我正在尝试使用 python m2crypto 库创建分离符号:
import M2Crypto
msg = 'Some message'
buffer = M2Crypto.BIO.MemoryBuffer(msg)
signer = M2Crypto.SMIME.SMIME()
signer.load_key('keynopass.pem', 'clcert.pem')
p7 = signer.sign(buffer, flags=M2Crypto.SMIME.PKCS7_DETACHED)
out = M2Crypto.BIO.MemoryBuffer()
p7.write_pem(out)
sf = open('request.xml.sign', 'w')
sf.write(out.getvalue())
但我收到了这个错误:
Traceback (most recent call last):
File "stackexchange.py", line 5, in <module>
signer.load_key('keynopass.pem', 'clcert.pem')
File "/usr/lib/python2.7/dist-packages/M2Crypto/SMIME.py", line 137, in load_key
self.pkey = EVP.load_key(keyfile, callback)
File "/usr/lib/python2.7/dist-packages/M2Crypto/EVP.py", line 370, in load_key
raise EVPError(Err.get_error())
M2Crypto.EVP.EVPError: 3072936704:error:0609E09C:digital envelope routines:PKEY_SET_TYPE:unsupported algorithm:p_lib.c:239:
3072936704:error:0606F076:digital envelope routines:EVP_PKCS82PKEY:unsupported private key algorithm:evp_pkey.c:84:TYPE=GOST R 34.10-2001
3072936704:error:0907B00D:PEM routines:PEM_READ_BIO_PRIVATEKEY:ASN1 lib:pem_pkey.c:132:
当我尝试使用 openssl 命令执行相同操作时,它工作正常:
openssl smime -sign -binary -signer clcert.pem -inkey keynopass.pem -outform PEM -in request.xml -out request.xml.sign