summaryrefslogtreecommitdiff
path: root/pipermail/pycrypto/attachments/20130926/822ef95a/attachment.html
diff options
context:
space:
mode:
Diffstat (limited to 'pipermail/pycrypto/attachments/20130926/822ef95a/attachment.html')
-rw-r--r--pipermail/pycrypto/attachments/20130926/822ef95a/attachment.html30
1 files changed, 30 insertions, 0 deletions
diff --git a/pipermail/pycrypto/attachments/20130926/822ef95a/attachment.html b/pipermail/pycrypto/attachments/20130926/822ef95a/attachment.html
new file mode 100644
index 0000000..f3f16d8
--- /dev/null
+++ b/pipermail/pycrypto/attachments/20130926/822ef95a/attachment.html
@@ -0,0 +1,30 @@
+<tt>
+&lt;div&nbsp;dir=&quot;ltr&quot;&gt;&lt;div&gt;I&nbsp;apologize&nbsp;before&nbsp;hand&nbsp;for&nbsp;the&nbsp;long&nbsp;e-mail,&nbsp;but&nbsp;I&nbsp;just&nbsp;wanted&nbsp;to&nbsp;be&nbsp;thorough&nbsp;in&nbsp;what&nbsp;I&nbsp;was&nbsp;doing.&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;I&nbsp;am&nbsp;trying&nbsp;to&nbsp;use&nbsp;the&nbsp;PyCrypto&nbsp;library&nbsp;to&nbsp;achieve&nbsp;two&nbsp;similar&nbsp;things.&nbsp;The&nbsp;first&nbsp;use&nbsp;is&nbsp;to&nbsp;verify&nbsp;that&nbsp;a&nbsp;piece&nbsp;of&nbsp;data&nbsp;has&nbsp;been&nbsp;signed&nbsp;by&nbsp;the&nbsp;private&nbsp;key&nbsp;of&nbsp;a&nbsp;certain&nbsp;certificate.&nbsp;The&nbsp;other&nbsp;use&nbsp;is&nbsp;to&nbsp;verify&nbsp;a&nbsp;certificate&nbsp;chain&nbsp;(verify&nbsp;that&nbsp;certificate&nbsp;A&nbsp;has&nbsp;signed&nbsp;B,&nbsp;and&nbsp;then&nbsp;that&nbsp;B&nbsp;has&nbsp;signed&nbsp;C).&lt;div&gt;<br>
+<br>
+&lt;br&gt;&lt;/div&gt;&lt;div&gt;The&nbsp;process&nbsp;is&nbsp;as&nbsp;follows:&lt;/div&gt;&lt;div&gt;Client&nbsp;generates&nbsp;certificate&nbsp;/&nbsp;key-pairs&nbsp;A,&nbsp;B,&nbsp;C&nbsp;and&nbsp;D.&nbsp;A&nbsp;signs&nbsp;B,&nbsp;and&nbsp;B&nbsp;signs&nbsp;C&nbsp;and&nbsp;D.&nbsp;Then&nbsp;the&nbsp;certificates&nbsp;for&nbsp;A,&nbsp;signed&nbsp;B,&nbsp;signed&nbsp;C&nbsp;and&nbsp;signed&nbsp;D&nbsp;are&nbsp;pushed&nbsp;to&nbsp;a&nbsp;server.&nbsp;The&nbsp;server&nbsp;responds&nbsp;with&nbsp;a&nbsp;randomly&nbsp;generated&nbsp;bit&nbsp;of&nbsp;binary&nbsp;data&nbsp;for&nbsp;each&nbsp;certificate.&nbsp;The&nbsp;client&nbsp;uses&nbsp;each&nbsp;certificate&nbsp;/&nbsp;key-pair&nbsp;to&nbsp;sign&nbsp;the&nbsp;respective&nbsp;binary&nbsp;data,&nbsp;and&nbsp;then&nbsp;pushes&nbsp;the&nbsp;(base64&nbsp;encoded)&nbsp;signed&nbsp;responses&nbsp;back&nbsp;to&nbsp;the&nbsp;server.&nbsp;The&nbsp;server&nbsp;then&nbsp;takes&nbsp;the&nbsp;responses,&nbsp;decodes&nbsp;them&nbsp;and&nbsp;tries&nbsp;to&nbsp;verify&nbsp;the&nbsp;signatures&nbsp;on&nbsp;the &lt;/div&gt;<br>
+<br>
+&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;Code&nbsp;/&nbsp;Attempts:&lt;/div&gt;&lt;div&gt;My&nbsp;first&nbsp;attempt&nbsp;-&lt;/div&gt;&lt;blockquote&nbsp;style=&quot;margin:0&nbsp;0&nbsp;0&nbsp;40px;border:none;padding:0px&quot;&gt;&lt;div&gt;###&lt;/div&gt;&lt;div&gt;#Function&nbsp;-&nbsp;verifying&nbsp;the&nbsp;signed&nbsp;challenges&lt;/div&gt;&lt;div&gt;###&lt;/div&gt;&lt;div&gt;<br>
+Astr&nbsp;=&nbsp;storedcertificates[&quot;acert&quot;]&lt;/div&gt;<br>
+&lt;div&gt;Achallenge&nbsp;=&nbsp;storedchallenges[&quot;achallenge&quot;]&lt;/div&gt;&lt;div&gt;Signedchallenge&nbsp;=&nbsp;(read&nbsp;in&nbsp;from&nbsp;http&nbsp;post&nbsp;request)&lt;/div&gt;&lt;div&gt;Acert&nbsp;=&nbsp;load_certificate(FILETYPE_PEM,&nbsp;Astr)&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;try:&lt;/div&gt;&lt;div&gt; &nbsp; verify&nbsp;(Acert,&nbsp;Signedchallenge,&nbsp;Achallenge,&nbsp;&quot;sha256&quot;)&lt;/div&gt;<br>
+<br>
+&lt;div&gt;except&nbsp;Exception&nbsp;e:&lt;/div&gt;&lt;div&gt; &nbsp; print&nbsp;&quot;failed&nbsp;to&nbsp;verify&nbsp;for&nbsp;reason:&quot;&lt;/div&gt;&lt;div&gt; &nbsp; print&nbsp;e&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;#Repeat&nbsp;above&nbsp;for&nbsp;B,&nbsp;C&nbsp;and&nbsp;D&lt;/div&gt;&lt;div&gt;###&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;With&nbsp;this&nbsp;code&nbsp;I&nbsp;got&nbsp;the&nbsp;following&nbsp;error&nbsp;response&nbsp;from&nbsp;the&nbsp;verify&nbsp;function:&nbsp;&quot;must&nbsp;be&nbsp;string&nbsp;without&nbsp;null&nbsp;bytes,&nbsp;not&nbsp;str&quot;.&lt;/div&gt;<br>
+<br>
+&lt;/blockquote&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;My&nbsp;second&nbsp;attempt&nbsp;- &lt;/div&gt;&lt;blockquote&nbsp;style=&quot;margin:0&nbsp;0&nbsp;0&nbsp;40px;border:none;padding:0px&quot;&gt;&lt;div&gt;Having&nbsp;the&nbsp;above&nbsp;code&nbsp;fail,&nbsp;I&nbsp;then&nbsp;found&nbsp;and&nbsp;tried&nbsp;adapting&nbsp;the&nbsp;code &lt;a&nbsp;href=&quot;http://www.v13.gr/blog/?p=303&quot;&gt;here&lt;/a&gt;,&nbsp;but&nbsp;I&nbsp;first&nbsp;received&nbsp;that&nbsp;the&nbsp;function&nbsp;&quot;get_signature_algorithm()&quot;&nbsp;does&nbsp;not&nbsp;exists&nbsp;for&nbsp;X509&nbsp;certificates,&nbsp;and&nbsp;then&nbsp;received&nbsp;the&nbsp;same&nbsp;error&nbsp;response&nbsp;back&nbsp;for&nbsp;the&nbsp;verify&nbsp;function&nbsp;if&nbsp;I&nbsp;commented&nbsp;out&nbsp;the&nbsp;signature&nbsp;algorithm&nbsp;and&nbsp;just&nbsp;manually&nbsp;provided&nbsp;the&nbsp;digest.&lt;/div&gt;<br>
+<br>
+&lt;div&gt;###&lt;/div&gt;&lt;div&gt;#Function&nbsp;-&nbsp;verify&nbsp;the&nbsp;signed&nbsp;challenges&nbsp;modified&nbsp;example&lt;/div&gt;&lt;div&gt;###&lt;/div&gt;&lt;div&gt;&lt;div&gt;Acert&nbsp;=&nbsp;load_certificate(FILETYPE_PEM,&nbsp;storedcerts[&quot;root&quot;])&lt;/div&gt;&lt;/div&gt;&lt;div&gt;&lt;div&gt;challenge&nbsp;=&nbsp;(original&nbsp;binary&nbsp;challenge&nbsp;sent&nbsp;to&nbsp;client)&lt;/div&gt;<br>
+<br>
+&lt;/div&gt;&lt;div&gt;&lt;div&gt;algorithm&nbsp;=&nbsp;Acert.get_signature_algorithm()&lt;/div&gt;&lt;/div&gt;&lt;div&gt;&lt;div&gt;dersigin&nbsp;=&nbsp;asn1.DerObject()&lt;/div&gt;&lt;/div&gt;&lt;div&gt;&lt;div&gt;dersigin.decode(rootchal)&lt;/div&gt;&lt;/div&gt;&lt;div&gt;&lt;div&gt;sig0&nbsp;=&nbsp;dersigin.payload&lt;/div&gt;&lt;/div&gt;&lt;div&gt;&lt;div&gt;<br>
+<br>
+if&nbsp;sig0[0]&nbsp;!=&nbsp;&#39;\x00&#39;:&lt;/div&gt;&lt;/div&gt;&lt;div&gt;&lt;div&gt;&lt;span&nbsp;class=&quot;&quot;&nbsp;style=&quot;white-space:pre&quot;&gt;&nbsp;&nbsp;&nbsp;&nbsp;&lt;/span&gt;print&nbsp;&quot;sig0&nbsp;error&quot;&lt;/div&gt;&lt;/div&gt;&lt;div&gt;&lt;div&gt;&lt;span&nbsp;class=&quot;&quot;&nbsp;style=&quot;white-space:pre&quot;&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;/span&gt;print&nbsp;sig0&lt;/div&gt;&lt;/div&gt;&lt;div&gt;<br>
+<br>
+&lt;div&gt;&lt;span&nbsp;class=&quot;&quot;&nbsp;style=&quot;white-space:pre&quot;&gt;&nbsp;&nbsp;&nbsp;&nbsp;&lt;/span&gt;return&nbsp;False&lt;/div&gt;&lt;/div&gt;&lt;div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;/div&gt;&lt;div&gt;&lt;div&gt;signature&nbsp;=&nbsp;sig0[1:]&lt;/div&gt;&lt;/div&gt;&lt;div&gt;&lt;div&gt;try:&lt;/div&gt;&lt;/div&gt;&lt;div&gt;&lt;div&gt;&lt;span&nbsp;class=&quot;&quot;&nbsp;style=&quot;white-space:pre&quot;&gt;&nbsp;&nbsp;&nbsp;&nbsp;&lt;/span&gt;verify(Acert,&nbsp;signature,&nbsp;challenge,&nbsp;algorithm)&lt;/div&gt;<br>
+<br>
+&lt;/div&gt;&lt;div&gt;&lt;div&gt;&lt;span&nbsp;style=&quot;white-space:pre&quot;&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;#&lt;/span&gt;verify(Acert,&nbsp;signature,&nbsp;challenge,&nbsp;&quot;sha256&quot;)&nbsp;#Alternate&nbsp;without&nbsp;the&nbsp;get_sig_alg()&lt;/div&gt;&lt;/div&gt;&lt;div&gt;&lt;div&gt;except:&lt;/div&gt;&lt;/div&gt;&lt;div&gt;&lt;div&gt;&lt;span&nbsp;class=&quot;&quot;&nbsp;style=&quot;white-space:pre&quot;&gt;&nbsp;&nbsp;&lt;/span&gt;print&nbsp;&quot;verifcation&nbsp;failed&quot;&lt;/div&gt;<br>
+<br>
+&lt;/div&gt;&lt;div&gt;&lt;div&gt;&lt;span&nbsp;class=&quot;&quot;&nbsp;style=&quot;white-space:pre&quot;&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;/span&gt;return&nbsp;False&lt;/div&gt;&lt;/div&gt;&lt;div&gt;&lt;div&gt;print&nbsp;&quot;THE&nbsp;VERIFICATION&nbsp;WORKED?!?!?!?!?!?!??!&quot;&lt;/div&gt;&lt;/div&gt;&lt;div&gt;&lt;div&gt;return&nbsp;True&lt;/div&gt;&lt;/div&gt;&lt;/blockquote&gt;&lt;div&gt;&lt;br&gt;<br>
+&lt;/div&gt;<br>
+&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;For&nbsp;the&nbsp;chain&nbsp;verification&nbsp;stuff,&nbsp;I&nbsp;followed&nbsp;the&nbsp;example&nbsp;code&nbsp;from&nbsp;the&nbsp;above&nbsp;link&nbsp;exactly,&nbsp;but&nbsp;received&nbsp;the&nbsp;same&nbsp;errors&nbsp;as&nbsp;the&nbsp;second&nbsp;example&nbsp;code&nbsp;(algorithm&nbsp;and&nbsp;string&nbsp;/&nbsp;str).&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;<br>
+<br>
+What&nbsp;am&nbsp;I&nbsp;doing&nbsp;wrong&nbsp;/&nbsp;How&nbsp;am&nbsp;I&nbsp;using&nbsp;the&nbsp;library&nbsp;incorrectly?&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;Thanks,&lt;/div&gt;&lt;div&gt;Kyle&nbsp;Cummings&lt;/div&gt;&lt;/div&gt;<br>
+
+</tt>
View Lorry Controller Status