Hello,
I'm fighting with Certificate Authority functionality with python
I stuck on following problem: How to sign CSR using CA key and write
resulted certificate.
You can do it using following openssl cmd:
openssl ca -cert CA/cert.pem -keyfile CA/private/cakey.pem -policy
policy_anything -out user_cert.pem -infiles userreq.pem
My try was:
import OpenSSL.crypto as pki
#load CA key:
ca_key=pki.load _privatekey(pki .FILETYPE_PEM,o pen('CA/private/
cakey.pem').rea d(),'haselko')
#load user's csr:
csr=pki.load_ce rtificate_reque st(pki.FILETYPE _PEM,open('user req.pem').read( ))
# sign csr
csr.sign(ca_key ,'sha1')
I don't get any erorrs however I dont' see any way to write or get
result from such operation
csr exports following methods:
csr.add_extensi ons csr.get_pubkey csr.get_subject
csr.set_pubkey csr.sign csr.verify
I want to create pure python implementation without use of openssl
wrapped with python code.
Regards,
3  7909 
On 2008-10-31 11:10, Marcin Jurczuk wrote:
Hello,
I'm fighting with Certificate Authority functionality with python
I stuck on following problem: How to sign CSR using CA key and write
resulted certificate.
You can do it using following openssl cmd:
openssl ca -cert CA/cert.pem -keyfile CA/private/cakey.pem -policy
policy_anything -out user_cert.pem -infiles userreq.pem
My try was:
import OpenSSL.crypto as pki
#load CA key:
ca_key=pki.load _privatekey(pki .FILETYPE_PEM,o pen('CA/private/
cakey.pem').rea d(),'haselko')
#load user's csr:
csr=pki.load_ce rtificate_reque st(pki.FILETYPE _PEM,open('user req.pem').read( ))
# sign csr
csr.sign(ca_key ,'sha1')
I don't get any erorrs however I dont' see any way to write or get
result from such operation
csr exports following methods:
csr.add_extensi ons csr.get_pubkey csr.get_subject
csr.set_pubkey csr.sign csr.verify
You need to use crypto.dump_cer tificate() to dump and then
write the certificate back to disk.
BTW: There's a good example in the pyOpenSSL examples dir
for these things: http://svn.dave.cridland.net/svn/pro...les/certgen.py http://svn.dave.cridland.net/svn/pro...imple_certs.py
I want to create pure python implementation without use of openssl
wrapped with python code.
Good luck with that :-)
--
Marc-Andre Lemburg
eGenix.com
Professional Python Services directly from the Source (#1, Oct 31 2008)
>>Python/Zope Consulting and Support ... http://www.egenix.com/
mxODBC.Zope.D atabase.Adapter ... http://zope.egenix.com/
mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/
_______________ _______________ _______________ _______________ ____________
:::: Try mxODBC.Zope.DA for Windows,Linux,S olaris,MacOSX for free ! ::::
eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48
D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
Registered at Amtsgericht Duesseldorf: HRB 46611
Marcin Jurczuk <mj******@gmail .comwrites:
I want to create pure python implementation without use of openssl
wrapped with python code.
There was a CA written in Python quite a while back, http://pyca.de .
I don't know if it's maintained these days.
Paul Rubin wrote:
Marcin Jurczuk <mj******@gmail .comwrites:
>I want to create pure python implementation without use of openssl
wrapped with python code.
There was a CA written in Python quite a while back, http://pyca.de .
That was the usual approach with invoking the openssl command-line tool
from Python. Today I'd do *everything* differently. Well, it was the
result of learning Python, PKI, LDAP and web programming all at once
back then.
I don't know if it's maintained these days.
No, it's not. Being the author I know this for sure. ;-)
Ciao, Michael. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Etienne Posthumus |
last post by:
I have been considering the various SSL/crypto libraries for Python,
and they all have their plus and minus points. The main sticking point
has been to have BOTH X509 file support and access to some crypto
operations for signing/hashing.
The only one which does both (please correct me if this is a
misconception on my part) is http://sourceforge.net/projects/pow/ but I
can find very few references to it, or projects that use it via...
|
by: Adil Hasan |
last post by:
Hello,
I'm having problems trying to use ZSI to connect to a https url.
I give the command and I get prompted for my X509 cert pass-phrase, but
the program dies with an openssl error.
Here's my code:
from ZSI import *
u=''
n='https://shahzad.fnal.gov/edg-voms-admin/uscms/services/VOMSAdmin'
|
by: matey |
last post by:
I am have version 2.3.4. I want to write a python script to access a
secure HTTPS.
I tried the following:
import urllib
urllib.urlopen("https://somesecuresite.com")
s = f.read()
f.close()
|
by: John Nagle |
last post by:
The major complaint I have about Python is that the packages
which connect it to other software components all seem to have
serious problems. As long as you don't need to talk to anything
outside the Python world, you're fine. But once you do, things
go downhill. MySQLdb has version and platform compatibility
problems. So does M2Crypto. The built-in SSL support is weak.
Even basic sockets don't quite work right; the socket module...
|
by: Patrick |
last post by:
Hello,
I'm currently trying the OpenSSL Library, but I got some problems. I
want to create a server and client application that communicate
through the OpenSSL API, but this code doesn't work.
I tried to understand the error messages but for me they aren't
useful. And now I'm here and hope that somebody has experience and can
tell me the error.
This is the Code for the server:
#define _CRT_SECURE_NO_DEPRECATE
| | |
by: pawnee |
last post by:
Explanation:
I wrote a simple openssl server using code from basic examples. I tried it out with several browsers like firefox, opera, ie and safari. With firefox i get the certificate and then the html site. But with the other browsers I got either no html page at all or got the site just after loading the browser twice. I dont know if the problem are the certificates or the c++ code.
Platform / OS / Version:
IDE: embeddedVisualC++...
|
by: seanovision |
last post by:
Hi,
I've been wrestling with this for a few days and I'm not sure what I'm doing wrong. I'm writing a script that will eventually sign several certificate signing requests (CSRs) using openssl. But for now, I can't get it to sign a single one.
Here are the beginning and the signing portions of the script as they are now. Instead of using an argument to input the passphrase, I'm defining it in a variable and have it printed out to prove...
|
by: Hajo Ehlers |
last post by:
Given
AIX 5.3 ML07 including
openssh.base.4.5.0.5301.I
openssl.base.0.9.8.4.I
Latest RPM packages from the AIX Toolbox 11/2007 including
- openssl-0.9.7l-2.aix5.1.ppc.rpm
Python 2.5.1
|
by: Tan |
last post by:
Hi folk,
I'm trying to install latest OpenSSL version in VS2008 Express Edition
on WinXP. I have downloaded and installed the redistributable for VC+
+2008 (including SP1), and also installed the latest version of pre-compiled
version of OpenSSL from /www.shininglightpro.com/products/
Win32OpenSSL.html website. So AFAIK there is no need for Perl script
compilation and NASM, MASM issue as long as I have the pre-compiled
binaries. If I'm...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
| | |
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| | |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
