Skip to main content

A very poor tool to do S/MIME signatures on binary files. Probably insecurely.

Project description

===============
poor-smime-sign
===============

.. image:: https://img.shields.io/pypi/v/poor-smime-sign.svg
:target: https://pypi-hypernode.com/pypi/poor-smime-sign

.. image:: https://img.shields.io/travis/seporaitis/poor-smime-sign.svg
:target: https://travis-ci.org/seporaitis/poor-smime-sign


A very poor tool to generate S/MIME signatures for arbitrary content & probably insecurely too.

A quick example:

.. code-block:: python

>>> smime_sign(
... signer_cert_path="/path/to/files/signer.cert",
... signer_key_path="/path/to/files/signer.pem",
... recipient_cert_path="/path/to/files/recipient.cert",
... content="test",
... output_format="PEM",
... )

Features
--------

* Does S/MIME signatures.
* Verifies S/MIME signatures.


Why?
--------

This utility library has single purpose - provide support for making
S/MIME signatures on Python2 **and 3**, which currently lacks any
proper libraries for that purpose.

The main use case it is built for: at work our system has to generate
Apple Passbook Pass files, which include an S/MIME
signature. Currently it is done using ``M2Crypto.SMIME``. While that
works - we want to migrate to Python3, and unfortunately for us
``M2Crypto`` is not fully supported. ``smime_sign`` is a poor man's
solution for this problem.

Internally this does nothing more than call `openssl smime`_, so you
might want to see its docs too.

.. _openssl smime: https://www.openssl.org/docs/manmaster/apps/smime.html


Why not?
--------

* This may be insecure.
* This may be slow if you are signing large blobs of text.


API
===

``smime_sign(signer_cert_path, signer_key_path, cert_path, recipient_cert_path, content, output_format)``
----------------------------------------------------------------------------------------------

Generates and returns signature string for ``content`` in
``output_format``.

All ``*_path`` arguments must be absolute
paths.

``content`` must be a string, not a path.

Example to generate signature for Passbook manifest:

.. code-block:: python

>>> manifest_json = "..." # JSON string with `manifest.json` content
>>> signature = smime_sign(
... signer_cert_path="/path/to/files/signer.cert",
... signer_key_path="/path/to/files/signer.pem",
... cert_path="/path/to/files/intermediate.cert",
... recipient_cert_path=None,
... content=manifest_json,
... output_format="DER",
... )

``smime_verify(signer_cert_path, content_path, signature_path, signature_format)``
----------------------------------------------------------------------------------

Verifies a ``content_path`` file against a signature at ``signature_path``.

Note: this function was added to help in the tests only.


Credits
---------

Tools used in rendering this package:

* Cookiecutter_
* `cookiecutter-pypackage`_

.. _Cookiecutter: https://github.com/audreyr/cookiecutter
.. _`cookiecutter-pypackage`: https://github.com/audreyr/cookiecutter-pypackage




History
-------

1.0.0 (2015-11-27)
------------------

* First release on PyPI.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

poor-smime-sign-2.0.0.tar.gz (12.7 kB view details)

Uploaded Source

File details

Details for the file poor-smime-sign-2.0.0.tar.gz.

File metadata

File hashes

Hashes for poor-smime-sign-2.0.0.tar.gz
Algorithm Hash digest
SHA256 b0e271fefe2bb1a8cd577c3b8de2eb20355308056c8239707365cb1aec3ce5cc
MD5 620bb98b2c55f84b3bd3be34ba04c13c
BLAKE2b-256 39010e68e564d9f17f367b14f64959ed87ba8332930da62d80336ded902a2748

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page