From 188567a42942dba1078ac7384ee9d9fe864594fa Mon Sep 17 00:00:00 2001 From: Timotej Lazar Date: Tue, 16 Jan 2024 21:51:47 +0100 Subject: [PATCH] Report error when signing fails --- margfools | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/margfools b/margfools index 71634ad..cf4de00 100755 --- a/margfools +++ b/margfools @@ -15,12 +15,12 @@ import getpass # use requests instead of urllib.request for keep-alive connection import requests -def sign(data, key, pin=None, engine=None): +def sign(b64data, key, pin=None, engine=None): if engine is None: # key in file cmd = ['openssl', 'pkeyutl', '-sign', '-inkey', key, '-pkeyopt', 'digest:sha256'] - raw_data = base64.b64decode(data) env = None + data = base64.b64decode(b64data) elif engine == 'pkcs11': # key on smartcard digest_info = { # from RFC 3447 @@ -33,8 +33,12 @@ def sign(data, key, pin=None, engine=None): } cmd = ['pkcs11-tool', '--id', key, '-s', '-m', 'RSA-PKCS', '-p', 'env:PIN'] env = {'PIN': pin} - raw_data = bytes.fromhex(digest_info['SHA-256']) + base64.b64decode(data) - p = subprocess.run(cmd, env=env, input=raw_data, capture_output=True) + data = bytes.fromhex(digest_info['SHA-256']) + base64.b64decode(b64data) + + p = subprocess.run(cmd, env=env, input=data, capture_output=True) + if p.returncode != 0: + raise RuntimeError('could not sign data') + return base64.b64encode(p.stdout).decode() if __name__ == '__main__':