实际上
OpenSSL.crypto,尽管使用了一些内部方法,我最终还是通过解决了这个问题:
from OpenSSL import cryptoPKCS7_NOSIGS = 0x4 # defined in pkcs7.hdef create_embeded_pkcs7_signature(data, cert, key): """ Creates an embeded ("nodetached") pkcs7 signature. This is equivalent to the output of:: openssl smime -sign -signer cert -inkey key -outform DER -nodetach < data:type data: bytes :type cert: str :type key: str """ # noqa: E501 assert isinstance(data, bytes) assert isinstance(cert, str) try: pkey = crypto.load_privatekey(crypto.FILETYPE_PEM, key) signcert = crypto.load_certificate(crypto.FILETYPE_PEM, cert) except crypto.Error as e: raise ValueError('Certificates files are invalid') from e bio_in = crypto._new_mem_buf(data) pkcs7 = crypto._lib.PKCS7_sign( signcert._x509, pkey._pkey, crypto._ffi.NULL, bio_in, PKCS7_NOSIGS ) bio_out = crypto._new_mem_buf() crypto._lib.i2d_PKCS7_bio(bio_out, pkcs7) signed_data = crypto._bio_to_string(bio_out) return signed_data
