How to verify ECDSA/SHA2 S-MIME signature with python?

StackOverflow https://stackoverflow.com/questions/2238128

Question

We need to choose between two signature schemes:

  • RSA/SHA2 S-MIME signatures
  • ECDSA/SHA2 S-MIME signatures

For that our python software needs to support one of this scheme. Currently for some political reasons the ECDSA solution is prefered.

Is the ECDSA solution supported by any of the python crypto modules (M2Crypto, ...) and do you have an example for that ?

The ECDSA support seems very young even for openssl.

Thanks in advance

Was it helpful?

Solution

ECDSA is supported in M2Crypto, but it can be optionally disabled. For example Fedora-based systems ship with ECDSA disabled in OpenSSL and M2Crypto. M2Crypto has some SMIME support as well, but since I haven't used it much I am not sure if that would be of help in this case. See the M2Crypto SMIME doc and SMIME unit tests, as well as ec unit tests.

OTHER TIPS

Ecliptic Curve Cryptography (ECDSA) as well as the more common RSA is supported by the OpenSSL library. I recommend using the pyOpenSSL bridge.

You can try using the python ecdsa package, using Python3:

pip3 install ecdsa

Usage:

from ecdsa import SigningKey
sk = SigningKey.generate() # uses NIST192p
vk = sk.get_verifying_key()
sig = sk.sign(b"message")
vk.verify(sig, b"message") # True

To verify an existing signature with a public key:

from ecdsa import VerifyingKey

message = b"message"
public_key = '7bc9c7867cffb07d3443754ecd3d0beb6c4a2f5b0a06ea96542a1601b87892371485fda33fe28ed1c1669828a4bb2514'
sig = '8eb2c6bcd5baf7121facfe6b733a7835d01cef3d430a05a4bcc6c5fbae37d64fb7a6f815bb96ea4f7ed8ea0ab7fd5bc9'

vk = VerifyingKey.from_string(bytes.fromhex(public_key))
vk.verify(bytes.fromhex(sig), message) # True

The package is compatible with Python 2 as well

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top