天道酬勤,学无止境

pyopenssl

How to install OpenSSL for Python

I need to install OpenSSL on my python2.7. I tried $ pip install pyopenssl And I got the following /usr/local/lib/python2.7/distutils/dist.py:267: UserWarning: Unknown distribution option: 'zip_safe' warnings.warn(msg) running build running build_py running build_ext building 'OpenSSL.crypto' extension gcc -pthread -fno-strict-aliasing -g -O2 -DNDEBUG -g -fwrapv -O3 -Wall -Wstrict-prototypes -fPIC -I/usr/local/include/python2.7 -c OpenSSL/crypto/crypto.c -o build/temp.linux-x86_64-2.7/OpenSSL/crypto/crypto.o In file included from OpenSSL/crypto/crypto.h:17, from OpenSSL/crypto/crypto.c:15

2021-11-21 11:41:32    分类:问答    python   python-2.7   ssl   openssl   pyopenssl

Pyopenssl to verify the file signature

I want to verify the downloaded file's signature and cert using pyopenssl, but the documentation is not clear and Google is of no help. I have a root CA cert in user's machine, now when user download the file then I will send a certificate and signature along with it. First I need to verify the certificate with rootCA on machine then I need to verify the signature with file In openssl I can use following to verify the ca cert openssl verify -CAfile <root_pem> <cert_pem> and following to verify the file openssl dgst <algo> -verify <cert_pub_key> -signature <signature> <file> I am looking for

2021-11-20 05:23:38    分类:问答    python   pyopenssl

How to select specific the cipher while sending request via python request module

Usecase: I want to find out how many ciphers are supported by the hostname with python request module. I am not able to find a way to provide the cipher name to request module hook. Can anyone suggest the way to provide the way to specify cipher. import ssl from requests.adapters import HTTPAdapter from requests.packages.urllib3.poolmanager import PoolManager class Ssl3HttpAdapter(HTTPAdapter): """"Transport adapter" that allows us to use SSLv3.""" def init_poolmanager(self, connections, maxsize, block=False): self.poolmanager = PoolManager( num_pools=connections, maxsize=maxsize, block=block

2021-11-20 02:28:00    分类:问答    python   python-3.x   https   python-requests   pyopenssl

无法在 C# 中验证 PyOpenSSL 签名(Can't verify PyOpenSSL signature in C#)

问题 我可以使用 OpenSSL 在 PHP 中签名和验证数据: function generate_signature($privateKey, $data) { $keyData = openssl_get_privatekey($privateKey); openssl_sign($data, $signature, $keyData, OPENSSL_ALGO_SHA256); openssl_free_key($keyData); $sigText = base64_encode($signature); return $sigText; } function verify_signature($pubKey, $sigText, $data) { $signature = base64_decode($sigText); $keyData = openssl_get_publickey($pubKey); $ok = openssl_verify($data, $signature, $keyData, "sha256WithRSAEncryption"); openssl_free_key($keyData); return $ok; } $privateKey= file_get_contents("private.key"); $pubKey = file_get

2021-11-10 11:49:12    分类:技术分享    c#   php   cryptography   bouncycastle   pyopenssl

Can't verify PyOpenSSL signature in C#

I can sign and verify data in PHP using OpenSSL: function generate_signature($privateKey, $data) { $keyData = openssl_get_privatekey($privateKey); openssl_sign($data, $signature, $keyData, OPENSSL_ALGO_SHA256); openssl_free_key($keyData); $sigText = base64_encode($signature); return $sigText; } function verify_signature($pubKey, $sigText, $data) { $signature = base64_decode($sigText); $keyData = openssl_get_publickey($pubKey); $ok = openssl_verify($data, $signature, $keyData, "sha256WithRSAEncryption"); openssl_free_key($keyData); return $ok; } $privateKey= file_get_contents("private.key");

2021-11-07 19:17:21    分类:问答    c#   php   cryptography   bouncycastle   pyopenssl

如何将 PyOpenSSL 对象转换为 PEM 编码的字符串?(How to convert PyOpenSSL object to PEM-encoded string?)

问题 我正在尝试使用 pyOpenSSL 从 PKCS12 文件中提取私钥和证书,并且很难弄清楚如何将数据转换为 PEM 编码的字符串。 下面的问题暗示这是可能的,但我一直无法弄清楚。 Python:使用 pyOpenSSL.crypto 读取 pkcs12 证书 回答1 查看 dump_certificate、dump_certificate_request、dump_privatekey 方法:http://pyopenssl.sourceforge.net/pyOpenSSL.html/openssl-crypto.html

2021-10-31 19:16:17    分类:技术分享    pyopenssl

mTLS 使用 Azure 函数 HTTP 触发器?(mTLS using Azure Function HTTP Trigger?)

问题 我正在使用带有 HTTP 触发器的 Python Azure 函数构建身份验证令牌服务器。 目标是使用双向 TLS (mTLS) 身份验证。 它的工作方式: 客户端使用两个标头向 Function 端点发送 http 请求: requestor-id :用于查找的标识符 X-ARR-ClientCert :他们的.pem证书的字符串表示 该函数将在先前共享请求者的.pem的数据库中查找使用pyOpenSSL ,该函数将加载两个.pem文件并比较请求证书和检索到的证书: not_valid_before/after日期common name issuer thumbprint 如果证书的每个属性都匹配,则函数将使用身份验证令牌进行响应,以便在下游数据调用中使用 我的问题是: 这并不是真正的“相互”,因为托管函数代码的服务器不会在握手中的任何地方(可见)展示其证书。 是MTLS的服务器端握手别处配置或做它“只是工作”,因为功能端点是http S中的开箱? 回答1 如果要在 Azure 函数应用中进行双向 TLS (mTLS) 身份验证,只需启用客户端证书。 执行此操作后,函数应用服务将使用客户端证书注入X-ARR-ClientCert请求标头。 除了将其转发到您的应用程序之外,Function App Service 不会对此客户端证书执行任何操作。

2021-10-30 15:43:11    分类:技术分享    python   azure-functions   pyopenssl   mutual-authentication   mtls

签署请求 jwt 以在 python3 中的 API 上使用(Signing for requesting a jwt to use on an API in python3)

问题 我尝试生成用于连接到 transip api 的 jwt 令牌,但无法弄清楚如何生成作为签名来请求一个。 我更愿意在 Python3 中做到这一点。 我该怎么做? transip 的 Api 文档,请参阅身份验证部分 我确实写了一些失败的代码: #!/usr/bin/env python3 import OpenSSL key='''-----BEGIN PRIVATE KEY----- MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDIYjaYtIh8EDSu wmVxRaXm6gtA9cRGds2juYvO+za8oQ+36OS4J35Hig/XE0Zr1hrfjGfnuy3bubrj zB/w3Hg4Kl63oBel/2HSmaNczR12dMGZzMqyHHXyZKl/cYjzhbgAucSM/q+inbuL 1gK0O9+Ov2Uc8iMfeRBG/XBNo5QVVzWYF+BSmojobawGMIR/LKKKJL6HNzdcz5yr PAWR0HfukpwuZcehEJca/TLgUf/FoBfRKm+tFVyVNYB6v2kvI0ASMMhsnsEnQ0CX 0mi9cmyXB6iB/5SnwKkXZIwPXwmyXvSwIdZiTU70QNlfGKrIGuv5+fDNd1+g7XDV

2021-10-26 13:57:32    分类:技术分享    python-3.x   api   pyopenssl

mTLS using Azure Function HTTP Trigger?

I'm working at building an auth token server using a Python Azure Function with HTTP trigger. The goal is to use mutual TLS (mTLS) authentication. The way it will work: Client sends http request to Function endpoint with two headers: requestor-id : an identifier used for lookups X-ARR-ClientCert : a string representation of their .pem certificate The Function will look in a database where requestor's .pem has been previously shared Using pyOpenSSL, the Function will load the two .pem files and compare the request cert and the retrieved certs: not_valid_before/after dates common name issuer

2021-10-25 11:18:12    分类:问答    python   azure-functions   pyopenssl   mutual-authentication   mtls

Signing for requesting a jwt to use on an API in python3

I try to generate a jwt token for connecting to transip api, but can't figure out how to generate as Signature to request one. I would prefer to do it in Python3. How should I do this? Api documentation of transip and see the section of Authentication I did write some code which fails: #!/usr/bin/env python3 import OpenSSL key='''-----BEGIN PRIVATE KEY----- MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDIYjaYtIh8EDSu wmVxRaXm6gtA9cRGds2juYvO+za8oQ+36OS4J35Hig/XE0Zr1hrfjGfnuy3bubrj zB/w3Hg4Kl63oBel/2HSmaNczR12dMGZzMqyHHXyZKl/cYjzhbgAucSM/q+inbuL 1gK0O9+Ov2Uc8iMfeRBG/XBNo5QVVzWYF

2021-10-24 08:19:32    分类:问答    python-3.x   api   pyopenssl