使用自签名证书和basic128rsa15加密的Python opc ua通信
我想通过python opcua库与使用Basic128Rsa15加密的opcua服务器通信使用自签名证书和basic128rsa15加密的Python opc ua通信,python,encryption,opc-ua,Python,Encryption,Opc Ua,我想通过python opcua库与使用Basic128Rsa15加密的opcua服务器通信 client.set_security_string("Basic128Rsa15," "SignAndEncrypt," "cert.pem," "key.pem") 我使用Basic256Sha256加密与Pros
client.set_security_string("Basic128Rsa15,"
"SignAndEncrypt,"
"cert.pem,"
"key.pem")
我使用Basic256Sha256加密与Prosys服务器进行了相同的通信,一切正常。使用Basic128Rsa15(使用KEPserver),我得到以下错误:
In [19]: runfile('opcuaclient.py', wdir='/home/di29394/fue4bfi/python/fuere4bfi')
DEPRECATED! Do not use SecurityPolicyBasic128Rsa15 anymore!
Received an error: MessageAbort(error:StatusCode(BadSecurityChecksFailed), reason:An error occurred verifying security.)
Received an error: MessageAbort(error:StatusCode(BadSecurityChecksFailed), reason:An error occurred verifying security.)
Protocol Error
Traceback (most recent call last):
File "/usr/local/lib/python3.6/dist-packages/opcua/client/ua_client.py", line 101, in _run
self._receive()
File "/usr/local/lib/python3.6/dist-packages/opcua/client/ua_client.py", line 121, in _receive
self._call_callback(0, ua.UaStatusCodeError(msg.Error.value))
File "/usr/local/lib/python3.6/dist-packages/opcua/client/ua_client.py", line 131, in _call_callback
.format(request_id, self._callbackmap.keys())
opcua.ua.uaerrors._base.UaError: No future object found for request: 0, callbacks in list are
Traceback (most recent call last):
File "<ipython-input-18-4187edd51b2b>", line 1, in <module>
runfile('opcuaclient.py', wdir='/home/opcuauser')
File "/usr/lib/python3/dist-packages/spyder/utils/site/sitecustomize.py", line 705, in runfile
execfile(filename, namespace)
File "/usr/lib/python3/dist-packages/spyder/utils/site/sitecustomize.py", line 102, in execfile
exec(compile(f.read(), filename, 'exec'), namespace)
File "opcuaclient.py", line 57, in <module>
connected = client.connect()
File "/usr/local/lib/python3.6/dist-packages/opcua/client/client.py", line 259, in connect
self.open_secure_channel()
File "/usr/local/lib/python3.6/dist-packages/opcua/client/client.py", line 309, in open_secure_channel
result = self.uaclient.open_secure_channel(params)
File "/usr/local/lib/python3.6/dist-packages/opcua/client/ua_client.py", line 265, in open_secure_channel
return self._uasocket.open_secure_channel(params)
File "/usr/local/lib/python3.6/dist-packages/opcua/client/ua_client.py", line 199, in open_secure_channel
response = struct_from_binary(ua.OpenSecureChannelResponse, future.result(self.timeout))
File "/usr/lib/python3.6/concurrent/futures/_base.py", line 430, in result
raise CancelledError()
CancelledError
我是否必须根据Basic128Rsa15更改证书生成,或者是否存在其他问题
提前感谢。错误信息实际上非常清楚 不赞成!不再使用SecurityPolicyBasic128Rsa15
<强> Basic 128RSA15 <强>不再被OPC基金会认为是安全的,建议弃用。
资料来源: 可能有一个选项仍然可以在KEPServerEx中使用它,但我不建议将它用于与测试不同的用途注释:<强> Basic 256<强>也被OPC基金会认为过时了,最小推荐的OPC UA安全策略则是<强> Basic 256Sa256 < /强> ./P> 一些OPC UA客户端和服务器已经支持最新和更安全的安全策略:
- AES128SHA256RSOAEP
- Aes256Sha256RsaPss
cert = (
x509.CertificateBuilder()
.subject_name(name)
.issuer_name(name)
.public_key(key.public_key())
.serial_number(1000)
.not_valid_before(now)
.not_valid_after(now + timedelta(days=10*365)) # ggf. auch dynamisch machen
.add_extension(basic_contraints, False)
.add_extension(san, False)
.sign(key, hashes.SHA256(), default_backend())