b</span><span class="p">:</span><span class="mi">9</span><span class="n">f</span><span class="p">:</span><span class="mi">4</span><span class="n">b</span><span class="p">:</span><span class="mi">6</span><span class="n">a</span><span class="p">:</span><span class="mi">95</span><span class="p">:</span><span class="mi">71</span><span class="p">:</span><span class="n">a8</span><span class="p">:</span> + <span class="mi">34</span><span class="p">:</span><span class="n">fc</span><span class="p">:</span><span class="n">fc</span><span class="p">:</span><span class="n">b5</span><span class="p">:</span><span class="mi">88</span><span class="p">:</span><span class="mi">8</span><span class="n">b</span><span class="p">:</span><span class="n">c4</span><span class="p">:</span><span class="mi">3</span><span class="n">f</span><span class="p">:</span><span class="mi">1</span><span class="n">e</span><span class="p">:</span><span class="mi">24</span><span class="p">:</span><span class="n">f6</span><span class="p">:</span><span class="mi">52</span><span class="p">:</span><span class="mi">47</span><span class="p">:</span><span class="n">b2</span><span class="p">:</span><span class="mi">7</span><span class="n">d</span><span class="p">:</span><span class="mi">44</span><span class="p">:</span><span class="mi">67</span><span class="p">:</span><span class="n">d9</span><span class="p">:</span> + <span class="mi">83</span><span class="p">:</span><span class="n">e8</span> +</pre></div> </div> <p>Next, we generate a self-signed X.509 certificate for the recipient. -Note that <tt class="docutils literal"><span class="pre">privkey.pem</span></tt> will be recreated:</p> -<div class="highlight-python"><pre>openssl req -newkey rsa:1024 -nodes -x509 -days 365 -out recipient.pem - -Using configuration from /usr/local/pkg/openssl/openssl.cnf -Generating a 1024 bit RSA private key -.....................................++++++ -.................++++++ -writing new private key to 'privkey.pem' ------ -You are about to be asked to enter information that will be incorporated -into your certificate request. -What you are about to enter is what is called a Distinguished Name or a DN. -There are quite a few fields but you can leave some blank -For some fields there will be a default value, -If you enter '.', the field will be left blank. ------ -Country Name (2 letter code) [AU]:SG -State or Province Name (full name) [Some-State]:. -Locality Name (eg, city) []:. -Organization Name (eg, company) [Internet Widgits Pty Ltd]:M2Crypto -Organizational Unit Name (eg, section) []:. -Common Name (eg, YOUR name) []:S/MIME Recipient -Email Address []:recipient@example.dom</pre> -</div> -<p>Again, rename <tt class="docutils literal"><span class="pre">privkey.pem</span></tt>:</p> -<div class="highlight-python"><pre>mv privkey.pem recipient_key.pem</pre> -</div> -<p>In the examples to follow, S/MIME Sender, <tt class="docutils literal"><span class="pre"><sender@example.dom></span></tt>, +Note that <code class="docutils literal"><span class="pre">privkey.pem</span></code> will be recreated:</p> +<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">openssl</span> <span class="n">req</span> <span class="o">-</span><span class="n">newkey</span> <span class="n">rsa</span><span class="p">:</span><span class="mi">1024</span> <span class="o">-</span><span class="n">nodes</span> <span class="o">-</span><span class="n">x509</span> <span class="o">-</span><span class="n">days</span> <span class="mi">365</span> <span class="o">-</span><span class="n">out</span> <span class="n">recipient</span><span class="o">.</span><span class="n">pem</span> + +<span class="n">Using</span> <span class="n">configuration</span> <span class="kn">from</span> <span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">local</span><span class="o">/</span><span class="n">pkg</span><span class="o">/</span><span class="n">openssl</span><span class="o">/</span><span class="n">openssl</span><span class="o">.</span><span class="n">cnf</span> +<span class="n">Generating</span> <span class="n">a</span> <span class="mi">1024</span> <span class="n">bit</span> <span class="n">RSA</span> <span class="n">private</span> <span class="n">key</span> +<span class="o">.....................................++++++</span> +<span class="o">.................++++++</span> +<span class="n">writing</span> <span class="n">new</span> <span class="n">private</span> <span class="n">key</span> <span class="n">to</span> <span class="s1">'privkey.pem'</span> +<span class="o">-----</span> +<span class="n">You</span> <span class="n">are</span> <span class="n">about</span> <span class="n">to</span> <span class="n">be</span> <span class="n">asked</span> <span class="n">to</span> <span class="n">enter</span> <span class="n">information</span> <span class="n">that</span> <span class="n">will</span> <span class="n">be</span> <span class="n">incorporated</span> +<span class="n">into</span> <span class="n">your</span> <span class="n">certificate</span> <span class="n">request</span><span class="o">.</span> +<span class="n">What</span> <span class="n">you</span> <span class="n">are</span> <span class="n">about</span> <span class="n">to</span> <span class="n">enter</span> <span class="ow">is</span> <span class="n">what</span> <span class="ow">is</span> <span class="n">called</span> <span class="n">a</span> <span class="n">Distinguished</span> <span class="n">Name</span> <span class="ow">or</span> <span class="n">a</span> <span class="n">DN</span><span class="o">.</span> +<span class="n">There</span> <span class="n">are</span> <span class="n">quite</span> <span class="n">a</span> <span class="n">few</span> <span class="n">fields</span> <span class="n">but</span> <span class="n">you</span> <span class="n">can</span> <span class="n">leave</span> <span class="n">some</span> <span class="n">blank</span> +<span class="n">For</span> <span class="n">some</span> <span class="n">fields</span> <span class="n">there</span> <span class="n">will</span> <span class="n">be</span> <span class="n">a</span> <span class="n">default</span> <span class="n">value</span><span class="p">,</span> +<span class="n">If</span> <span class="n">you</span> <span class="n">enter</span> <span class="s1">'.'</span><span class="p">,</span> <span class="n">the</span> <span class="n">field</span> <span class="n">will</span> <span class="n">be</span> <span class="n">left</span> <span class="n">blank</span><span class="o">.</span> +<span class="o">-----</span> +<span class="n">Country</span> <span class="n">Name</span> <span class="p">(</span><span class="mi">2</span> <span class="n">letter</span> <span class="n">code</span><span class="p">)</span> <span class="p">[</span><span class="n">AU</span><span class="p">]:</span><span class="n">SG</span> +<span class="n">State</span> <span class="ow">or</span> <span class="n">Province</span> <span class="n">Name</span> <span class="p">(</span><span class="n">full</span> <span class="n">name</span><span class="p">)</span> <span class="p">[</span><span class="n">Some</span><span class="o">-</span><span class="n">State</span><span class="p">]:</span><span class="o">.</span> +<span class="n">Locality</span> <span class="n">Name</span> <span class="p">(</span><span class="n">eg</span><span class="p">,</span> <span class="n">city</span><span class="p">)</span> <span class="p">[]:</span><span class="o">.</span> +<span class="n">Organization</span> <span class="n">Name</span> <span class="p">(</span><span class="n">eg</span><span class="p">,</span> <span class="n">company</span><span class="p">)</span> <span class="p">[</span><span class="n">Internet</span> <span class="n">Widgits</span> <span class="n">Pty</span> <span class="n">Ltd</span><span class="p">]:</span><span class="n">M2Crypto</span> +<span class="n">Organizational</span> <span class="n">Unit</span> <span class="n">Name</span> <span class="p">(</span><span class="n">eg</span><span class="p">,</span> <span class="n">section</span><span class="p">)</span> <span class="p">[]:</span><span class="o">.</span> +<span class="n">Common</span> <span class="n">Name</span> <span class="p">(</span><span class="n">eg</span><span class="p">,</span> <span class="n">YOUR</span> <span class="n">name</span><span class="p">)</span> <span class="p">[]:</span><span class="n">S</span><span class="o">/</span><span class="n">MIME</span> <span class="n">Recipient</span> +<span class="n">Email</span> <span class="n">Address</span> <span class="p">[]:</span><span class="n">recipient</span><span class="nd">@example</span><span class="o">.</span><span class="n">dom</span> +</pre></div> +</div> +<p>Again, rename <code class="docutils literal"><span class="pre">privkey.pem</span></code>:</p> +<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">mv</span> <span class="n">privkey</span><span class="o">.</span><span class="n">pem</span> <span class="n">recipient_key</span><span class="o">.</span><span class="n">pem</span> +</pre></div> +</div> +<p>In the examples to follow, S/MIME Sender, <code class="docutils literal"><span class="pre"><sender@example.dom></span></code>, shall be the sender of S/MIME messages, while S/MIME Recipient, -<tt class="docutils literal"><span class="pre"><recipient@example.dom></span></tt>, shall be the recipient of S/MIME messages.</p> +<code class="docutils literal"><span class="pre"><recipient@example.dom></span></code>, shall be the recipient of S/MIME messages.</p> <p>Armed with the key pairs and certificates, we are now ready to begin programming S/MIME in Python.</p> <blockquote> <div><p><strong>Note:</strong> The private keys generated above are <em>not passphrase-protected</em>, i.e., they are <em>in the clear</em>. Anyone who has access to such a key can generate S/MIME-signed messages with it, -and decrypt S/MIME messages encrypted to it’s corresponding public +and decrypt S/MIME messages encrypted to it’s corresponding public key.</p> <p>We may passphrase-protect the keys, if we so choose. M2Crypto will prompt the user for the passphrase when such a key is being loaded.</p> @@ -220,23 +217,23 @@ prompt the user for the passphrase when such a key is being loaded.</p> </div> <div class="section" id="m2crypto-smime"> <h1>M2Crypto.SMIME<a class="headerlink" href="#m2crypto-smime" title="Permalink to this headline">¶</a></h1> -<p>The Python programmer accesses M2Crypto’s S/MIME functionality through -class <tt class="docutils literal"><span class="pre">SMIME</span></tt> in the module <tt class="docutils literal"><span class="pre">M2Crypto.SMIME</span></tt>. Typically, an -<tt class="docutils literal"><span class="pre">SMIME</span></tt> object is instantiated; the object is then set up for the +<p>The Python programmer accesses M2Crypto’s S/MIME functionality through +class <code class="docutils literal"><span class="pre">SMIME</span></code> in the module <code class="docutils literal"><span class="pre">M2Crypto.SMIME</span></code>. Typically, an +<code class="docutils literal"><span class="pre">SMIME</span></code> object is instantiated; the object is then set up for the intended operation: sign, encrypt, decrypt or verify; finally, the operation is invoked on the object.</p> -<p><tt class="docutils literal"><span class="pre">M2Crypto.SMIME</span></tt> makes extensive use of <tt class="docutils literal"><span class="pre">M2Crypto.BIO</span></tt>: -<tt class="docutils literal"><span class="pre">M2Crypto.BIO</span></tt> is a Python abstraction of the <tt class="docutils literal"><span class="pre">BIO</span></tt> abstraction in -OpenSSL. A commonly used <tt class="docutils literal"><span class="pre">BIO</span></tt> abstraction in M2Crypto is -<tt class="docutils literal"><span class="pre">M2Crypto.BIO.MemoryBuffer</span></tt>, which implements a memory-based file-like -object, similar to Python’s own <tt class="docutils literal"><span class="pre">StringIO</span></tt>.</p> +<p><code class="docutils literal"><span class="pre">M2Crypto.SMIME</span></code> makes extensive use of <code class="docutils literal"><span class="pre">M2Crypto.BIO</span></code>: +<code class="docutils literal"><span class="pre">M2Crypto.BIO</span></code> is a Python abstraction of the <code class="docutils literal"><span class="pre">BIO</span></code> abstraction in +OpenSSL. A commonly used <code class="docutils literal"><span class="pre">BIO</span></code> abstraction in M2Crypto is +<code class="docutils literal"><span class="pre">M2Crypto.BIO.MemoryBuffer</span></code>, which implements a memory-based file-like +object, similar to Python’s own <code class="docutils literal"><span class="pre">StringIO</span></code>.</p> </div> <div class="section" id="sign"> <h1>Sign<a class="headerlink" href="#sign" title="Permalink to this headline">¶</a></h1> <p>The following code demonstrates how to generate an S/MIME-signed -message. <tt class="docutils literal"><span class="pre">randpool.dat</span></tt> contains random data which is used to seed -OpenSSL’s pseudo-random number generator via M2Crypto:</p> -<div class="highlight-python"><div class="highlight"><pre><span></span><span class="kn">from</span> <span class="nn">M2Crypto</span> <span class="kn">import</span> <span class="n">BIO</span><span class="p">,</span> <span class="n">Rand</span><span class="p">,</span> <span class="n">SMIME</span> +message. <code class="docutils literal"><span class="pre">randpool.dat</span></code> contains random data which is used to seed +OpenSSL’s pseudo-random number generator via M2Crypto:</p> +<div class="highlight-default"><div class="highlight"><pre><span></span><span class="kn">from</span> <span class="nn">M2Crypto</span> <span class="k">import</span> <span class="n">BIO</span><span class="p">,</span> <span class="n">Rand</span><span class="p">,</span> <span class="n">SMIME</span> <span class="k">def</span> <span class="nf">makebuf</span><span class="p">(</span><span class="n">text</span><span class="p">):</span> <span class="k">return</span> <span class="n">BIO</span><span class="o">.</span><span class="n">MemoryBuffer</span><span class="p">(</span><span class="n">text</span><span class="p">)</span> @@ -253,14 +250,14 @@ OpenSSL’s pseudo-random number generator via M2Crypto:</p> <span class="n">p7</span> <span class="o">=</span> <span class="n">s</span><span class="o">.</span><span class="n">sign</span><span class="p">(</span><span class="n">buf</span><span class="p">,</span> <span class="n">SMIME</span><span class="o">.</span><span class="n">PKCS7_DETACHED</span><span class="p">)</span> </pre></div> </div> -<p><tt class="docutils literal"><span class="pre">p7</span></tt> now contains a <em>PKCS #7 signature blob</em> wrapped in an -<tt class="docutils literal"><span class="pre">M2Crypto.SMIME.PKCS7</span></tt> object. Note that <tt class="docutils literal"><span class="pre">buf</span></tt> has been consumed by -<tt class="docutils literal"><span class="pre">sign()</span></tt> and has to be recreated if it is to be used again.</p> +<p><code class="docutils literal"><span class="pre">p7</span></code> now contains a <em>PKCS #7 signature blob</em> wrapped in an +<code class="docutils literal"><span class="pre">M2Crypto.SMIME.PKCS7</span></code> object. Note that <code class="docutils literal"><span class="pre">buf</span></code> has been consumed by +<code class="docutils literal"><span class="pre">sign()</span></code> and has to be recreated if it is to be used again.</p> <p>We may now send the signed message via SMTP. In these examples, we shall -not do so; instead, we’ll render the S/MIME output in mail-friendly +not do so; instead, we’ll render the S/MIME output in mail-friendly format, and pretend that our messages are sent and received correctly:</p> -<div class="highlight-python"><div class="highlight"><pre><span></span><span class="c1"># Recreate buf.</span> +<div class="highlight-default"><div class="highlight"><pre><span></span><span class="c1"># Recreate buf.</span> <span class="n">buf</span> <span class="o">=</span> <span class="n">makebuf</span><span class="p">(</span><span class="s1">'a sign of our times'</span><span class="p">)</span> <span class="c1"># Output p7 in mail-friendly format.</span> @@ -270,64 +267,65 @@ correctly:</p> <span class="n">out</span><span class="o">.</span><span class="n">write</span><span class="p">(</span><span class="s1">'Subject: M2Crypto S/MIME testing</span><span class="se">\n</span><span class="s1">'</span><span class="p">)</span> <span class="n">s</span><span class="o">.</span><span class="n">write</span><span class="p">(</span><span class="n">out</span><span class="p">,</span> <span class="n">p7</span><span class="p">,</span> <span class="n">buf</span><span class="p">)</span> -<span class="k">print</span><span class="p">(</span><span class="n">out</span><span class="o">.</span><span class="n">read</span><span class="p">())</span> +<span class="nb">print</span><span class="p">(</span><span class="n">out</span><span class="o">.</span><span class="n">read</span><span class="p">())</span> <span class="c1"># Save the PRNG's state.</span> <span class="n">Rand</span><span class="o">.</span><span class="n">save_file</span><span class="p">(</span><span class="s1">'randpool.dat'</span><span class="p">)</span> </pre></div> </div> -<p>Here’s the output:</p> -<div class="highlight-python"><pre>From: sender@example.dom -To: recipient@example.dom -Subject: M2Crypto S/MIME testing -MIME-Version: 1.0 -Content-Type: multipart/signed ; protocol="application/x-pkcs7-signature" ; micalg=sha1 ; boundary="----3C93156FC7B4EBF49FE9C7DB7F503087" - -This is an S/MIME signed message - -------3C93156FC7B4EBF49FE9C7DB7F503087 -a sign of our times -------3C93156FC7B4EBF49FE9C7DB7F503087 -Content-Type: application/x-pkcs7-signature; name="smime.p7s" -Content-Transfer-Encoding: base64 -Content-Disposition: attachment; filename="smime.p7s" - -MIIE8AYJKoZIhvcNAQcCoIIE4TCCBN0CAQExCzAJBgUrDgMCGgUAMCIGCSqGSIb3 -DQEHAaAVBBNhIHNpZ24gb2Ygb3VyIHRpbWVzoIIC5zCCAuMwggJMoAMCAQICAQAw -DQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCU0cxETAPBgNVBAoTCE0yQ3J5cHRv -MRYwFAYDVQQDEw1TL01JTUUgU2VuZGVyMSEwHwYJKoZIhvcNAQkBFhJzZW5kZXJA -ZXhhbXBsZS5kb20wHhcNMDEwMzMxMTE0MDMzWhcNMDIwMzMxMTE0MDMzWjBbMQsw -CQYDVQQGEwJTRzERMA8GA1UEChMITTJDcnlwdG8xFjAUBgNVBAMTDVMvTUlNRSBT -ZW5kZXIxITAfBgkqhkiG9w0BCQEWEnNlbmRlckBleGFtcGxlLmRvbTCBnzANBgkq -hkiG9w0BAQEFAAOBjQAwgYkCgYEA5c5Tj1CHTSOxa1q2q0FYiwMWYHptJpJcvtZm -UwrgU5sHrA8OnCM0cDXEj0KPf3cfNjHffB8HWMzI4UEgNmFXQNsxoGZ+iqwxLlNj -y9Mh7eFW/Bjq5hNXbouSlQ0rWBRkoxV64y+t6lQehb32WfYXQbKFxFJSXzSxOx3R -8YhSPd0CAwEAAaOBtjCBszAdBgNVHQ4EFgQUXOyolL1t4jaBwZFRM7MS8nBLzUow -gYMGA1UdIwR8MHqAFFzsqJS9beI2gcGRUTOzEvJwS81KoV+kXTBbMQswCQYDVQQG -EwJTRzERMA8GA1UEChMITTJDcnlwdG8xFjAUBgNVBAMTDVMvTUlNRSBTZW5kZXIx -ITAfBgkqhkiG9w0BCQEWEnNlbmRlckBleGFtcGxlLmRvbYIBADAMBgNVHRMEBTAD -AQH/MA0GCSqGSIb3DQEBBAUAA4GBAHo3DrCHR86fSTVAvfiXdSswWqKtCEhUHRdC -TLFGl4hDk2GyZxaFuqZwiURz/H7nMicymI2wkz8H/wyHFg8G3BIehURpj2v/ZWXY -eovbgS7EZALVVkDj4hNl/IIHWd6Gtv1UODf7URbxtl3hQ9/eTWITrefT1heuPnar -8czydsOLMYIBujCCAbYCAQEwYDBbMQswCQYDVQQGEwJTRzERMA8GA1UEChMITTJD -cnlwdG8xFjAUBgNVBAMTDVMvTUlNRSBTZW5kZXIxITAfBgkqhkiG9w0BCQEWEnNl -bmRlckBleGFtcGxlLmRvbQIBADAJBgUrDgMCGgUAoIGxMBgGCSqGSIb3DQEJAzEL -BgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTAxMDMzMTExNDUwMlowIwYJKoZI -hvcNAQkEMRYEFOoeRUd8ExIYXfQq8BTFuKWrSP3iMFIGCSqGSIb3DQEJDzFFMEMw -CgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsO -AwIHMA0GCCqGSIb3DQMCAgEoMA0GCSqGSIb3DQEBAQUABIGAQpU8hFUtLCF6hO2t -ec9EYJ/Imqqiiw+BxWxkUUVT81Vbjwdn9JST6+sztM5JRP2ZW+b4txEjZriYC8f3 -kv95YMTGbIsuWkJ93GrbvqoJ/CxO23r9WWRnZEm/1EZN9ZmlrYqzBTxnNRmP3Dhj -cW8kzZwH+2/2zz2G7x1HxRWH95A= - -------3C93156FC7B4EBF49FE9C7DB7F503087--</pre> +<p>Here’s the output:</p> +<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">From</span><span class="p">:</span> <span class="n">sender</span><span class="nd">@example</span><span class="o">.</span><span class="n">dom</span> +<span class="n">To</span><span class="p">:</span> <span class="n">recipient</span><span class="nd">@example</span><span class="o">.</span><span class="n">dom</span> +<span class="n">Subject</span><span class="p">:</span> <span class="n">M2Crypto</span> <span class="n">S</span><span class="o">/</span><span class="n">MIME</span> <span class="n">testing</span> +<span class="n">MIME</span><span class="o">-</span><span class="n">Version</span><span class="p">:</span> <span class="mf">1.0</span> +<span class="n">Content</span><span class="o">-</span><span class="n">Type</span><span class="p">:</span> <span class="n">multipart</span><span class="o">/</span><span class="n">signed</span> <span class="p">;</span> <span class="n">protocol</span><span class="o">=</span><span class="s2">"application/x-pkcs7-signature"</span> <span class="p">;</span> <span class="n">micalg</span><span class="o">=</span><span class="n">sha1</span> <span class="p">;</span> <span class="n">boundary</span><span class="o">=</span><span class="s2">"----3C93156FC7B4EBF49FE9C7DB7F503087"</span> + +<span class="n">This</span> <span class="ow">is</span> <span class="n">an</span> <span class="n">S</span><span class="o">/</span><span class="n">MIME</span> <span class="n">signed</span> <span class="n">message</span> + +<span class="o">------</span><span class="mi">3</span><span class="n">C93156FC7B4EBF49FE9C7DB7F503087</span> +<span class="n">a</span> <span class="n">sign</span> <span class="n">of</span> <span class="n">our</span> <span class="n">times</span> +<span class="o">------</span><span class="mi">3</span><span class="n">C93156FC7B4EBF49FE9C7DB7F503087</span> +<span class="n">Content</span><span class="o">-</span><span class="n">Type</span><span class="p">:</span> <span class="n">application</span><span class="o">/</span><span class="n">x</span><span class="o">-</span><span class="n">pkcs7</span><span class="o">-</span><span class="n">signature</span><span class="p">;</span> <span class="n">name</span><span class="o">=</span><span class="s2">"smime.p7s"</span> +<span class="n">Content</span><span class="o">-</span><span class="n">Transfer</span><span class="o">-</span><span class="n">Encoding</span><span class="p">:</span> <span class="n">base64</span> +<span class="n">Content</span><span class="o">-</span><span class="n">Disposition</span><span class="p">:</span> <span class="n">attachment</span><span class="p">;</span> <span class="n">filename</span><span class="o">=</span><span class="s2">"smime.p7s"</span> + +<span class="n">MIIE8AYJKoZIhvcNAQcCoIIE4TCCBN0CAQExCzAJBgUrDgMCGgUAMCIGCSqGSIb3</span> +<span class="n">DQEHAaAVBBNhIHNpZ24gb2Ygb3VyIHRpbWVzoIIC5zCCAuMwggJMoAMCAQICAQAw</span> +<span class="n">DQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCU0cxETAPBgNVBAoTCE0yQ3J5cHRv</span> +<span class="n">MRYwFAYDVQQDEw1TL01JTUUgU2VuZGVyMSEwHwYJKoZIhvcNAQkBFhJzZW5kZXJA</span> +<span class="n">ZXhhbXBsZS5kb20wHhcNMDEwMzMxMTE0MDMzWhcNMDIwMzMxMTE0MDMzWjBbMQsw</span> +<span class="n">CQYDVQQGEwJTRzERMA8GA1UEChMITTJDcnlwdG8xFjAUBgNVBAMTDVMvTUlNRSBT</span> +<span class="n">ZW5kZXIxITAfBgkqhkiG9w0BCQEWEnNlbmRlckBleGFtcGxlLmRvbTCBnzANBgkq</span> +<span class="n">hkiG9w0BAQEFAAOBjQAwgYkCgYEA5c5Tj1CHTSOxa1q2q0FYiwMWYHptJpJcvtZm</span> +<span class="n">UwrgU5sHrA8OnCM0cDXEj0KPf3cfNjHffB8HWMzI4UEgNmFXQNsxoGZ</span><span class="o">+</span><span class="n">iqwxLlNj</span> +<span class="n">y9Mh7eFW</span><span class="o">/</span><span class="n">Bjq5hNXbouSlQ0rWBRkoxV64y</span><span class="o">+</span><span class="n">t6lQehb32WfYXQbKFxFJSXzSxOx3R</span> +<span class="mi">8</span><span class="n">YhSPd0CAwEAAaOBtjCBszAdBgNVHQ4EFgQUXOyolL1t4jaBwZFRM7MS8nBLzUow</span> +<span class="n">gYMGA1UdIwR8MHqAFFzsqJS9beI2gcGRUTOzEvJwS81KoV</span><span class="o">+</span><span class="n">kXTBbMQswCQYDVQQG</span> +<span class="n">EwJTRzERMA8GA1UEChMITTJDcnlwdG8xFjAUBgNVBAMTDVMvTUlNRSBTZW5kZXIx</span> +<span class="n">ITAfBgkqhkiG9w0BCQEWEnNlbmRlckBleGFtcGxlLmRvbYIBADAMBgNVHRMEBTAD</span> +<span class="n">AQH</span><span class="o">/</span><span class="n">MA0GCSqGSIb3DQEBBAUAA4GBAHo3DrCHR86fSTVAvfiXdSswWqKtCEhUHRdC</span> +<span class="n">TLFGl4hDk2GyZxaFuqZwiURz</span><span class="o">/</span><span class="n">H7nMicymI2wkz8H</span><span class="o">/</span><span class="n">wyHFg8G3BIehURpj2v</span><span class="o">/</span><span class="n">ZWXY</span> +<span class="n">eovbgS7EZALVVkDj4hNl</span><span class="o">/</span><span class="n">IIHWd6Gtv1UODf7URbxtl3hQ9</span><span class="o">/</span><span class="n">eTWITrefT1heuPnar</span> +<span class="mi">8</span><span class="n">czydsOLMYIBujCCAbYCAQEwYDBbMQswCQYDVQQGEwJTRzERMA8GA1UEChMITTJD</span> +<span class="n">cnlwdG8xFjAUBgNVBAMTDVMvTUlNRSBTZW5kZXIxITAfBgkqhkiG9w0BCQEWEnNl</span> +<span class="n">bmRlckBleGFtcGxlLmRvbQIBADAJBgUrDgMCGgUAoIGxMBgGCSqGSIb3DQEJAzEL</span> +<span class="n">BgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTAxMDMzMTExNDUwMlowIwYJKoZI</span> +<span class="n">hvcNAQkEMRYEFOoeRUd8ExIYXfQq8BTFuKWrSP3iMFIGCSqGSIb3DQEJDzFFMEMw</span> +<span class="n">CgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsO</span> +<span class="n">AwIHMA0GCCqGSIb3DQMCAgEoMA0GCSqGSIb3DQEBAQUABIGAQpU8hFUtLCF6hO2t</span> +<span class="n">ec9EYJ</span><span class="o">/</span><span class="n">Imqqiiw</span><span class="o">+</span><span class="n">BxWxkUUVT81Vbjwdn9JST6</span><span class="o">+</span><span class="n">sztM5JRP2ZW</span><span class="o">+</span><span class="n">b4txEjZriYC8f3</span> +<span class="n">kv95YMTGbIsuWkJ93GrbvqoJ</span><span class="o">/</span><span class="n">CxO23r9WWRnZEm</span><span class="o">/</span><span class="mi">1</span><span class="n">EZN9ZmlrYqzBTxnNRmP3Dhj</span> +<span class="n">cW8kzZwH</span><span class="o">+</span><span class="mi">2</span><span class="o">/</span><span class="mi">2</span><span class="n">zz2G7x1HxRWH95A</span><span class="o">=</span> + +<span class="o">------</span><span class="mi">3</span><span class="n">C93156FC7B4EBF49FE9C7DB7F503087</span><span class="o">--</span> +</pre></div> </div> </div> <div class="section" id="verify"> <h1>Verify<a class="headerlink" href="#verify" title="Permalink to this headline">¶</a></h1> -<p>Assume the above output has been saved into <tt class="docutils literal"><span class="pre">sign.p7</span></tt>. Let’s now +<p>Assume the above output has been saved into <code class="docutils literal"><span class="pre">sign.p7</span></code>. Let’s now verify the signature:</p> -<div class="highlight-python"><div class="highlight"><pre><span></span><span class="kn">from</span> <span class="nn">M2Crypto</span> <span class="kn">import</span> <span class="n">SMIME</span><span class="p">,</span> <span class="n">X509</span> +<div class="highlight-default"><div class="highlight"><pre><span></span><span class="kn">from</span> <span class="nn">M2Crypto</span> <span class="k">import</span> <span class="n">SMIME</span><span class="p">,</span> <span class="n">X509</span> <span class="c1"># Instantiate an SMIME object.</span> <span class="n">s</span> <span class="o">=</span> <span class="n">SMIME</span><span class="o">.</span><span class="n">SMIME</span><span class="p">()</span> @@ -347,36 +345,38 @@ verify the signature:</p> <span class="c1"># Load the data, verify it.</span> <span class="n">p7</span><span class="p">,</span> <span class="n">data</span> <span class="o">=</span> <span class="n">SMIME</span><span class="o">.</span><span class="n">smime_load_pkcs7</span><span class="p">(</span><span class="s1">'sign.p7'</span><span class="p">)</span> <span class="n">v</span> <span class="o">=</span> <span class="n">s</span><span class="o">.</span><span class="n">verify</span><span class="p">(</span><span class="n">p7</span><span class="p">,</span> <span class="n">data</span><span class="p">)</span> -<span class="k">print</span><span class="p">(</span><span class="n">v</span><span class="p">)</span> -<span class="k">print</span><span class="p">(</span><span class="n">data</span><span class="p">)</span> -<span class="k">print</span><span class="p">(</span><span class="n">data</span><span class="o">.</span><span class="n">read</span><span class="p">())</span> +<span class="nb">print</span><span class="p">(</span><span class="n">v</span><span class="p">)</span> +<span class="nb">print</span><span class="p">(</span><span class="n">data</span><span class="p">)</span> +<span class="nb">print</span><span class="p">(</span><span class="n">data</span><span class="o">.</span><span class="n">read</span><span class="p">())</span> </pre></div> </div> -<p>Here’s the output of the above program:</p> -<div class="highlight-python"><pre>a sign of our times -<M2Crypto.BIO.BIO instance at 0x822012c> -a sign of our times</pre> +<p>Here’s the output of the above program:</p> +<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">a</span> <span class="n">sign</span> <span class="n">of</span> <span class="n">our</span> <span class="n">times</span> +<span class="o"><</span><span class="n">M2Crypto</span><span class="o">.</span><span class="n">BIO</span><span class="o">.</span><span class="n">BIO</span> <span class="n">instance</span> <span class="n">at</span> <span class="mh">0x822012c</span><span class="o">></span> +<span class="n">a</span> <span class="n">sign</span> <span class="n">of</span> <span class="n">our</span> <span class="n">times</span> +</pre></div> </div> -<p>Suppose, instead of loading <tt class="docutils literal"><span class="pre">signer.pem</span></tt> above, we load -<tt class="docutils literal"><span class="pre">recipient.pem</span></tt>. That is, we do a global substitution of -<tt class="docutils literal"><span class="pre">recipient.pem</span></tt> for <tt class="docutils literal"><span class="pre">signer.pem</span></tt> in the above program. Here’s the -modified program’s output:</p> -<div class="highlight-python"><pre>Traceback (most recent call last): +<p>Suppose, instead of loading <code class="docutils literal"><span class="pre">signer.pem</span></code> above, we load +<code class="docutils literal"><span class="pre">recipient.pem</span></code>. That is, we do a global substitution of +<code class="docutils literal"><span class="pre">recipient.pem</span></code> for <code class="docutils literal"><span class="pre">signer.pem</span></code> in the above program. Here’s the +modified program’s output:</p> +<div class="highlight-default"><div class="highlight"><pre><span></span>Traceback (most recent call last): File "./verify.py", line 22, in ? v = s.verify(p7) File "/usr/local/home/ngps/prog/m2/M2Crypto/SMIME.py", line 205, in verify raise SMIME_Error, Err.get_error() -M2Crypto.SMIME.SMIME_Error: 312:error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error:pk7_smime.c:213:Verify error:self signed certificate</pre> +M2Crypto.SMIME.SMIME_Error: 312:error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error:pk7_smime.c:213:Verify error:self signed certificate +</pre></div> </div> -<p>As displayed, the error is generated by line 213 of OpenSSL’s -<tt class="docutils literal"><span class="pre">pk7_smime.c</span></tt> (as of OpenSSL 0.9.6); if you are a C programmer, you -may wish to look up the C source to explore OpenSSL’s S/MIME +<p>As displayed, the error is generated by line 213 of OpenSSL’s +<code class="docutils literal"><span class="pre">pk7_smime.c</span></code> (as of OpenSSL 0.9.6); if you are a C programmer, you +may wish to look up the C source to explore OpenSSL’s S/MIME implementation and understand why the error message is worded thus.</p> </div> <div class="section" id="encrypt"> <h1>Encrypt<a class="headerlink" href="#encrypt" title="Permalink to this headline">¶</a></h1> <p>We now demonstrate how to generate an S/MIME-encrypted message:</p> -<div class="highlight-python"><div class="highlight"><pre><span></span><span class="kn">from</span> <span class="nn">M2Crypto</span> <span class="kn">import</span> <span class="n">BIO</span><span class="p">,</span> <span class="n">Rand</span><span class="p">,</span> <span class="n">SMIME</span><span class="p">,</span> <span class="n">X509</span> +<div class="highlight-default"><div class="highlight"><pre><span></span><span class="kn">from</span> <span class="nn">M2Crypto</span> <span class="k">import</span> <span class="n">BIO</span><span class="p">,</span> <span class="n">Rand</span><span class="p">,</span> <span class="n">SMIME</span><span class="p">,</span> <span class="n">X509</span> <span class="k">def</span> <span class="nf">makebuf</span><span class="p">(</span><span class="n">text</span><span class="p">):</span> <span class="k">return</span> <span class="n">BIO</span><span class="o">.</span><span class="n">MemoryBuffer</span><span class="p">(</span><span class="n">text</span><span class="p">)</span> @@ -409,36 +409,37 @@ implementation and understand why the error message is worded thus.</p> <span class="n">out</span><span class="o">.</span><span class="n">write</span><span class="p">(</span><span class="s1">'Subject: M2Crypto S/MIME testing</span><span class="se">\n</span><span class="s1">'</span><span class="p">)</span> <span class="n">s</span><span class="o">.</span><span class="n">write</span><span class="p">(</span><span class="n">out</span><span class="p">,</span> <span class="n">p7</span><span class="p">)</span> -<span class="k">print</span><span class="p">(</span><span class="n">out</span><span class="o">.</span><span class="n">read</span><span class="p">())</span> +<span class="nb">print</span><span class="p">(</span><span class="n">out</span><span class="o">.</span><span class="n">read</span><span class="p">())</span> <span class="c1"># Save the PRNG's state.</span> <span class="n">Rand</span><span class="o">.</span><span class="n">save_file</span><span class="p">(</span><span class="s1">'randpool.dat'</span><span class="p">)</span> </pre></div> </div> -<p>Here’s the output of the above program:</p> -<div class="highlight-python"><pre>From: sender@example.dom -To: recipient@example.dom -Subject: M2Crypto S/MIME testing -MIME-Version: 1.0 -Content-Disposition: attachment; filename="smime.p7m" -Content-Type: application/x-pkcs7-mime; name="smime.p7m" -Content-Transfer-Encoding: base64 - -MIIBVwYJKoZIhvcNAQcDoIIBSDCCAUQCAQAxggEAMIH9AgEAMGYwYTELMAkGA1UE -BhMCU0cxETAPBgNVBAoTCE0yQ3J5cHRvMRkwFwYDVQQDExBTL01JTUUgUmVjaXBp -ZW50MSQwIgYJKoZIhvcNAQkBFhVyZWNpcGllbnRAZXhhbXBsZS5kb20CAQAwDQYJ -KoZIhvcNAQEBBQAEgYCBaXZ+qjpBEZwdP7gjfzfAtQitESyMwo3i+LBOw6sSDir6 -FlNDPCnkrTvqDX3Rt6X6vBtTCYOm+qiN7ujPkOU61cN7h8dvHR8YW9+0IPY80/W0 -lZ/HihSRgwTNd7LnxUUcPx8YV1id0dlmP0Hz+Lg+mHf6rqaR//JcYhX9vW4XvjA7 -BgkqhkiG9w0BBwEwFAYIKoZIhvcNAwcECMN+qya6ADywgBgHr9Jkhwn5Gsdu7BwX -nIQfYTYcdL9I5Sk=</pre> +<p>Here’s the output of the above program:</p> +<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">From</span><span class="p">:</span> <span class="n">sender</span><span class="nd">@example</span><span class="o">.</span><span class="n">dom</span> +<span class="n">To</span><span class="p">:</span> <span class="n">recipient</span><span class="nd">@example</span><span class="o">.</span><span class="n">dom</span> +<span class="n">Subject</span><span class="p">:</span> <span class="n">M2Crypto</span> <span class="n">S</span><span class="o">/</span><span class="n">MIME</span> <span class="n">testing</span> +<span class="n">MIME</span><span class="o">-</span><span class="n">Version</span><span class="p">:</span> <span class="mf">1.0</span> +<span class="n">Content</span><span class="o">-</span><span class="n">Disposition</span><span class="p">:</span> <span class="n">attachment</span><span class="p">;</span> <span class="n">filename</span><span class="o">=</span><span class="s2">"smime.p7m"</span> +<span class="n">Content</span><span class="o">-</span><span class="n">Type</span><span class="p">:</span> <span class="n">application</span><span class="o">/</span><span class="n">x</span><span class="o">-</span><span class="n">pkcs7</span><span class="o">-</span><span class="n">mime</span><span class="p">;</span> <span class="n">name</span><span class="o">=</span><span class="s2">"smime.p7m"</span> +<span class="n">Content</span><span class="o">-</span><span class="n">Transfer</span><span class="o">-</span><span class="n">Encoding</span><span class="p">:</span> <span class="n">base64</span> + +<span class="n">MIIBVwYJKoZIhvcNAQcDoIIBSDCCAUQCAQAxggEAMIH9AgEAMGYwYTELMAkGA1UE</span> +<span class="n">BhMCU0cxETAPBgNVBAoTCE0yQ3J5cHRvMRkwFwYDVQQDExBTL01JTUUgUmVjaXBp</span> +<span class="n">ZW50MSQwIgYJKoZIhvcNAQkBFhVyZWNpcGllbnRAZXhhbXBsZS5kb20CAQAwDQYJ</span> +<span class="n">KoZIhvcNAQEBBQAEgYCBaXZ</span><span class="o">+</span><span class="n">qjpBEZwdP7gjfzfAtQitESyMwo3i</span><span class="o">+</span><span class="n">LBOw6sSDir6</span> +<span class="n">FlNDPCnkrTvqDX3Rt6X6vBtTCYOm</span><span class="o">+</span><span class="n">qiN7ujPkOU61cN7h8dvHR8YW9</span><span class="o">+</span><span class="mi">0</span><span class="n">IPY80</span><span class="o">/</span><span class="n">W0</span> +<span class="n">lZ</span><span class="o">/</span><span class="n">HihSRgwTNd7LnxUUcPx8YV1id0dlmP0Hz</span><span class="o">+</span><span class="n">Lg</span><span class="o">+</span><span class="n">mHf6rqaR</span><span class="o">//</span><span class="n">JcYhX9vW4XvjA7</span> +<span class="n">BgkqhkiG9w0BBwEwFAYIKoZIhvcNAwcECMN</span><span class="o">+</span><span class="n">qya6ADywgBgHr9Jkhwn5Gsdu7BwX</span> +<span class="n">nIQfYTYcdL9I5Sk</span><span class="o">=</span> +</pre></div> </div> </div> <div class="section" id="decrypt"> <h1>Decrypt<a class="headerlink" href="#decrypt" title="Permalink to this headline">¶</a></h1> -<p>Assume the above output has been saved into <tt class="docutils literal"><span class="pre">encrypt.p7</span></tt>. Decrypt the +<p>Assume the above output has been saved into <code class="docutils literal"><span class="pre">encrypt.p7</span></code>. Decrypt the message thusly:</p> -<div class="highlight-python"><div class="highlight"><pre><span></span><span class="kn">from</span> <span class="nn">M2Crypto</span> <span class="kn">import</span> <span class="n">BIO</span><span class="p">,</span> <span class="n">SMIME</span><span class="p">,</span> <span class="n">X509</span> +<div class="highlight-default"><div class="highlight"><pre><span></span><span class="kn">from</span> <span class="nn">M2Crypto</span> <span class="k">import</span> <span class="n">BIO</span><span class="p">,</span> <span class="n">SMIME</span><span class="p">,</span> <span class="n">X509</span> <span class="c1"># Instantiate an SMIME object.</span> <span class="n">s</span> <span class="o">=</span> <span class="n">SMIME</span><span class="o">.</span><span class="n">SMIME</span><span class="p">()</span> @@ -452,17 +453,18 @@ message thusly:</p> <span class="c1"># Decrypt p7.</span> <span class="n">out</span> <span class="o">=</span> <span class="n">s</span><span class="o">.</span><span class="n">decrypt</span><span class="p">(</span><span class="n">p7</span><span class="p">)</span> -<span class="k">print</span><span class="p">(</span><span class="n">out</span><span class="p">)</span> +<span class="nb">print</span><span class="p">(</span><span class="n">out</span><span class="p">)</span> </pre></div> </div> -<p>Here’s the output:</p> -<div class="highlight-python"><pre>a sign of our times</pre> +<p>Here’s the output:</p> +<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">a</span> <span class="n">sign</span> <span class="n">of</span> <span class="n">our</span> <span class="n">times</span> +</pre></div> </div> </div> <div class="section" id="sign-and-encrypt"> <h1>Sign and Encrypt<a class="headerlink" href="#sign-and-encrypt" title="Permalink to this headline">¶</a></h1> -<p>Here’s how to generate an S/MIME-signed/encrypted message:</p> -<div class="highlight-python"><div class="highlight"><pre><span></span><span class="kn">from</span> <span class="nn">M2Crypto</span> <span class="kn">import</span> <span class="n">BIO</span><span class="p">,</span> <span class="n">Rand</span><span class="p">,</span> <span class="n">SMIME</span><span class="p">,</span> <span class="n">X509</span> +<p>Here’s how to generate an S/MIME-signed/encrypted message:</p> +<div class="highlight-default"><div class="highlight"><pre><span></span><span class="kn">from</span> <span class="nn">M2Crypto</span> <span class="k">import</span> <span class="n">BIO</span><span class="p">,</span> <span class="n">Rand</span><span class="p">,</span> <span class="n">SMIME</span><span class="p">,</span> <span class="n">X509</span> <span class="k">def</span> <span class="nf">makebuf</span><span class="p">(</span><span class="n">text</span><span class="p">):</span> <span class="k">return</span> <span class="n">BIO</span><span class="o">.</span><span class="n">MemoryBuffer</span><span class="p">(</span><span class="n">text</span><span class="p">)</span> @@ -505,75 +507,76 @@ message thusly:</p> <span class="n">out</span><span class="o">.</span><span class="n">write</span><span class="p">(</span><span class="s1">'Subject: M2Crypto S/MIME testing</span><span class="se">\n</span><span class="s1">'</span><span class="p">)</span> <span class="n">s</span><span class="o">.</span><span class="n">write</span><span class="p">(</span><span class="n">out</span><span class="p">,</span> <span class="n">p7</span><span class="p">)</span> -<span class="k">print</span><span class="p">(</span><span class="n">out</span><span class="o">.</span><span class="n">read</span><span class="p">())</span> +<span class="nb">print</span><span class="p">(</span><span class="n">out</span><span class="o">.</span><span class="n">read</span><span class="p">())</span> <span class="c1"># Save the PRNG's state.</span> <span class="n">Rand</span><span class="o">.</span><span class="n">save_file</span><span class="p">(</span><span class="s1">'randpool.dat'</span><span class="p">)</span> </pre></div> </div> -<p>Here’s the output of the above program:</p> -<div class="highlight-python"><pre>From: sender@example.dom -To: recipient@example.dom -Subject: M2Crypto S/MIME testing -MIME-Version: 1.0 -Content-Disposition: attachment; filename="smime.p7m" -Content-Type: application/x-pkcs7-mime; name="smime.p7m" -Content-Transfer-Encoding: base64 - -MIIIwwYJKoZIhvcNAQcDoIIItDCCCLACAQAxggEAMIH9AgEAMGYwYTELMAkGA1UE -BhMCU0cxETAPBgNVBAoTCE0yQ3J5cHRvMRkwFwYDVQQDExBTL01JTUUgUmVjaXBp -ZW50MSQwIgYJKoZIhvcNAQkBFhVyZWNpcGllbnRAZXhhbXBsZS5kb20CAQAwDQYJ -KoZIhvcNAQEBBQAEgYBlZlGupFphwhsGtIAPvDExN61qisz3oem88xoXkUW0SzoR -B9zJFFAuQTWzdNJgrKKYikhWjDojaAc/PFl1K5dYxRgtZLB36ULJD/v/yWmxnjz8 -TvtK+Wbal2P/MH2pZ4LVERXa/snTElhCawUlwtiFz/JvY5CiF/dcwd+AwFQq4jCC -B6UGCSqGSIb3DQEHATAUBggqhkiG9w0DBwQIRF525UfwszaAggeA85RmX6AXQMxb -eBDz/LJeCgc3RqU1UwIsbKMquIs1S46Ebbm5nP75izPnujOkJ2hv+LNzqOWADmOl -+CnGEq1qxTyduIgUDA2nBgCL/gVyVy+/XC9dtImUUTxtxLgYtB0ujkBNsOaENOlM -fv4SGM3jkR+K/xlYG6HHzZGbfYyNGj2Y7yMZ1rL1m8SnRNmkCysKGTrudeNf6wT9 -J6wO9DzLTioz3ZnVr3LjsSKIb4tIp4ugqNJaLuW7m3FtZ3MAgxN68hBbJs8TZ8tL -V/0jwUqS+grcgZEb9ymfcedxahtDUfHjRkpDpsxZzVVGkSBNcbQu92oByQVnRQ8m -wrYLp3/eawM5AvuV7HNpTT5ZR+1t8luishHN9899IMP2Vyg0Ub67FqFypYmM2cm2 -sjAI4KpfvT00XFNvgLuYwYEKs9syGTO7hiHNQKcF44F5LYv6nTFwmFQB11dAtY9V -ull4D2CLDx9OvyNyKwdEZB5dyV0r/uKIdkhST60V2Q9KegpzgFpoZtSKM/HPYSVH -1Bc9f3Q/GqZCvNZZCMx8UvRjQR8dRWDSmPJ0VXG1+wJ+fCmSPP3AuQ1/VsgPRqx2 -56VrpGPpGut40hV8xQFbWIZ2whwWLKPFAHj8B79ZtFUzUrU6Z2rNpvv8inHc/+S/ -b6GR5s8/gucRblvd7n3OFNX5UJmPmcw9zWbu/1Dr9DY8l0nAQh21y5FGSS8B1wdE -oD2M3Lp7JbwjQbRtnDhImqul2S4yu+m+wDD1aR2K4k3GAI7KKgOBWT0+BDClcn8A -4Ju6/YUbj33YlMPJgnGijLnolFy0hNW7TmWqR+8tSI3wO5eNKg4qwBnarqc3vgCV -quVxINAXyGQCO9lzdw6hudk8/+BlweGdqhONaIWbK5z1L/SfQo6LC9MTsj7FJydq -bc+kEbfZS8aSq7uc9axW6Ti0eAPJ8EVHtwhSBgZQRweKFBXs6HbbhMIdc4N0M7Oq -UiFXaF6s4n2uihVP6TqXtHEjTpZoC7pC+HCYiuKXUJtaqtXBOh+y3KLvHk09YL6D -XmTDg+UTiFsh4jKKm/BhdelbR5JbpJcj5AId76Mfr8+F/1g9ePOvsWHpQr/oIQTo -xEkaxCmzEgP0b6caMWfMUQrbVGxBBNcqKc/ir9fGGOPHATzzq/xLcQYvK1tZhd/D -ah/gpMPndsyvVCEuFPluWyDiM0VkwHgC2/3pJIYFHaxK64IutmPsy393rHMEB4kN -AHau6kWK+yL9qEVH1pP2zvswQ12P7gjt3T/G3bGsmvlXkEfztfjkXo6XnjcBNf5y -G+974AKLcjnk1gzIgarz+lAMY57Gkw4oNDMrTqVQ2OJQlvOSbllPXzH+aAiavB8W -ZPECLLwHxD4B1AuaiAArgKl935u/TOB+yQOR8JgGsUzROyJqHJ/SC51HkebgCkL1 -aggtjgPlIBEXLZAlhpWLZ9lAQyrQpvCVJYwaOvfMmvRav4NAFNoZ2/Q7S4Tn1z+U -XX+f+GD58P4MPMhU5IKnz4yH4nlHnAiTEvcs85TZUAXze9g/uBOwZITeGtyLi52S -aETIr4v7SgXMepX7ThQ1Pv/jddsK/u4j2F34u0XktwCP+UrbfkE2mocdXvdzxbmd -tZSznK2qwgVSsPOs9MhUaepbnjmNBFFBrULhrUtSglM/VX/rWNiyh0aw4XYyHhIt -9ZNlfEjKjJ67VEMBxBJ/ieUCouRGCxPYD1j65VT7oB3ZiyPu2F2nlUIcYNqPg1Sd -QBCrdaOXdJ0uLwyTAUeVE+wMbgscLvWsfZcCCJHAvw9NHFMUcnrdWxAYMVETNUOn -uryVAK7VfOldaz6z3NOSOi6nonNeHpR/sipBa4ik5xCRLT9e0S2QJgRvO9GyfAqz -3DIzHtxIGePFzTiUYUTxS3i2gnMX2PEe3ChTLlYWD3jNeAKz0iOzpDphIF2xHLLQ -1tCAqBmq/vUzALyDFFdFuTIqQZys4z/u4Dmyq9uXs421eN3v2hkVHvDy8uT2Ot29 -lg4Q5YezR1EjaW//9guL1BXbcKrTEdtxeNqtem7SpZOMTSwD2lhB8z65GrX90Cyt -EMmaRSGYEdf5h1afL1SmKOMskbqxe1D2jG/vsXC7XX7xO/ioy0BdiJcYN1JiMOHJ -EOzFol5I20YkiV6j+cenfQFwc/NkaSxEkR8AUHJSbvUmRQRl6r0nnsFpZdR1w7pv -wkaT+eOpZynO4mY/ZtF6MpXJsixi6L4ZYXEbS6yHf+XGFfB0okILylmwv2bf6+Mq -nqXlmGj3Jwq7X9/+2BDqvfpFFX5lSmItKZAobLdssjFR6roJxOqRsGia2aZ+0+U5 -VhgdITtnElgtHBaeZU5rHDswgdeLVBP+rGWnKxpJ+pLtNNi25sPYRcWFL6Erd25u -eXiY8GEIr+u7rqBWpc9HR34sAPRs3ubbCUleT748keCbx247ImBtiDctZxcc1O86 -+0QjHP6HUT7FSo/FmT7a120S3Gd2jixGh06l/9ij5Z6mJa7Rm7TTbSjup/XISnOT -MKWcbI1nfVOhCv3xDq2eLae+s0oVoc041ceRazqFM2TL/Z6UXRME</pre> +<p>Here’s the output of the above program:</p> +<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">From</span><span class="p">:</span> <span class="n">sender</span><span class="nd">@example</span><span class="o">.</span><span class="n">dom</span> +<span class="n">To</span><span class="p">:</span> <span class="n">recipient</span><span class="nd">@example</span><span class="o">.</span><span class="n">dom</span> +<span class="n">Subject</span><span class="p">:</span> <span class="n">M2Crypto</span> <span class="n">S</span><span class="o">/</span><span class="n">MIME</span> <span class="n">testing</span> +<span class="n">MIME</span><span class="o">-</span><span class="n">Version</span><span class="p">:</span> <span class="mf">1.0</span> +<span class="n">Content</span><span class="o">-</span><span class="n">Disposition</span><span class="p">:</span> <span class="n">attachment</span><span class="p">;</span> <span class="n">filename</span><span class="o">=</span><span class="s2">"smime.p7m"</span> +<span class="n">Content</span><span class="o">-</span><span class="n">Type</span><span class="p">:</span> <span class="n">application</span><span class="o">/</span><span class="n">x</span><span class="o">-</span><span class="n">pkcs7</span><span class="o">-</span><span class="n">mime</span><span class="p">;</span> <span class="n">name</span><span class="o">=</span><span class="s2">"smime.p7m"</span> +<span class="n">Content</span><span class="o">-</span><span class="n">Transfer</span><span class="o">-</span><span class="n">Encoding</span><span class="p">:</span> <span class="n">base64</span> + +<span class="n">MIIIwwYJKoZIhvcNAQcDoIIItDCCCLACAQAxggEAMIH9AgEAMGYwYTELMAkGA1UE</span> +<span class="n">BhMCU0cxETAPBgNVBAoTCE0yQ3J5cHRvMRkwFwYDVQQDExBTL01JTUUgUmVjaXBp</span> +<span class="n">ZW50MSQwIgYJKoZIhvcNAQkBFhVyZWNpcGllbnRAZXhhbXBsZS5kb20CAQAwDQYJ</span> +<span class="n">KoZIhvcNAQEBBQAEgYBlZlGupFphwhsGtIAPvDExN61qisz3oem88xoXkUW0SzoR</span> +<span class="n">B9zJFFAuQTWzdNJgrKKYikhWjDojaAc</span><span class="o">/</span><span class="n">PFl1K5dYxRgtZLB36ULJD</span><span class="o">/</span><span class="n">v</span><span class="o">/</span><span class="n">yWmxnjz8</span> +<span class="n">TvtK</span><span class="o">+</span><span class="n">Wbal2P</span><span class="o">/</span><span class="n">MH2pZ4LVERXa</span><span class="o">/</span><span class="n">snTElhCawUlwtiFz</span><span class="o">/</span><span class="n">JvY5CiF</span><span class="o">/</span><span class="n">dcwd</span><span class="o">+</span><span class="n">AwFQq4jCC</span> +<span class="n">B6UGCSqGSIb3DQEHATAUBggqhkiG9w0DBwQIRF525UfwszaAggeA85RmX6AXQMxb</span> +<span class="n">eBDz</span><span class="o">/</span><span class="n">LJeCgc3RqU1UwIsbKMquIs1S46Ebbm5nP75izPnujOkJ2hv</span><span class="o">+</span><span class="n">LNzqOWADmOl</span> +<span class="o">+</span><span class="n">CnGEq1qxTyduIgUDA2nBgCL</span><span class="o">/</span><span class="n">gVyVy</span><span class="o">+/</span><span class="n">XC9dtImUUTxtxLgYtB0ujkBNsOaENOlM</span> +<span class="n">fv4SGM3jkR</span><span class="o">+</span><span class="n">K</span><span class="o">/</span><span class="n">xlYG6HHzZGbfYyNGj2Y7yMZ1rL1m8SnRNmkCysKGTrudeNf6wT9</span> +<span class="n">J6wO9DzLTioz3ZnVr3LjsSKIb4tIp4ugqNJaLuW7m3FtZ3MAgxN68hBbJs8TZ8tL</span> +<span class="n">V</span><span class="o">/</span><span class="mi">0</span><span class="n">jwUqS</span><span class="o">+</span><span class="n">grcgZEb9ymfcedxahtDUfHjRkpDpsxZzVVGkSBNcbQu92oByQVnRQ8m</span> +<span class="n">wrYLp3</span><span class="o">/</span><span class="n">eawM5AvuV7HNpTT5ZR</span><span class="o">+</span><span class="mi">1</span><span class="n">t8luishHN9899IMP2Vyg0Ub67FqFypYmM2cm2</span> +<span class="n">sjAI4KpfvT00XFNvgLuYwYEKs9syGTO7hiHNQKcF44F5LYv6nTFwmFQB11dAtY9V</span> +<span class="n">ull4D2CLDx9OvyNyKwdEZB5dyV0r</span><span class="o">/</span><span class="n">uKIdkhST60V2Q9KegpzgFpoZtSKM</span><span class="o">/</span><span class="n">HPYSVH</span> +<span class="mi">1</span><span class="n">Bc9f3Q</span><span class="o">/</span><span class="n">GqZCvNZZCMx8UvRjQR8dRWDSmPJ0VXG1</span><span class="o">+</span><span class="n">wJ</span><span class="o">+</span><span class="n">fCmSPP3AuQ1</span><span class="o">/</span><span class="n">VsgPRqx2</span> +<span class="mi">56</span><span class="n">VrpGPpGut40hV8xQFbWIZ2whwWLKPFAHj8B79ZtFUzUrU6Z2rNpvv8inHc</span><span class="o">/+</span><span class="n">S</span><span class="o">/</span> +<span class="n">b6GR5s8</span><span class="o">/</span><span class="n">gucRblvd7n3OFNX5UJmPmcw9zWbu</span><span class="o">/</span><span class="mi">1</span><span class="n">Dr9DY8l0nAQh21y5FGSS8B1wdE</span> +<span class="n">oD2M3Lp7JbwjQbRtnDhImqul2S4yu</span><span class="o">+</span><span class="n">m</span><span class="o">+</span><span class="n">wDD1aR2K4k3GAI7KKgOBWT0</span><span class="o">+</span><span class="n">BDClcn8A</span> +<span class="mi">4</span><span class="n">Ju6</span><span class="o">/</span><span class="n">YUbj33YlMPJgnGijLnolFy0hNW7TmWqR</span><span class="o">+</span><span class="mi">8</span><span class="n">tSI3wO5eNKg4qwBnarqc3vgCV</span> +<span class="n">quVxINAXyGQCO9lzdw6hudk8</span><span class="o">/+</span><span class="n">BlweGdqhONaIWbK5z1L</span><span class="o">/</span><span class="n">SfQo6LC9MTsj7FJydq</span> +<span class="n">bc</span><span class="o">+</span><span class="n">kEbfZS8aSq7uc9axW6Ti0eAPJ8EVHtwhSBgZQRweKFBXs6HbbhMIdc4N0M7Oq</span> +<span class="n">UiFXaF6s4n2uihVP6TqXtHEjTpZoC7pC</span><span class="o">+</span><span class="n">HCYiuKXUJtaqtXBOh</span><span class="o">+</span><span class="n">y3KLvHk09YL6D</span> +<span class="n">XmTDg</span><span class="o">+</span><span class="n">UTiFsh4jKKm</span><span class="o">/</span><span class="n">BhdelbR5JbpJcj5AId76Mfr8</span><span class="o">+</span><span class="n">F</span><span class="o">/</span><span class="mi">1</span><span class="n">g9ePOvsWHpQr</span><span class="o">/</span><span class="n">oIQTo</span> +<span class="n">xEkaxCmzEgP0b6caMWfMUQrbVGxBBNcqKc</span><span class="o">/</span><span class="n">ir9fGGOPHATzzq</span><span class="o">/</span><span class="n">xLcQYvK1tZhd</span><span class="o">/</span><span class="n">D</span> +<span class="n">ah</span><span class="o">/</span><span class="n">gpMPndsyvVCEuFPluWyDiM0VkwHgC2</span><span class="o">/</span><span class="mi">3</span><span class="n">pJIYFHaxK64IutmPsy393rHMEB4kN</span> +<span class="n">AHau6kWK</span><span class="o">+</span><span class="n">yL9qEVH1pP2zvswQ12P7gjt3T</span><span class="o">/</span><span class="n">G3bGsmvlXkEfztfjkXo6XnjcBNf5y</span> +<span class="n">G</span><span class="o">+</span><span class="mi">974</span><span class="n">AKLcjnk1gzIgarz</span><span class="o">+</span><span class="n">lAMY57Gkw4oNDMrTqVQ2OJQlvOSbllPXzH</span><span class="o">+</span><span class="n">aAiavB8W</span> +<span class="n">ZPECLLwHxD4B1AuaiAArgKl935u</span><span class="o">/</span><span class="n">TOB</span><span class="o">+</span><span class="n">yQOR8JgGsUzROyJqHJ</span><span class="o">/</span><span class="n">SC51HkebgCkL1</span> +<span class="n">aggtjgPlIBEXLZAlhpWLZ9lAQyrQpvCVJYwaOvfMmvRav4NAFNoZ2</span><span class="o">/</span><span class="n">Q7S4Tn1z</span><span class="o">+</span><span class="n">U</span> +<span class="n">XX</span><span class="o">+</span><span class="n">f</span><span class="o">+</span><span class="n">GD58P4MPMhU5IKnz4yH4nlHnAiTEvcs85TZUAXze9g</span><span class="o">/</span><span class="n">uBOwZITeGtyLi52S</span> +<span class="n">aETIr4v7SgXMepX7ThQ1Pv</span><span class="o">/</span><span class="n">jddsK</span><span class="o">/</span><span class="n">u4j2F34u0XktwCP</span><span class="o">+</span><span class="n">UrbfkE2mocdXvdzxbmd</span> +<span class="n">tZSznK2qwgVSsPOs9MhUaepbnjmNBFFBrULhrUtSglM</span><span class="o">/</span><span class="n">VX</span><span class="o">/</span><span class="n">rWNiyh0aw4XYyHhIt</span> +<span class="mi">9</span><span class="n">ZNlfEjKjJ67VEMBxBJ</span><span class="o">/</span><span class="n">ieUCouRGCxPYD1j65VT7oB3ZiyPu2F2nlUIcYNqPg1Sd</span> +<span class="n">QBCrdaOXdJ0uLwyTAUeVE</span><span class="o">+</span><span class="n">wMbgscLvWsfZcCCJHAvw9NHFMUcnrdWxAYMVETNUOn</span> +<span class="n">uryVAK7VfOldaz6z3NOSOi6nonNeHpR</span><span class="o">/</span><span class="n">sipBa4ik5xCRLT9e0S2QJgRvO9GyfAqz</span> +<span class="mi">3</span><span class="n">DIzHtxIGePFzTiUYUTxS3i2gnMX2PEe3ChTLlYWD3jNeAKz0iOzpDphIF2xHLLQ</span> +<span class="mi">1</span><span class="n">tCAqBmq</span><span class="o">/</span><span class="n">vUzALyDFFdFuTIqQZys4z</span><span class="o">/</span><span class="n">u4Dmyq9uXs421eN3v2hkVHvDy8uT2Ot29</span> +<span class="n">lg4Q5YezR1EjaW</span><span class="o">//</span><span class="mi">9</span><span class="n">guL1BXbcKrTEdtxeNqtem7SpZOMTSwD2lhB8z65GrX90Cyt</span> +<span class="n">EMmaRSGYEdf5h1afL1SmKOMskbqxe1D2jG</span><span class="o">/</span><span class="n">vsXC7XX7xO</span><span class="o">/</span><span class="n">ioy0BdiJcYN1JiMOHJ</span> +<span class="n">EOzFol5I20YkiV6j</span><span class="o">+</span><span class="n">cenfQFwc</span><span class="o">/</span><span class="n">NkaSxEkR8AUHJSbvUmRQRl6r0nnsFpZdR1w7pv</span> +<span class="n">wkaT</span><span class="o">+</span><span class="n">eOpZynO4mY</span><span class="o">/</span><span class="n">ZtF6MpXJsixi6L4ZYXEbS6yHf</span><span class="o">+</span><span class="n">XGFfB0okILylmwv2bf6</span><span class="o">+</span><span class="n">Mq</span> +<span class="n">nqXlmGj3Jwq7X9</span><span class="o">/+</span><span class="mi">2</span><span class="n">BDqvfpFFX5lSmItKZAobLdssjFR6roJxOqRsGia2aZ</span><span class="o">+</span><span class="mi">0</span><span class="o">+</span><span class="n">U5</span> +<span class="n">VhgdITtnElgtHBaeZU5rHDswgdeLVBP</span><span class="o">+</span><span class="n">rGWnKxpJ</span><span class="o">+</span><span class="n">pLtNNi25sPYRcWFL6Erd25u</span> +<span class="n">eXiY8GEIr</span><span class="o">+</span><span class="n">u7rqBWpc9HR34sAPRs3ubbCUleT748keCbx247ImBtiDctZxcc1O86</span> +<span class="o">+</span><span class="mi">0</span><span class="n">QjHP6HUT7FSo</span><span class="o">/</span><span class="n">FmT7a120S3Gd2jixGh06l</span><span class="o">/</span><span class="mi">9</span><span class="n">ij5Z6mJa7Rm7TTbSjup</span><span class="o">/</span><span class="n">XISnOT</span> +<span class="n">MKWcbI1nfVOhCv3xDq2eLae</span><span class="o">+</span><span class="n">s0oVoc041ceRazqFM2TL</span><span class="o">/</span><span class="n">Z6UXRME</span> +</pre></div> </div> </div> <div class="section" id="decrypt-and-verify"> <h1>Decrypt and Verify<a class="headerlink" href="#decrypt-and-verify" title="Permalink to this headline">¶</a></h1> -<p>Suppose the above output has been saved into <tt class="docutils literal"><span class="pre">se.p7</span></tt>. The following +<p>Suppose the above output has been saved into <code class="docutils literal"><span class="pre">se.p7</span></code>. The following demonstrates how to decrypt and verify it:</p> -<div class="highlight-python"><div class="highlight"><pre><span></span><span class="kn">from</span> <span class="nn">M2Crypto</span> <span class="kn">import</span> <span class="n">BIO</span><span class="p">,</span> <span class="n">SMIME</span><span class="p">,</span> <span class="n">X509</span> +<div class="highlight-default"><div class="highlight"><pre><span></span><span class="kn">from</span> <span class="nn">M2Crypto</span> <span class="k">import</span> <span class="n">BIO</span><span class="p">,</span> <span class="n">SMIME</span><span class="p">,</span> <span class="n">X509</span> <span class="c1"># Instantiate an SMIME object.</span> <span class="n">s</span> <span class="o">=</span> <span class="n">SMIME</span><span class="o">.</span><span class="n">SMIME</span><span class="p">()</span> @@ -606,23 +609,24 @@ demonstrates how to decrypt and verify it:</p> <span class="n">p7</span><span class="p">,</span> <span class="n">data</span> <span class="o">=</span> <span class="n">SMIME</span><span class="o">.</span><span class="n">smime_load_pkcs7_bio</span><span class="p">(</span><span class="n">p7_bio</span><span class="p">)</span> <span class="n">v</span> <span class="o">=</span> <span class="n">s</span><span class="o">.</span><span class="n">verify</span><span class="p">(</span><span class="n">p7</span><span class="p">)</span> -<span class="k">print</span><span class="p">(</span><span class="n">v</span><span class="p">)</span> +<span class="nb">print</span><span class="p">(</span><span class="n">v</span><span class="p">)</span> </pre></div> </div> <p>The output is as follows:</p> -<div class="highlight-python"><pre>a sign of our times</pre> +<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">a</span> <span class="n">sign</span> <span class="n">of</span> <span class="n">our</span> <span class="n">times</span> +</pre></div> </div> </div> <div class="section" id="sending-s-mime-messages-via-smtp"> <h1>Sending S/MIME messages via SMTP<a class="headerlink" href="#sending-s-mime-messages-via-smtp" title="Permalink to this headline">¶</a></h1> -<p>In the above examples, we’ve assumed that our S/MIME messages are sent +<p>In the above examples, we’ve assumed that our S/MIME messages are sent and received automagically. The following is a Python function that generates S/MIME-signed/encrypted messages and sends them via SMTP:</p> -<div class="highlight-python"><div class="highlight"><pre><span></span><span class="kn">from</span> <span class="nn">M2Crypto</span> <span class="kn">import</span> <span class="n">BIO</span><span class="p">,</span> <span class="n">SMIME</span><span class="p">,</span> <span class="n">X509</span> +<div class="highlight-default"><div class="highlight"><pre><span></span><span class="kn">from</span> <span class="nn">M2Crypto</span> <span class="k">import</span> <span class="n">BIO</span><span class="p">,</span> <span class="n">SMIME</span><span class="p">,</span> <span class="n">X509</span> <span class="kn">import</span> <span class="nn">smtplib</span><span class="o">,</span> <span class="nn">string</span><span class="o">,</span> <span class="nn">sys</span> -<span class="k">def</span> <span class="nf">sendsmime</span><span class="p">(</span><span class="n">from_addr</span><span class="p">,</span> <span class="n">to_addrs</span><span class="p">,</span> <span class="n">subject</span><span class="p">,</span> <span class="n">msg</span><span class="p">,</span> <span class="n">from_key</span><span class="p">,</span> <span class="n">from_cert</span><span class="o">=</span><span class="bp">None</span><span class="p">,</span> <span class="n">to_certs</span><span class="o">=</span><span class="bp">None</span><span class="p">,</span> <span class="n">smtpd</span><span class="o">=</span><span class="s1">'localhost'</span><span class="p">):</span> +<span class="k">def</span> <span class="nf">sendsmime</span><span class="p">(</span><span class="n">from_addr</span><span class="p">,</span> <span class="n">to_addrs</span><span class="p">,</span> <span class="n">subject</span><span class="p">,</span> <span class="n">msg</span><span class="p">,</span> <span class="n">from_key</span><span class="p">,</span> <span class="n">from_cert</span><span class="o">=</span><span class="kc">None</span><span class="p">,</span> <span class="n">to_certs</span><span class="o">=</span><span class="kc">None</span><span class="p">,</span> <span class="n">smtpd</span><span class="o">=</span><span class="s1">'localhost'</span><span class="p">):</span> <span class="n">msg_bio</span> <span class="o">=</span> <span class="n">BIO</span><span class="o">.</span><span class="n">MemoryBuffer</span><span class="p">(</span><span class="n">msg</span><span class="p">)</span> <span class="n">sign</span> <span class="o">=</span> <span class="n">from_key</span> @@ -672,81 +676,83 @@ SMTP:</p> </div> <p>This function sends plain, S/MIME-signed, S/MIME-encrypted, and S/MIME-signed/encrypted messages, depending on the parameters -<tt class="docutils literal"><span class="pre">from_key</span></tt> and <tt class="docutils literal"><span class="pre">to_certs</span></tt>. The function’s output interoperates with +<code class="docutils literal"><span class="pre">from_key</span></code> and <code class="docutils literal"><span class="pre">to_certs</span></code>. The function’s output interoperates with Netscape Messenger.</p> </div> <div class="section" id="verifying-origin-of-s-mime-messages"> <h1>Verifying origin of S/MIME messages<a class="headerlink" href="#verifying-origin-of-s-mime-messages" title="Permalink to this headline">¶</a></h1> <p>In our examples above that decrypt or verify messages, we skipped a -step: verifying that the <tt class="docutils literal"><span class="pre">from</span></tt> address of the message matches the -<tt class="docutils literal"><span class="pre">email</span> <span class="pre">address</span></tt> attribute in the sender’s certificate.</p> +step: verifying that the <code class="docutils literal"><span class="pre">from</span></code> address of the message matches the +<code class="docutils literal"><span class="pre">email</span> <span class="pre">address</span></code> attribute in the sender’s certificate.</p> <p>The premise of current X.509 certification practice is that the CA is supposed to verify your identity, and to issue a certificate with -<tt class="docutils literal"><span class="pre">email</span> <span class="pre">address</span></tt> that matches your actual mail address. (Verisign’s +<code class="docutils literal"><span class="pre">email</span> <span class="pre">address</span></code> that matches your actual mail address. (Verisign’s March 2001 failure in identity verification resulting in Microsoft certificates being issued to spoofers notwithstanding.)</p> <p>If you run your own CA, your certification practice is up to you, of course, and it would probably be part of your security policy.</p> -<p>Whether your S/MIME messaging application needs to verify the <tt class="docutils literal"><span class="pre">from</span></tt> +<p>Whether your S/MIME messaging application needs to verify the <code class="docutils literal"><span class="pre">from</span></code> addresses of S/MIME messages depends on your security policy and your -system’s threat model, as always.</p> +system’s threat model, as always.</p> </div> <div class="section" id="interoperating-with-netscape-messenger"> <h1>Interoperating with Netscape Messenger<a class="headerlink" href="#interoperating-with-netscape-messenger" title="Permalink to this headline">¶</a></h1> <p>Suppose S/MIME Recipient uses Netscape Messenger. To enable Messenger to handle S/MIME messages from S/MIME Sender, S/MIME Recipient needs to configure Messenger with his private key and certificate, as well as -S/MIME Sender’s certificate.</p> +S/MIME Sender’s certificate.</p> <blockquote> -<div><strong>Note:</strong> Configuring Messenger’s POP or IMAP settings so that it +<div><strong>Note:</strong> Configuring Messenger’s POP or IMAP settings so that it retrieves mail correctly is beyond the scope of this HOWTO.</div></blockquote> -<p>The following steps demonstrate how to import S/MIME Recipient’s private +<p>The following steps demonstrate how to import S/MIME Recipient’s private key and certificate for Messenger:</p> <ol class="arabic"> -<li><p class="first">Transform S/MIME Recipient’s private key and certificate into <em>PKCS +<li><p class="first">Transform S/MIME Recipient’s private key and certificate into <em>PKCS #12</em> format:</p> -<div class="highlight-python"><pre>openssl pkcs12 -export -in recipient.pem -inkey recipient_key.pem \ - -name "S/MIME Recipient" -out recipient.p12 +<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">openssl</span> <span class="n">pkcs12</span> <span class="o">-</span><span class="n">export</span> <span class="o">-</span><span class="ow">in</span> <span class="n">recipient</span><span class="o">.</span><span class="n">pem</span> <span class="o">-</span><span class="n">inkey</span> <span class="n">recipient_key</span><span class="o">.</span><span class="n">pem</span> \ + <span class="o">-</span><span class="n">name</span> <span class="s2">"S/MIME Recipient"</span> <span class="o">-</span><span class="n">out</span> <span class="n">recipient</span><span class="o">.</span><span class="n">p12</span> -Enter Export Password:<enter> -Verifying password - Enter Export Password:<enter></pre> +<span class="n">Enter</span> <span class="n">Export</span> <span class="n">Password</span><span class="p">:</span><span class="o"><</span><span class="n">enter</span><span class="o">></span> +<span class="n">Verifying</span> <span class="n">password</span> <span class="o">-</span> <span class="n">Enter</span> <span class="n">Export</span> <span class="n">Password</span><span class="p">:</span><span class="o"><</span><span class="n">enter</span><span class="o">></span> +</pre></div> </div> </li> <li><p class="first">Start Messenger.</p> </li> -<li><p class="first">Click on the (open) “lock” icon at the bottom left corner of -Messenger’s window. This brings up the “Security Info” dialog box.</p> +<li><p class="first">Click on the (open) “lock” icon at the bottom left corner of +Messenger’s window. This brings up the “Security Info” dialog box.</p> </li> -<li><p class="first">Click on “Yours” under “Certificates”.</p> +<li><p class="first">Click on “Yours” under “Certificates”.</p> </li> -<li><p class="first">Select “Import a certificate”, then pick <tt class="docutils literal"><span class="pre">recipient.p12</span></tt> from the +<li><p class="first">Select “Import a certificate”, then pick <code class="docutils literal"><span class="pre">recipient.p12</span></code> from the ensuing file selection dialog box.</p> </li> </ol> -<p>Next, you need to import <tt class="docutils literal"><span class="pre">signer.pem</span></tt> as a CA certificate, so that -Messenger will mark messages signed by S/MIME Sender as “trusted”:</p> +<p>Next, you need to import <code class="docutils literal"><span class="pre">signer.pem</span></code> as a CA certificate, so that +Messenger will mark messages signed by S/MIME Sender as “trusted”:</p> <ol class="arabic"> -<li><p class="first">Create a DER encoding of <tt class="docutils literal"><span class="pre">signer.pem</span></tt>:</p> -<div class="highlight-python"><pre>openssl x509 -inform pem -outform der -in signer.pem -out signer.der</pre> +<li><p class="first">Create a DER encoding of <code class="docutils literal"><span class="pre">signer.pem</span></code>:</p> +<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">openssl</span> <span class="n">x509</span> <span class="o">-</span><span class="n">inform</span> <span class="n">pem</span> <span class="o">-</span><span class="n">outform</span> <span class="n">der</span> <span class="o">-</span><span class="ow">in</span> <span class="n">signer</span><span class="o">.</span><span class="n">pem</span> <span class="o">-</span><span class="n">out</span> <span class="n">signer</span><span class="o">.</span><span class="n">der</span> +</pre></div> </div> </li> -<li><p class="first">Install <tt class="docutils literal"><span class="pre">signer.der</span></tt> into Messenger as MIME type -<tt class="docutils literal"><span class="pre">application/x-x509-ca-cert</span></tt>. You do this by downloading -<tt class="docutils literal"><span class="pre">signer.der</span></tt> via Navigator from a HTTP or HTTPS server, with the -correct MIME type mapping. (You may use <tt class="docutils literal"><span class="pre">demo/ssl/https_srv.py</span></tt>, +<li><p class="first">Install <code class="docutils literal"><span class="pre">signer.der</span></code> into Messenger as MIME type +<code class="docutils literal"><span class="pre">application/x-x509-ca-cert</span></code>. You do this by downloading +<code class="docutils literal"><span class="pre">signer.der</span></code> via Navigator from a HTTP or HTTPS server, with the +correct MIME type mapping. (You may use <code class="docutils literal"><span class="pre">demo/ssl/https_srv.py</span></code>, bundled with M2Crypto, for this purpose.) Follow the series of dialog -boxes to accept <tt class="docutils literal"><span class="pre">signer.der</span></tt> as a CA for certifying email users.</p> +boxes to accept <code class="docutils literal"><span class="pre">signer.der</span></code> as a CA for certifying email users.</p> </li> </ol> -<p>S/MIME Recipient is now able to decrypt and read S/MIME Sender’s -messages with Messenger. Messenger will indicate that S/MIME Sender’s +<p>S/MIME Recipient is now able to decrypt and read S/MIME Sender’s +messages with Messenger. Messenger will indicate that S/MIME Sender’s messages are signed, encrypted, or encrypted <em>and</em> signed, as the case -may be, via the “stamp” icon on the message window’s top right corner.</p> -<p>Clicking on the “stamp” icon brings you to the Security Info dialog box. +may be, via the “stamp” icon on the message window’s top right corner.</p> +<p>Clicking on the “stamp” icon brings you to the Security Info dialog box. Messenger informs you that the message is, say, encrypted with 168-bit DES-EDE3-CBC and that it is digitally signed by the private key corresponding to the public key contained in the certificate -<tt class="docutils literal"><span class="pre">signer.pem</span></tt>.</p> +<code class="docutils literal"><span class="pre">signer.pem</span></code>.</p> </div> <div class="section" id="interoperating-with-microsoft-outlook"> <h1>Interoperating with Microsoft Outlook<a class="headerlink" href="#interoperating-with-microsoft-outlook" title="Permalink to this headline">¶</a></h1> @@ -782,7 +788,7 @@ document.)</p> </div> </div> </div> - <div class="sphinxsidebar"> + <div class="sphinxsidebar" role="navigation" aria-label="main navigation"> <div class="sphinxsidebarwrapper"> <h3><a href="index.html">Table Of Contents</a></h3> <ul> @@ -804,44 +810,48 @@ document.)</p> <li><a class="reference internal" href="#zsmime">ZSmime</a></li> <li><a class="reference internal" href="#resources">Resources</a></li> </ul> - - <h3>This Page</h3> - <ul class="this-page-menu"> - <li><a href="_sources/howto.smime.txt" - rel="nofollow">Show Source</a></li> - </ul> -<div id="searchbox" style="display: none"> +<div class="relations"> +<h3>Related Topics</h3> +<ul> + <li><a href="index.html">Documentation overview</a><ul> + </ul></li> +</ul> +</div> + <div role="note" aria-label="source link"> + <h3>This Page</h3> + <ul class="this-page-menu"> + <li><a href="_sources/howto.smime.rst.txt" + rel="nofollow">Show Source</a></li> + </ul> + </div> +<div id="searchbox" style="display: none" role="search"> <h3>Quick search</h3> <form class="search" action="search.html" method="get"> - <input type="text" name="q" /> - <input type="submit" value="Go" /> + <div><input type="text" name="q" /></div> + <div><input type="submit" value="Go" /></div> <input type="hidden" name="check_keywords" value="yes" /> <input type="hidden" name="area" value="default" /> </form> - <p class="searchtip" style="font-size: 90%"> - Enter search terms or a module, class or function name. - </p> </div> <script type="text/javascript">$('#searchbox').show(0);</script> </div> </div> <div class="clearer"></div> </div> - <div class="related"> - <h3>Navigation</h3> - <ul> - <li class="right" style="margin-right: 10px"> - <a href="genindex.html" title="General Index" - >index</a></li> - <li class="right" > - <a href="py-modindex.html" title="Python Module Index" - >modules</a> |</li> - <li><a href="index.html">M2Crypto documentation</a> »</li> - </ul> - </div> <div class="footer"> - © Copyright 2017, Matej Cepl <mcepl@cepl.eu>. - Created using <a href="http://sphinx.pocoo.org/">Sphinx</a> 1.1.3. + ©2017, Matej Cepl <mcepl@cepl.eu>. + + | + Powered by <a href="http://sphinx-doc.org/">Sphinx 1.6.4</a> + & <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.9</a> + + | + <a href="_sources/howto.smime.rst.txt" + rel="nofollow">Page source</a> </div> + + + + </body> </html>
\ No newline at end of file |