pycryptoprosdk
pycryptoprosdk copied to clipboard
Keyintegrity
CadesSignMessage failed (error 0x8009200b).
Подскажите, каким образом привязать private.key к самоподписанному x509 сертификату, чтобы Cades смог подписывать контент?
from OpenSSL import crypto
from pycryptoprosdk import CryptoProSDK
CERT_FILE = "selfsigned.crt"
PRIVATE_KEY_FILE = "private.key"
PUBLIC_KEY_FILE = "public.key"
COMMON_NAME = 'Фамилия Имя Отчество'
def raw_cert(bytes_content):
return ('\n'.join(bytes_content.decode().split('\n')[1:-2])+'\n').encode()
def create_self_signed_cert(common_name=COMMON_NAME, country='RU', state = 'Test state', city='Test city', organization='test organization', organizational_unit = 'test organizational unit'):
# create a key pair
k = crypto.PKey()
k.generate_key(crypto.TYPE_RSA, 1024)
# create a self-signed cert
cert = crypto.X509()
cert.get_subject().C = country
cert.get_subject().ST = state
cert.get_subject().L = city
cert.get_subject().O = organization
cert.get_subject().OU = organizational_unit
cert.get_subject().CN = common_name
cert.set_serial_number(1000)
cert.gmtime_adj_notBefore(0)
cert.gmtime_adj_notAfter(10*365*24*60*60)#10 years
cert.set_issuer(cert.get_subject())
cert.set_pubkey(k)
cert.sign(k, 'sha1')
open(CERT_FILE, "wb+").write(
crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
open(PRIVATE_KEY_FILE, "wb+").write(
crypto.dump_privatekey(crypto.FILETYPE_PEM, k))
open(PUBLIC_KEY_FILE, "wb+").write(
crypto.dump_publickey(crypto.FILETYPE_PEM, k))
create_self_signed_cert() #creates selfsigned.crt, public.key, private.key
sdk = CryptoProSDK()
sdk.install_certificate('MY', raw_cert(open(CERT_FILE, 'rb').read()))
content = "test content"
cert = sdk.get_cert_by_subject('MY',COMMON_NAME)
signature = sdk.sign(content, cert.thumbprint, 'MY', detached=True)
"""
Exception has occurred: ValueError (note: full exception trace is shown but execution is paused at: _run_module_as_main)
CadesSignMessage failed (error 0x8009200b).
"""
