From: Chen-Yu Tsai <wens@kernel.org>
To: Bastian Germann <bage@debian.org>
Cc: linux-wireless@vger.kernel.org, wireless-regdb@lists.infradead.org
Subject: Re: [PATCH] wireless-regdb: Port RSA signing to cryptography lib
Date: Mon, 23 Mar 2026 13:07:55 +0800 [thread overview]
Message-ID: <CAGb2v64KgRdrSAbCXDh4nuqQa3Gftmdk8Nt7AmC4RFU28NoY6w@mail.gmail.com> (raw)
In-Reply-To: <20260125212622.28370-1-bage@debian.org>
On Mon, Jan 26, 2026 at 5:26 AM Bastian Germann <bage@debian.org> wrote:
>
> Port the RSA signing from the deprecated M2Crypto library to the
> cryptography library.
>
> M2Crypto is no longer actively maintained. The cryptography library is
> the recommended replacement, offering better maintenance.
>
> Remove unused hashlib import.
>
> Signed-off-by: Bastian Germann <bage@debian.org>
Sorry for getting to this just now. I somehow accidentally archived it,
so I ended up taking Ben Hutching's patch instead.
Thanks
ChenYu
> ---
> db2bin.py | 25 ++++++++++++++++---------
> 1 file changed, 16 insertions(+), 9 deletions(-)
>
> diff --git a/db2bin.py b/db2bin.py
> index 29ae313..a4fa3e5 100755
> --- a/db2bin.py
> +++ b/db2bin.py
> @@ -2,7 +2,6 @@
>
> from io import BytesIO, open
> import struct
> -import hashlib
> from dbparse import DBParser
> import sys
>
> @@ -125,19 +124,27 @@ if len(sys.argv) > 3:
> # Load RSA only now so people can use this script
> # without having those libraries installed to verify
> # their SQL changes
> - from M2Crypto import RSA
> + from cryptography.hazmat.primitives import hashes, serialization
> + from cryptography.hazmat.primitives.asymmetric import padding
> +
> + # load the private key
> + with open(sys.argv[3], 'rb') as key_file:
> + key = serialization.load_pem_private_key(key_file.read(), password=None)
>
> # determine signature length
> - key = RSA.load_key(sys.argv[3])
> - hash = hashlib.sha1()
> - hash.update(output.getvalue())
> - sig = key.sign(hash.digest())
> + sig = key.sign(
> + output.getvalue(),
> + padding.PKCS1v15(),
> + hashes.SHA1()
> + )
> # write it to file
> siglen.set(len(sig))
> # sign again
> - hash = hashlib.sha1()
> - hash.update(output.getvalue())
> - sig = key.sign(hash.digest())
> + sig = key.sign(
> + output.getvalue(),
> + padding.PKCS1v15(),
> + hashes.SHA1()
> + )
>
> output.write(sig)
> else:
>
prev parent reply other threads:[~2026-03-23 5:08 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-25 21:26 [PATCH] wireless-regdb: Port RSA signing to cryptography lib Bastian Germann
2026-03-23 5:07 ` Chen-Yu Tsai [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAGb2v64KgRdrSAbCXDh4nuqQa3Gftmdk8Nt7AmC4RFU28NoY6w@mail.gmail.com \
--to=wens@kernel.org \
--cc=bage@debian.org \
--cc=linux-wireless@vger.kernel.org \
--cc=wireless-regdb@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox