[tor-bugs] #5810 [Stem]: Implement verification of server descriptor
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Fri May 11 07:00:10 UTC 2012
#5810: Implement verification of server descriptor
-------------------------+--------------------------------------------------
Reporter: reganeet | Owner: reganeet
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Stem | Version:
Keywords: | Parent:
Points: | Actualpoints:
-------------------------+--------------------------------------------------
Comment(by reganeet):
Thanks Damian. It turns out the M2Crypto package downloaded from their
website does not work with Ubuntu, but the distribution in Ubuntu's
repository is good.
However, after playing with it for several hours, I found out that
M2Crypto only support PEM format keys in X.509 standard but not in PKCS,
and the public keys in server descriptors are encoded in PKCS. They have
slightly different headers: X.509 keys starts with "-----BEGIN PUBLIC
KEY-----", while PKCS keys starts with "-----BEGIN RSA PUBLIC KEY-----".
The content is also represented in different ways, so simply changing the
header won't work [1].
{{{
>> from M2Crypto import RSA, BIO
>> bio = BIO.MemoryBuffer(descriptor.signing_key)
>> rsa = RSA.load_pub_key_bio(bio)
M2Crypto.RSA.RSAError: no start line
}}}
I'm looking for a substitute of M2Crypto now.
[1] http://www.cryptosys.net/pki/rsakeyformats.html
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5810#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list