I need to create a PKCS7 signature for some data using my Python app running on the Google App Engine (GAE). In particular, I am trying to create the PKCS7 signature of the Apple Passbook pass manifest; Skipping Passbook requires the PKCS7 signature file to be present in order to be a complete and valid pass.
I spent almost a week searching and trying to no avail.
I can successfully create a signature using the openssl command line on my local PC using
openssl smime -binary -sign -certfile WWDR.pem -signer certificate.pem -inkey key.pem -in manifest.json -out signature -outform DER
I can also successfully create a signature using the M2Crypto library on my local PC using
from M2Crypto import BIO, SMIME, X509
s = SMIME.SMIME()
s.load_key('identity.pem')
x509 = X509.load_cert('WWDR.pem')
sk = X509.X509_Stack()
sk.push(x509)
s.set_x509_stack(sk)
p7 = s.sign(bio_manifest, SMIME.PKCS7_DETACHED | SMIME.PKCS7_BINARY)
pkcs7_buffer = BIO.MemoryBuffer()
p7.write_der(pkcs7_buffer)
f = open('signature', 'w')
f.write(pkcs7_buffer.read())
f.close()
However, M2Crypto is a shell for OpenSSL, which is not supported in GAE.
GAE supports the pycrypto library, but it seems that this library does not support PKCS7 signature.
tlslite, python GAE, PKCS7.
, PKCS7 GAE. python , .
, , , GAE, . , GAE openssl, ; , -, -, . (), .
!