cmssign

Tool for cms signature

These details have not been verified by PyPI

Project description

Introduce

This tool is used sign file with Cryptographic Message Syntax. And add a Timestamp Reply to the cms file optionally.

Installation

To install using pip,:

python -m pip install --upgrade pip
python -m pip install cmssign

This tool depend on cryptographic and asn1crypto

Notice

The version 0.0.1 have some bug, it should not be used.

History

0.0.3 support normal rsa signature
0.0.4 add support for RSASSA-PSS signature, but need java because openssl not support pss padding for timestamp signature

Use with GUI

cmssignui

Use within Command line

cmssign sign

Usage: cmssign sign [-h] --cafile CAFILE --cakey CAKEY [--tsca TSACA] [--tskey TSAKEY] --in INFILE [--out OUTFILE]

      -h, --help            show this help message and exit
      --signer CAFILE       signer certificate file, DER format
      --key CAKEY           signer private key
      --signerCA SIGNERCA   CA of signer, DER format
      --signerCRL SIGNERCRL
                            CRL of signer, DER format
      --rootCRL ROOTCRL     CRL of root CA, DER format
      --tssigner TSSIGNER   timestamp signer certificate, DER format
      --tskey TSKEY         timestamp signer private key, DER format
      --tsCA TSCA           CA of timestamp signer, DER format
      --timestamp TIMESTAMP
                            timestamp. use system time if not set. format must be
                            '20220101123000' yyyyMMDDHHMMSS
      --in INFILE           file to sign
      --out OUTFILE         output file, not implement yet, output file will be INFILE.p7s

If the tssigner and tskey is set correctly, the timestamp reply will be add to the unsigned attributes section at the end of the cms file

cmssign combine

This command will add the timestamp reply to the unsigned attributes section at the end of the cms file

Usage: cmssign combine [-h] --cmsfile CMSFILE --tsfile TSFILE --out OUTFILE

--cmsfile: cms file
--tsfile: timestamp reply file
--out: specific the file to save the output

Example:

// Sign file with timestamp
cmssign sign --signer rootCA.crt --key rootCA.pem --tssigner tsa.crt --tskey tsa.pem --in file_go_sign

// sign with certificates and crls
cmssign sign --signer sign.crt --key sign_pri.pem  --signerCRL cacrl.crl --rootCRL rootcrl.crl --tssigner tsa.crt --tskey tsa.pem --tsCA ca.crt --in rootCA.crt

The certificate only support DER format

Reference

Cryptographic Message Syntax https://www.rfc-editor.org/rfc/rfc5652.html
Time-Stamp Protocol https://www.rfc-editor.org/rfc/rfc3161.txt

Project details

These details have not been verified by PyPI

Release history Release notifications | RSS feed

This version

0.0.5

Aug 1, 2024

0.0.4

Oct 6, 2022

0.0.3

Jun 4, 2022

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distribution

cmssign-0.0.5-py3-none-any.whl (5.4 MB view details)

Uploaded Aug 1, 2024 Python 3

File details

Details for the file cmssign-0.0.5-py3-none-any.whl.

File metadata

Download URL: cmssign-0.0.5-py3-none-any.whl
Upload date: Aug 1, 2024
Size: 5.4 MB
Tags: Python 3
Uploaded using Trusted Publishing? No
Uploaded via: twine/3.8.0 pkginfo/1.8.3 readme-renderer/34.0 requests/2.26.0 requests-toolbelt/0.10.1 urllib3/1.26.6 tqdm/4.64.1 importlib-metadata/4.8.3 keyring/23.4.1 rfc3986/1.5.0 colorama/0.4.5 CPython/3.6.9

File hashes

Hashes for cmssign-0.0.5-py3-none-any.whl
Algorithm	Hash digest
SHA256	`40d140c8dd15a46bca75b8e9ce96b9c4e0d87c908121e826461494976a390acb`
MD5	`8560bfbf3d9f435147bc24a708aea766`
BLAKE2b-256	`7fec9e8a758fa570c094eaaa0b1ec15ddaf18c5f296c080f46d2c459c0b6b0fd`