My inclination for doing this kind of thing would be to use PyOpenSSL or a similar wrapper to do an S/MIME sign/verify on each side. Encryption using AES if necessary. I'd be inclined to do this for a couple reasons:
1) If there's anything my grad crypto class taught me it's that RSA, specifically padding, is the most god-forsaken idea ever created by man and you will never, ever, ever, ever get it right. If the words RSA are in your code you are in deep shit.
2) S/MIME seems to be a simpler system than any certificate system I have seen. X.509 is an unholy mess. In fact, all PKI is just a complicated disaster waiting to happen.
3) Super simple API -- it can even be done on the command line.
Is there something different you'd recommend?
Edit: Actually, I just thought of another option. GPG has a --sign and --verify option. If GPG can be installed on the system it may be worth trying to integrate that.
1) If there's anything my grad crypto class taught me it's that RSA, specifically padding, is the most god-forsaken idea ever created by man and you will never, ever, ever, ever get it right. If the words RSA are in your code you are in deep shit.
2) S/MIME seems to be a simpler system than any certificate system I have seen. X.509 is an unholy mess. In fact, all PKI is just a complicated disaster waiting to happen.
3) Super simple API -- it can even be done on the command line.
Is there something different you'd recommend?
Edit: Actually, I just thought of another option. GPG has a --sign and --verify option. If GPG can be installed on the system it may be worth trying to integrate that.