django-signature 0.3.1

特点：

• PKI :
  • Generate (or load) RSA keys and store them in Django models
  • Generate x509 certificates and store them in Django models
  • Load x509 certificat and find relations with other Certificates and Keys
  • Generate (or load) x509 Requests and store them in Django models
  • Generate self-signed x509 for root CA
  • Verify certificate chain (with CRLs)
  • Sign Certificate Requests
• Digital signature
  • Sign/verify text with PKCS#7 standard
  • Sign/verify simple modelswith PKCS#7 standard
  • Support FileField (with sha512 digest)
• Good test coverage

待办事项：

• Sign complex models
• Generate indexes with OpenSSL.generate_index()
• Improve configuration
• Cert load with renew
• … and much more

示例：

有一个简单的pki示例：

from signature.models import Key, Certificate, CertificateRequest
from datetime import datetime

ca_pwd = "R00tz"
c_pwd = "1234"

# CA and Client keys
ca_key = Key.generate(ca_pwd)
c_key = Key.generate(c_pwd)

# CA Cert
ca_cert = Certificate()
ca_cert.CN = "Admin"
ca_cert.C = "FR"
ca_cert.key = ca_key
ca_cert.days = 150
ca_cert.is_ca = True
ca_cert.generate_x509_root(ca_pwd)
ca_cert.save()

# Client's request
rqst = CertificateRequest()
rqst.CN = "World Company"
rqst.C = "FR"
rqst.key = c_key
rqst.sign_request(c_pwd)
rqst.save()

# Sign client's request and return certificate
# (you can give to Client's certificate CA capabilities with ca=True)
c_cert = ca_cert.sign_request(rqst, 150, ca_pwd, ca=False)

# Verify created certificate :
c_cert.check()

# Revoke certificate :
c_cert.revoke(c_cert, ca_pwd)

# Import a Key / Certificate:
imported = Key.new_from_pem(pem_str, passphrase="gigowatt", user=None)
imported = Certificate.new_from_pem(pem_str)

有关更多示例，请参见signaturepkitestcase into tests/test_project/apps/testapp/tests.py

有一个简单的签名示例：

# Sign Text
text = "This is a data"
data_signed = c_cert.sign_text(text, c_pwd)
result = c_cert.verify_smime(data_signed)

# Sign Model (get text)
auth1 = Author(name="Raymond E. Feist", title="MR")
data_signed = c_cert.sign_model(auth1, c_pwd)
result = c_cert.verify_smime(data_signed)

# Sign Model (get Signature)
auth1 = Author(name="Raymond E. Feist", title="MR")
signed = c_cert.make_signature(auth1, self.c_pwd)
signed.check_pkcs7(signed)

有关更多示例，请参见signatureTestCase into tests/test_project/apps/testapp/tests.py

测试：

• cd tests
• python bootstrap.py
• ./bin/buildout.py -v
• ./bin/test-1.2 or ./bin/test-1.1

要求：

• M2Crypto : http://chandlerproject.org/Projects/MeTooCrypto
• Django >= 1.1
• Openssl