[PATCH] wireless-regdb: Port RSA signing to cryptography lib

[PATCH] wireless-regdb: Port RSA signing to cryptography lib

[Bastian Germann]

Port the RSA signing from the deprecated M2Crypto library to the
cryptography library.

M2Crypto is no longer actively maintained. The cryptography library is
the recommended replacement, offering better maintenance.

Remove unused hashlib import.

Signed-off-by: Bastian Germann <bage@debian.org>
---
 db2bin.py | 25 ++++++++++++++++---------
 1 file changed, 16 insertions(+), 9 deletions(-)

diff --git a/db2bin.py b/db2bin.py
index 29ae313..a4fa3e5 100755
--- a/db2bin.py
+++ b/db2bin.py
@@ -2,7 +2,6 @@
 
 from io import BytesIO, open
 import struct
-import hashlib
 from dbparse import DBParser
 import sys
 
@@ -125,19 +124,27 @@ if len(sys.argv) > 3:
     # Load RSA only now so people can use this script
     # without having those libraries installed to verify
     # their SQL changes
-    from M2Crypto import RSA
+    from cryptography.hazmat.primitives import hashes, serialization
+    from cryptography.hazmat.primitives.asymmetric import padding
+
+    # load the private key
+    with open(sys.argv[3], 'rb') as key_file:
+        key = serialization.load_pem_private_key(key_file.read(), password=None)
 
     # determine signature length
-    key = RSA.load_key(sys.argv[3])
-    hash = hashlib.sha1()
-    hash.update(output.getvalue())
-    sig = key.sign(hash.digest())
+    sig = key.sign(
+        output.getvalue(),
+        padding.PKCS1v15(),
+        hashes.SHA1()
+    )
     # write it to file
     siglen.set(len(sig))
     # sign again
-    hash = hashlib.sha1()
-    hash.update(output.getvalue())
-    sig = key.sign(hash.digest())
+    sig = key.sign(
+        output.getvalue(),
+        padding.PKCS1v15(),
+        hashes.SHA1()
+    )
 
     output.write(sig)
 else:

Re: [PATCH] wireless-regdb: Port RSA signing to cryptography lib

[Chen-Yu Tsai]

On Mon, Jan 26, 2026 at 5:26 AM Bastian Germann <bage@debian.org> wrote:
>
> Port the RSA signing from the deprecated M2Crypto library to the
> cryptography library.
>
> M2Crypto is no longer actively maintained. The cryptography library is
> the recommended replacement, offering better maintenance.
>
> Remove unused hashlib import.
>
> Signed-off-by: Bastian Germann <bage@debian.org>

Sorry for getting to this just now. I somehow accidentally archived it,
so I ended up taking Ben Hutching's patch instead.


Thanks
ChenYu

> ---
>  db2bin.py | 25 ++++++++++++++++---------
>  1 file changed, 16 insertions(+), 9 deletions(-)
>
> diff --git a/db2bin.py b/db2bin.py
> index 29ae313..a4fa3e5 100755
> --- a/db2bin.py
> +++ b/db2bin.py
> @@ -2,7 +2,6 @@
>
>  from io import BytesIO, open
>  import struct
> -import hashlib
>  from dbparse import DBParser
>  import sys
>
> @@ -125,19 +124,27 @@ if len(sys.argv) > 3:
>      # Load RSA only now so people can use this script
>      # without having those libraries installed to verify
>      # their SQL changes
> -    from M2Crypto import RSA
> +    from cryptography.hazmat.primitives import hashes, serialization
> +    from cryptography.hazmat.primitives.asymmetric import padding
> +
> +    # load the private key
> +    with open(sys.argv[3], 'rb') as key_file:
> +        key = serialization.load_pem_private_key(key_file.read(), password=None)
>
>      # determine signature length
> -    key = RSA.load_key(sys.argv[3])
> -    hash = hashlib.sha1()
> -    hash.update(output.getvalue())
> -    sig = key.sign(hash.digest())
> +    sig = key.sign(
> +        output.getvalue(),
> +        padding.PKCS1v15(),
> +        hashes.SHA1()
> +    )
>      # write it to file
>      siglen.set(len(sig))
>      # sign again
> -    hash = hashlib.sha1()
> -    hash.update(output.getvalue())
> -    sig = key.sign(hash.digest())
> +    sig = key.sign(
> +        output.getvalue(),
> +        padding.PKCS1v15(),
> +        hashes.SHA1()
> +    )
>
>      output.write(sig)
>  else:
>