MessageVerifier Class
Properties Methods Events Configuration Settings Errors
The MessageVerifier class verifies digital signatures of data stored in the PKCS#7 format.
Syntax
class secureblackbox.MessageVerifier
Remarks
PKCS#7 (Public Key Cryptography Standard #7) is a common format used to store encrypted and signed data. It is used by a variety of protocols, including S/MIME and CMS.
Property List
The following is the full list of the properties of the class with short descriptions. Click on the links for further details.
| cert_count | The number of records in the Cert arrays. |
| cert_bytes | Returns raw certificate data in DER format. |
| cert_ca | Indicates whether the certificate has a CA capability (a setting in BasicConstraints extension). |
| cert_ca_key_id | A unique identifier (fingerprint) of the CA certificate's private key. |
| cert_crl_distribution_points | Locations of the CRL (Certificate Revocation List) distribution points used to check this certificate's validity. |
| cert_curve | Specifies the elliptic curve of the EC public key. |
| cert_fingerprint | Contains the fingerprint (a hash imprint) of this certificate. |
| cert_friendly_name | Contains an associated alias (friendly name) of the certificate. |
| cert_handle | Allows to get or set a 'handle', a unique identifier of the underlying property object. |
| cert_hash_algorithm | Specifies the hash algorithm to be used in the operations on the certificate (such as key signing) SB_HASH_ALGORITHM_SHA1 SHA1 SB_HASH_ALGORITHM_SHA224 SHA224 SB_HASH_ALGORITHM_SHA256 SHA256 SB_HASH_ALGORITHM_SHA384 SHA384 SB_HASH_ALGORITHM_SHA512 SHA512 SB_HASH_ALGORITHM_MD2 MD2 SB_HASH_ALGORITHM_MD4 MD4 SB_HASH_ALGORITHM_MD5 MD5 SB_HASH_ALGORITHM_RIPEMD160 RIPEMD160 SB_HASH_ALGORITHM_CRC32 CRC32 SB_HASH_ALGORITHM_SSL3 SSL3 SB_HASH_ALGORITHM_GOST_R3411_1994 GOST1994 SB_HASH_ALGORITHM_WHIRLPOOL WHIRLPOOL SB_HASH_ALGORITHM_POLY1305 POLY1305 SB_HASH_ALGORITHM_SHA3_224 SHA3_224 SB_HASH_ALGORITHM_SHA3_256 SHA3_256 SB_HASH_ALGORITHM_SHA3_384 SHA3_384 SB_HASH_ALGORITHM_SHA3_512 SHA3_512 SB_HASH_ALGORITHM_BLAKE2S_128 BLAKE2S_128 SB_HASH_ALGORITHM_BLAKE2S_160 BLAKE2S_160 SB_HASH_ALGORITHM_BLAKE2S_224 BLAKE2S_224 SB_HASH_ALGORITHM_BLAKE2S_256 BLAKE2S_256 SB_HASH_ALGORITHM_BLAKE2B_160 BLAKE2B_160 SB_HASH_ALGORITHM_BLAKE2B_256 BLAKE2B_256 SB_HASH_ALGORITHM_BLAKE2B_384 BLAKE2B_384 SB_HASH_ALGORITHM_BLAKE2B_512 BLAKE2B_512 SB_HASH_ALGORITHM_SHAKE_128 SHAKE_128 SB_HASH_ALGORITHM_SHAKE_256 SHAKE_256 SB_HASH_ALGORITHM_SHAKE_128_LEN SHAKE_128_LEN SB_HASH_ALGORITHM_SHAKE_256_LEN SHAKE_256_LEN . |
| cert_issuer | The common name of the certificate issuer (CA), typically a company name. |
| cert_issuer_rdn | A collection of information, in the form of [OID, Value] pairs, uniquely identifying the certificate issuer. |
| cert_key_algorithm | Specifies the public key algorithm of this certificate. |
| cert_key_bits | Returns the length of the public key. |
| cert_key_fingerprint | Returns a fingerprint of the public key contained in the certificate. |
| cert_key_usage | Indicates the purposes of the key contained in the certificate, in the form of an OR'ed flag set. |
| cert_key_valid | Returns True if the certificate's key is cryptographically valid, and False otherwise. |
| cert_ocsp_locations | Locations of OCSP (Online Certificate Status Protocol) services that can be used to check this certificate's validity, as recorded by the CA. |
| cert_policy_i_ds | Contains identifiers (OIDs) of the applicable certificate policies. |
| cert_public_key_bytes | Contains the certificate's public key in DER format. |
| cert_self_signed | Indicates whether the certificate is self-signed (root) or signed by an external CA. |
| cert_serial_number | Returns the certificate's serial number. |
| cert_sig_algorithm | Indicates the algorithm that was used by the CA to sign this certificate. |
| cert_subject | The common name of the certificate holder, typically an individual's name, a URL, an e-mail address, or a company name. |
| cert_subject_key_id | Contains a unique identifier (fingerprint) of the certificate's private key. |
| cert_subject_rdn | A collection of information, in the form of [OID, Value] pairs, uniquely identifying the certificate holder (subject). |
| cert_valid_from | The time point at which the certificate becomes valid, in UTC. |
| cert_valid_to | The time point at which the certificate expires, in UTC. |
| claimed_signing_time | Returns a signature's claimed signing time. |
| content_type | A content type property of the signed message. |
| data_bytes | Use this property to pass the original signed data to class in the byte array form. |
| data_file | The name of the file containing the original signed data. |
| hash_algorithm | Hash algorithm which was used to calculate the signature. |
| input_bytes | Use this property to pass the input to class in the byte array form. |
| input_file | Path to the file containing the signed message. |
| known_cert_count | The number of records in the KnownCert arrays. |
| known_cert_bytes | Returns raw certificate data in DER format. |
| known_cert_handle | Allows to get or set a 'handle', a unique identifier of the underlying property object. |
| output_bytes | Use this property to read the output the class object has produced. |
| output_file | Path to the file to save the extracted data to. |
| signature_validation_result | The signature validation result. |
| signed_attribute_count | The number of records in the SignedAttribute arrays. |
| signed_attribute_oid | The object identifier of the attribute. |
| signed_attribute_value | The value of the attribute. |
| signing_cert_bytes | Returns raw certificate data in DER format. |
| signing_cert_ca | Indicates whether the certificate has a CA capability (a setting in BasicConstraints extension). |
| signing_cert_ca_key_id | A unique identifier (fingerprint) of the CA certificate's private key. |
| signing_cert_crl_distribution_points | Locations of the CRL (Certificate Revocation List) distribution points used to check this certificate's validity. |
| signing_cert_curve | Specifies the elliptic curve of the EC public key. |
| signing_cert_fingerprint | Contains the fingerprint (a hash imprint) of this certificate. |
| signing_cert_friendly_name | Contains an associated alias (friendly name) of the certificate. |
| signing_cert_handle | Allows to get or set a 'handle', a unique identifier of the underlying property object. |
| signing_cert_hash_algorithm | Specifies the hash algorithm to be used in the operations on the certificate (such as key signing) SB_HASH_ALGORITHM_SHA1 SHA1 SB_HASH_ALGORITHM_SHA224 SHA224 SB_HASH_ALGORITHM_SHA256 SHA256 SB_HASH_ALGORITHM_SHA384 SHA384 SB_HASH_ALGORITHM_SHA512 SHA512 SB_HASH_ALGORITHM_MD2 MD2 SB_HASH_ALGORITHM_MD4 MD4 SB_HASH_ALGORITHM_MD5 MD5 SB_HASH_ALGORITHM_RIPEMD160 RIPEMD160 SB_HASH_ALGORITHM_CRC32 CRC32 SB_HASH_ALGORITHM_SSL3 SSL3 SB_HASH_ALGORITHM_GOST_R3411_1994 GOST1994 SB_HASH_ALGORITHM_WHIRLPOOL WHIRLPOOL SB_HASH_ALGORITHM_POLY1305 POLY1305 SB_HASH_ALGORITHM_SHA3_224 SHA3_224 SB_HASH_ALGORITHM_SHA3_256 SHA3_256 SB_HASH_ALGORITHM_SHA3_384 SHA3_384 SB_HASH_ALGORITHM_SHA3_512 SHA3_512 SB_HASH_ALGORITHM_BLAKE2S_128 BLAKE2S_128 SB_HASH_ALGORITHM_BLAKE2S_160 BLAKE2S_160 SB_HASH_ALGORITHM_BLAKE2S_224 BLAKE2S_224 SB_HASH_ALGORITHM_BLAKE2S_256 BLAKE2S_256 SB_HASH_ALGORITHM_BLAKE2B_160 BLAKE2B_160 SB_HASH_ALGORITHM_BLAKE2B_256 BLAKE2B_256 SB_HASH_ALGORITHM_BLAKE2B_384 BLAKE2B_384 SB_HASH_ALGORITHM_BLAKE2B_512 BLAKE2B_512 SB_HASH_ALGORITHM_SHAKE_128 SHAKE_128 SB_HASH_ALGORITHM_SHAKE_256 SHAKE_256 SB_HASH_ALGORITHM_SHAKE_128_LEN SHAKE_128_LEN SB_HASH_ALGORITHM_SHAKE_256_LEN SHAKE_256_LEN . |
| signing_cert_issuer | The common name of the certificate issuer (CA), typically a company name. |
| signing_cert_issuer_rdn | A collection of information, in the form of [OID, Value] pairs, uniquely identifying the certificate issuer. |
| signing_cert_key_algorithm | Specifies the public key algorithm of this certificate. |
| signing_cert_key_bits | Returns the length of the public key. |
| signing_cert_key_fingerprint | Returns a fingerprint of the public key contained in the certificate. |
| signing_cert_key_usage | Indicates the purposes of the key contained in the certificate, in the form of an OR'ed flag set. |
| signing_cert_key_valid | Returns True if the certificate's key is cryptographically valid, and False otherwise. |
| signing_cert_ocsp_locations | Locations of OCSP (Online Certificate Status Protocol) services that can be used to check this certificate's validity, as recorded by the CA. |
| signing_cert_origin | Returns the origin of this certificate. |
| signing_cert_policy_i_ds | Contains identifiers (OIDs) of the applicable certificate policies. |
| signing_cert_private_key_bytes | Contains the certificate's private key. |
| signing_cert_private_key_exists | Indicates whether the certificate has an associated private key. |
| signing_cert_private_key_extractable | Indicates whether the private key is extractable. |
| signing_cert_public_key_bytes | Contains the certificate's public key in DER format. |
| signing_cert_self_signed | Indicates whether the certificate is self-signed (root) or signed by an external CA. |
| signing_cert_serial_number | Returns the certificate's serial number. |
| signing_cert_sig_algorithm | Indicates the algorithm that was used by the CA to sign this certificate. |
| signing_cert_subject | The common name of the certificate holder, typically an individual's name, a URL, an e-mail address, or a company name. |
| signing_cert_subject_key_id | Contains a unique identifier (fingerprint) of the certificate's private key. |
| signing_cert_subject_rdn | A collection of information, in the form of [OID, Value] pairs, uniquely identifying the certificate holder (subject). |
| signing_cert_valid_from | The time point at which the certificate becomes valid, in UTC. |
| signing_cert_valid_to | The time point at which the certificate expires, in UTC. |
| timestamp_accuracy | This property indicates the accuracy of the included time mark, in microseconds. |
| timestamp_bytes | Returns raw timestamp data in DER format. |
| timestamp_chain_validation_details | The details of a certificate chain validation outcome. |
| timestamp_chain_validation_result | The outcome of a certificate chain validation routine. |
| timestamp_hash_algorithm | Returns the timestamp's hash algorithm SB_HASH_ALGORITHM_SHA1 SHA1 SB_HASH_ALGORITHM_SHA224 SHA224 SB_HASH_ALGORITHM_SHA256 SHA256 SB_HASH_ALGORITHM_SHA384 SHA384 SB_HASH_ALGORITHM_SHA512 SHA512 SB_HASH_ALGORITHM_MD2 MD2 SB_HASH_ALGORITHM_MD4 MD4 SB_HASH_ALGORITHM_MD5 MD5 SB_HASH_ALGORITHM_RIPEMD160 RIPEMD160 SB_HASH_ALGORITHM_CRC32 CRC32 SB_HASH_ALGORITHM_SSL3 SSL3 SB_HASH_ALGORITHM_GOST_R3411_1994 GOST1994 SB_HASH_ALGORITHM_WHIRLPOOL WHIRLPOOL SB_HASH_ALGORITHM_POLY1305 POLY1305 SB_HASH_ALGORITHM_SHA3_224 SHA3_224 SB_HASH_ALGORITHM_SHA3_256 SHA3_256 SB_HASH_ALGORITHM_SHA3_384 SHA3_384 SB_HASH_ALGORITHM_SHA3_512 SHA3_512 SB_HASH_ALGORITHM_BLAKE2S_128 BLAKE2S_128 SB_HASH_ALGORITHM_BLAKE2S_160 BLAKE2S_160 SB_HASH_ALGORITHM_BLAKE2S_224 BLAKE2S_224 SB_HASH_ALGORITHM_BLAKE2S_256 BLAKE2S_256 SB_HASH_ALGORITHM_BLAKE2B_160 BLAKE2B_160 SB_HASH_ALGORITHM_BLAKE2B_256 BLAKE2B_256 SB_HASH_ALGORITHM_BLAKE2B_384 BLAKE2B_384 SB_HASH_ALGORITHM_BLAKE2B_512 BLAKE2B_512 SB_HASH_ALGORITHM_SHAKE_128 SHAKE_128 SB_HASH_ALGORITHM_SHAKE_256 SHAKE_256 SB_HASH_ALGORITHM_SHAKE_128_LEN SHAKE_128_LEN SB_HASH_ALGORITHM_SHAKE_256_LEN SHAKE_256_LEN . |
| timestamp_serial_number | Returns the timestamp's serial number. |
| timestamp_time | The time point incorporated into the timestamp. |
| timestamp_timestamp_type | Returns the timestamp type. |
| timestamp_tsa_name | This value uniquely identifies the Timestamp Authority (TSA). |
| timestamp_validation_log | Contains the TSA certificate chain validation log. |
| timestamp_validation_result | Contains timestamp validation outcome. |
| timestamped | Indicates whether or not the signature is timestamped. |
| tsa_cert_bytes | Returns raw certificate data in DER format. |
| tsa_cert_ca | Indicates whether the certificate has a CA capability (a setting in BasicConstraints extension). |
| tsa_cert_ca_key_id | A unique identifier (fingerprint) of the CA certificate's private key. |
| tsa_cert_crl_distribution_points | Locations of the CRL (Certificate Revocation List) distribution points used to check this certificate's validity. |
| tsa_cert_curve | Specifies the elliptic curve of the EC public key. |
| tsa_cert_fingerprint | Contains the fingerprint (a hash imprint) of this certificate. |
| tsa_cert_friendly_name | Contains an associated alias (friendly name) of the certificate. |
| tsa_cert_handle | Allows to get or set a 'handle', a unique identifier of the underlying property object. |
| tsa_cert_hash_algorithm | Specifies the hash algorithm to be used in the operations on the certificate (such as key signing) SB_HASH_ALGORITHM_SHA1 SHA1 SB_HASH_ALGORITHM_SHA224 SHA224 SB_HASH_ALGORITHM_SHA256 SHA256 SB_HASH_ALGORITHM_SHA384 SHA384 SB_HASH_ALGORITHM_SHA512 SHA512 SB_HASH_ALGORITHM_MD2 MD2 SB_HASH_ALGORITHM_MD4 MD4 SB_HASH_ALGORITHM_MD5 MD5 SB_HASH_ALGORITHM_RIPEMD160 RIPEMD160 SB_HASH_ALGORITHM_CRC32 CRC32 SB_HASH_ALGORITHM_SSL3 SSL3 SB_HASH_ALGORITHM_GOST_R3411_1994 GOST1994 SB_HASH_ALGORITHM_WHIRLPOOL WHIRLPOOL SB_HASH_ALGORITHM_POLY1305 POLY1305 SB_HASH_ALGORITHM_SHA3_224 SHA3_224 SB_HASH_ALGORITHM_SHA3_256 SHA3_256 SB_HASH_ALGORITHM_SHA3_384 SHA3_384 SB_HASH_ALGORITHM_SHA3_512 SHA3_512 SB_HASH_ALGORITHM_BLAKE2S_128 BLAKE2S_128 SB_HASH_ALGORITHM_BLAKE2S_160 BLAKE2S_160 SB_HASH_ALGORITHM_BLAKE2S_224 BLAKE2S_224 SB_HASH_ALGORITHM_BLAKE2S_256 BLAKE2S_256 SB_HASH_ALGORITHM_BLAKE2B_160 BLAKE2B_160 SB_HASH_ALGORITHM_BLAKE2B_256 BLAKE2B_256 SB_HASH_ALGORITHM_BLAKE2B_384 BLAKE2B_384 SB_HASH_ALGORITHM_BLAKE2B_512 BLAKE2B_512 SB_HASH_ALGORITHM_SHAKE_128 SHAKE_128 SB_HASH_ALGORITHM_SHAKE_256 SHAKE_256 SB_HASH_ALGORITHM_SHAKE_128_LEN SHAKE_128_LEN SB_HASH_ALGORITHM_SHAKE_256_LEN SHAKE_256_LEN . |
| tsa_cert_issuer | The common name of the certificate issuer (CA), typically a company name. |
| tsa_cert_issuer_rdn | A collection of information, in the form of [OID, Value] pairs, uniquely identifying the certificate issuer. |
| tsa_cert_key_algorithm | Specifies the public key algorithm of this certificate. |
| tsa_cert_key_bits | Returns the length of the public key. |
| tsa_cert_key_fingerprint | Returns a fingerprint of the public key contained in the certificate. |
| tsa_cert_key_usage | Indicates the purposes of the key contained in the certificate, in the form of an OR'ed flag set. |
| tsa_cert_key_valid | Returns True if the certificate's key is cryptographically valid, and False otherwise. |
| tsa_cert_ocsp_locations | Locations of OCSP (Online Certificate Status Protocol) services that can be used to check this certificate's validity, as recorded by the CA. |
| tsa_cert_policy_i_ds | Contains identifiers (OIDs) of the applicable certificate policies. |
| tsa_cert_public_key_bytes | Contains the certificate's public key in DER format. |
| tsa_cert_self_signed | Indicates whether the certificate is self-signed (root) or signed by an external CA. |
| tsa_cert_serial_number | Returns the certificate's serial number. |
| tsa_cert_sig_algorithm | Indicates the algorithm that was used by the CA to sign this certificate. |
| tsa_cert_subject | The common name of the certificate holder, typically an individual's name, a URL, an e-mail address, or a company name. |
| tsa_cert_subject_key_id | Contains a unique identifier (fingerprint) of the certificate's private key. |
| tsa_cert_subject_rdn | A collection of information, in the form of [OID, Value] pairs, uniquely identifying the certificate holder (subject). |
| tsa_cert_valid_from | The time point at which the certificate becomes valid, in UTC. |
| tsa_cert_valid_to | The time point at which the certificate expires, in UTC. |
| unsigned_attribute_count | The number of records in the UnsignedAttribute arrays. |
| unsigned_attribute_oid | The object identifier of the attribute. |
| unsigned_attribute_value | The value of the attribute. |
| validated_signing_time | Contains the certified signing time. |
Method List
The following is the full list of the methods of the class with short descriptions. Click on the links for further details.
| config | Sets or retrieves a configuration setting. |
| get_signature_type | Determines the signature kind. |
| verify | Verifies digitally signed data. |
| verify_detached | Verifies a detached signature. |
Event List
The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.
| on_error | Information about errors during PKCS#7 message verification. |
| on_notification | This event notifies the application about an underlying control flow event. |
| on_signature_found | Signifies the start of signature validation. |
| on_signature_validated | Marks the completion of the signature validation routine. |
| on_timestamp_found | Signifies the start of a timestamp validation routine. |
| on_timestamp_validated | Reports the completion of the timestamp validation routine. |
Configuration Settings
The following is a list of configuration settings for the class with short descriptions. Click on the links for further details.
| TempPath | Path for storing temporary files. |
| CheckKeyIntegrityBeforeUse | Enables or disable private key integrity check before use. |
| CookieCaching | Specifies whether a cookie cache should be used for HTTP(S) transports. |
| Cookies | Gets or sets local cookies for the class (supported for HTTPClient, RESTClient and SOAPClient only). |
| DefDeriveKeyIterations | Specifies the default key derivation algorithm iteration count. |
| EnableClientSideSSLFFDHE | Enables or disables finite field DHE key exchange support in TLS clients. |
| GlobalCookies | Gets or sets global cookies for all the HTTP transports. |
| HttpUserAgent | Specifies the user agent name to be used by all HTTP clients. |
| LogDestination | Specifies the debug log destination. |
| LogDetails | Specifies the debug log details to dump. |
| LogFile | Specifies the debug log filename. |
| LogFilters | Specifies the debug log filters. |
| LogFlushMode | Specifies the log flush mode. |
| LogLevel | Specifies the debug log level. |
| LogMaxEventCount | Specifies the maximum number of events to cache before further action is taken. |
| LogRotationMode | Specifies the log rotation mode. |
| MaxASN1BufferLength | Specifies the maximal allowed length for ASN.1 primitive tag data. |
| MaxASN1TreeDepth | Specifies the maximal depth for processed ASN.1 trees. |
| OCSPHashAlgorithm | Specifies the hash algorithm to be used to identify certificates in OCSP requests. |
| UseOwnDNSResolver | Specifies whether the client classes should use own DNS resolver. |
| UseSharedSystemStorages | Specifies whether the validation engine should use a global per-process copy of the system certificate stores. |
| UseSystemOAEPAndPSS | Enforces or disables the use of system-driven RSA OAEP and PSS computations. |
| UseSystemRandom | Enables or disables the use of the OS PRNG. |