[Pyxmlsec-devel] xmlsec in python

Dolf Andringa dolfandringa at gmail.com
Wed Feb 22 09:44:21 CET 2012


Hi Dieter,

Thanks a lot. I know the DER format, just didn't know it is a binary
format. Ik know how to convert to the DER format using openssl. I might
also be able to do it on the fly using M2Crypto. We'll see. Thanks a lot
for the help! I'll check if it work in a few minutes, and post the solution
to the list for posterity.

Cheers,

Dolf.


On 22 February 2012 09:27, Dieter Maurer <dieter at handshake.de> wrote:

> Dear Dolf,
>
> Dolf Andringa wrote at 2012-2-22 08:36 +0100:
> >Thanks a lot for the help. Yeah, I am not fluent in C, but I next time I
> >will first take a look. The keyfile is indeed in PEM format. I was indeed
> >confused about the "Binary" part in xmlSecReadBinaryFile. I have never
> >heard of binary key files. Do you have any tips on how to convert a PEM
> >encoded file to a binary key file?
>
> Under "*nix", the "openssl" command is able to perform all kinds
> of operations related to keys and certificates. When I remember
> right, it can also convert between different formats
> (using the options "-inform" and "-outform"). However,
> the set of its subcommands and their options is huge. It may take
> some time before you find the correct way to perform the conversion
> (I do not have the details at hand).
>
> The binary format is called "Der" format.
>
>
> An easier alternative could be to use a different way to load the key.
> I, for examle, use:
>
> import xmlsec
> xmlsec.cryptoAppKeyLoad('key.pem',  xmlsec.KeyDataFormatPem, None, None,
> None)
>
> I am not sure that it will work for encryption keys (I tried only
> with signature keys). The information that the key is
> an RSA key (and not something else) will need to come from a
> different place. In the signature case, it comes from the
> "Algorithm" attribute of the "ds:Signature" node.
>
> When I have read the "xml-encryption" standard (some years ago)
> I have found some similarities with "xml-signature".
> Therefore, I am quite confident that there are ways to
> specify the algorithm to use with XML. However, your
> example might not use them.
>
> >Is it just a matter of base64 unencoding
> >the PEM encoded data and reading that using xmlsec.KeyReadBuffer? Or is
> >there an openssl or other way to convert the keyfile?
>
> The PEM has at least an additional envelope around the base64 encode
> binary data. I do not know the format sufficiently to confirm
> that this is the only difference. Use an "official" way to
> convert (if necessary).
>
>
>
> --
> Dieter
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.labs.libre-entreprise.org/pipermail/pyxmlsec-devel/attachments/20120222/0fb65b5b/attachment.html>


More information about the Pyxmlsec-devel mailing list