2 files changed, 12 insertions, 7 deletions

diff --git a/src/python/botan2.py b/src/python/botan2.py
index 4cae19d1a..6ae1bd6da 100755
--- a/src/python/botan2.py
+++ b/src/python/botan2.py
@@ -1170,9 +1170,9 @@ class PKDecrypt(object):
         return outbuf.raw[0:int(outbuf_sz.value)]
 
 class PKSign(object): # pylint: disable=invalid-name
-    def __init__(self, key, padding):
+    def __init__(self, key, padding, der=False):
         self.__obj = c_void_p(0)
-        flags = c_uint32(0) # always zero in this ABI
+        flags = c_uint32(1) if der else c_uint32(0)
         _DLL.botan_pk_op_sign_create(byref(self.__obj), key.handle_(), _ctype_str(padding), flags)
 
     def __del__(self):
@@ -1189,9 +1189,9 @@ class PKSign(object): # pylint: disable=invalid-name
         return outbuf.raw[0:int(outbuf_sz.value)]
 
 class PKVerify(object):
-    def __init__(self, key, padding):
+    def __init__(self, key, padding, der=False):
         self.__obj = c_void_p(0)
-        flags = c_uint32(0) # always zero in this ABI
+        flags = c_uint32(1) if der else c_uint32(0)
         _DLL.botan_pk_op_verify_create(byref(self.__obj), key.handle_(), _ctype_str(padding), flags)
 
     def __del__(self):
diff --git a/src/scripts/test_python.py b/src/scripts/test_python.py
index 73cb29258..2202c0e4b 100644
--- a/src/scripts/test_python.py
+++ b/src/scripts/test_python.py
@@ -351,23 +351,28 @@ ofvkP1EDmpx50fHLawIDAQAB
         self.assertEqual(pub.get_field('public_x'), priv.get_field('public_x'))
         self.assertEqual(pub.get_field('public_y'), priv.get_field('public_y'))
 
-        signer = botan2.PKSign(priv, hash_fn)
+        signer = botan2.PKSign(priv, hash_fn, True)
         signer.update(msg)
         signature = signer.finish(rng)
 
         verifier = botan2.PKVerify(pub, hash_fn)
         verifier.update(msg)
+        #fails because DER/not-DER mismatch
+        self.assertFalse(verifier.check_signature(signature))
+
+        verifier = botan2.PKVerify(pub, hash_fn, True)
+        verifier.update(msg)
         self.assertTrue(verifier.check_signature(signature))
 
         pub_x = pub.get_field('public_x')
         pub_y = priv.get_field('public_y')
         pub2 = botan2.PublicKey.load_ecdsa(group, pub_x, pub_y)
-        verifier = botan2.PKVerify(pub2, hash_fn)
+        verifier = botan2.PKVerify(pub2, hash_fn, True)
         verifier.update(msg)
         self.assertTrue(verifier.check_signature(signature))
 
         priv2 = botan2.PrivateKey.load_ecdsa(group, priv.get_field('x'))
-        signer = botan2.PKSign(priv2, hash_fn)
+        signer = botan2.PKSign(priv2, hash_fn, True)
         # sign empty message
         signature = signer.finish(rng)