473,473 Members | 1,974 Online
Bytes | Software Development & Data Engineering Community
Create Post

Home Posts Topics Members FAQ

python openssl x509 CA

Hello,
I'm fighting with Certificate Authority functionality with python
I stuck on following problem: How to sign CSR using CA key and write
resulted certificate.

You can do it using following openssl cmd:
openssl ca -cert CA/cert.pem -keyfile CA/private/cakey.pem -policy
policy_anything -out user_cert.pem -infiles userreq.pem

My try was:
import OpenSSL.crypto as pki
#load CA key:
ca_key=pki.load_privatekey(pki.FILETYPE_PEM,open(' CA/private/
cakey.pem').read(),'haselko')
#load user's csr:
csr=pki.load_certificate_request(pki.FILETYPE_PEM, open('userreq.pem').read())
# sign csr
csr.sign(ca_key,'sha1')
I don't get any erorrs however I dont' see any way to write or get
result from such operation
csr exports following methods:
csr.add_extensions csr.get_pubkey csr.get_subject
csr.set_pubkey csr.sign csr.verify

I want to create pure python implementation without use of openssl
wrapped with python code.

Regards,
Oct 31 '08 #1
3 7886
On 2008-10-31 11:10, Marcin Jurczuk wrote:
Hello,
I'm fighting with Certificate Authority functionality with python
I stuck on following problem: How to sign CSR using CA key and write
resulted certificate.

You can do it using following openssl cmd:
openssl ca -cert CA/cert.pem -keyfile CA/private/cakey.pem -policy
policy_anything -out user_cert.pem -infiles userreq.pem

My try was:
import OpenSSL.crypto as pki
#load CA key:
ca_key=pki.load_privatekey(pki.FILETYPE_PEM,open(' CA/private/
cakey.pem').read(),'haselko')
#load user's csr:
csr=pki.load_certificate_request(pki.FILETYPE_PEM, open('userreq.pem').read())
# sign csr
csr.sign(ca_key,'sha1')
I don't get any erorrs however I dont' see any way to write or get
result from such operation
csr exports following methods:
csr.add_extensions csr.get_pubkey csr.get_subject
csr.set_pubkey csr.sign csr.verify
You need to use crypto.dump_certificate() to dump and then
write the certificate back to disk.

BTW: There's a good example in the pyOpenSSL examples dir
for these things:

http://svn.dave.cridland.net/svn/pro...les/certgen.py
http://svn.dave.cridland.net/svn/pro...imple_certs.py
I want to create pure python implementation without use of openssl
wrapped with python code.
Good luck with that :-)

--
Marc-Andre Lemburg
eGenix.com

Professional Python Services directly from the Source (#1, Oct 31 2008)
>>Python/Zope Consulting and Support ... http://www.egenix.com/
mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/
mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/
__________________________________________________ ______________________

:::: Try mxODBC.Zope.DA for Windows,Linux,Solaris,MacOSX for free ! ::::
eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48
D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
Registered at Amtsgericht Duesseldorf: HRB 46611
Oct 31 '08 #2
Marcin Jurczuk <mj******@gmail.comwrites:
I want to create pure python implementation without use of openssl
wrapped with python code.
There was a CA written in Python quite a while back, http://pyca.de .
I don't know if it's maintained these days.
Oct 31 '08 #3
Paul Rubin wrote:
Marcin Jurczuk <mj******@gmail.comwrites:
>I want to create pure python implementation without use of openssl
wrapped with python code.

There was a CA written in Python quite a while back, http://pyca.de .
That was the usual approach with invoking the openssl command-line tool
from Python. Today I'd do *everything* differently. Well, it was the
result of learning Python, PKI, LDAP and web programming all at once
back then.
I don't know if it's maintained these days.
No, it's not. Being the author I know this for sure. ;-)

Ciao, Michael.
Oct 31 '08 #4
Create Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
0
Anyone else using Python OpenSSL Wrappers?
by: Etienne Posthumus | last post by:
I have been considering the various SSL/crypto libraries for Python, and they all have their plus and minus points. The main sticking point has been to have BOTH X509 file support and access to...
Latest Bytes
3
Problem connecting to https using ZSI (openssl problem) - python2.3
by: Adil Hasan | last post by:
Hello, I'm having problems trying to use ZSI to connect to a https url. I give the command and I get prompted for my X509 cert pass-phrase, but the program dies with an openssl error. Here's my...
Latest Bytes
6
Python and SSL enabled
by: matey | last post by:
I am have version 2.3.4. I want to write a python script to access a secure HTTPS. I tried the following: import urllib urllib.urlopen("https://somesecuresite.com") s = f.read() f.close()
Latest Bytes
113
Python does not play well with others
by: John Nagle | last post by:
The major complaint I have about Python is that the packages which connect it to other software components all seem to have serious problems. As long as you don't need to talk to anything outside...
Latest Bytes
4
OpenSSL Server and Client Problems
by: Patrick | last post by:
Hello, I'm currently trying the OpenSSL Library, but I got some problems. I want to create a server and client application that communicate through the OpenSSL API, but this code doesn't work. I...
Latest Bytes
1
OpenSSL C++; Problem with Certificates
by: pawnee | last post by:
Explanation: I wrote a simple openssl server using code from basic examples. I tried it out with several browsers like firefox, opera, ie and safari. With firefox i get the certificate and then the...
Latest Bytes
0
Perl Expect and openssl
by: seanovision | last post by:
Hi, I've been wrestling with this for a few days and I'm not sure what I'm doing wrong. I'm writing a script that will eventually sign several certificate signing requests (CSRs) using openssl....
Latest Bytes
0
Enable md5 support for python 2.5.1 on AIX 5.3
by: Hajo Ehlers | last post by:
Given AIX 5.3 ML07 including openssh.base.4.5.0.5301.I openssl.base.0.9.8.4.I Latest RPM packages from the AIX Toolbox 11/2007 including - openssl-0.9.7l-2.aix5.1.ppc.rpm Python 2.5.1
Latest Bytes
4
OpenSSL projects in VC2008
by: Tan | last post by:
Hi folk, I'm trying to install latest OpenSSL version in VS2008 Express Edition on WinXP. I have downloaded and installed the redistributable for VC+ +2008 (including SP1), and also installed...
Latest Bytes
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
Latest Bytes
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Latest Bytes
1
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Latest Bytes
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
Latest Bytes
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Latest Bytes
0
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
Latest Bytes
0
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The...
Latest Bytes
0
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Latest Bytes
0
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
Latest Bytes

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us