def getPublicKey(self, format='JWK'): """ Return public key as a PEM or JWK string or as a JCS/JWK in an JSONObjectWriter """ if exportFormatCheck(format) == 'PEM': if self.isRSA(): return exportPublicKeyAsPem(self.nativePrivateKey.publickey()) return exportPublicKeyAsPem( self.nativePrivateKey.get_verifying_key()) publicKey = JSONObjectWriter() if self.isRSA(): publicKey.setString('kty', 'RSA') publicKey.setCryptoBigNum('n', self.nativePrivateKey.n) publicKey.setCryptoBigNum('e', self.nativePrivateKey.e) else: publicKey.setString('kty', 'EC') publicKey.setString('crv', getEcCurveName(self.nativePrivateKey)) point = self.nativePrivateKey.get_verifying_key().to_string() length = len(point) if length % 2: raise ValueError('EC point length error') length >>= 1 publicKey.setBinary('x', point[:length]) publicKey.setBinary('y', point[length:]) if format == 'JWK': return publicKey.serialize() return publicKey
# This is a short program showing a possible CSR using JCS for the # ACME (Automatic Certificate Management Environment) system theKey = ('{' ' "kty":"EC",' ' "crv":"P-256",' ' "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4",' ' "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM",' ' "d":"870MB6gfuTJ4HtUnUvYMyJpr5eUZNP4Bk43bVdj3eAE"' '}') from org.webpki.json import SignatureKey from org.webpki.json.Writer import JSONObjectWriter jsonObject = JSONObjectWriter().setString( "@context", "https://letsencrypt.org/acme/v1").setString("@qualifier", "CertificateRequest") jsonObject.setString("domain", "example.com") jsonObject.setBinary("secret", '\x56\x23\x23\x00\x10') jsonObject.setSignature(SignatureKey.new(theKey)) print jsonObject.serialize()
'0BM+HmsiWnYEud7gU0Qi9MTzf4DMkabb0b01AMsA3WXUIoUxYXb0hdUHeWAivylo\n' '6b2Vz0bkF04+Q0Bos9yMFQtOqkl1x7IfW5SrxZn07c/sWoStfA8nuFkayaf24p09\n' 'LLXUVQKBgDjFqNGi34b0Du1LcWNhHKc1UV8JjvMTXgynfte2BeptG994fXHvFt6G\n' '+N3RpzlSgNk1QuHLze3qmAOqYfwNR/dXNDmiOIZ2vEb+F8pNvajAR/7A3GVbE/Ex\n' 'WzQhroBt4fEiJusZfznJVTjnzeTmIGxpNTyHMznbVDA9eY+tW1du\n' '-----END RSA PRIVATE KEY-----\n') class CustomSigner(BaseKey): def __init__(self,privateKeyString,algorithm): # Custom constructor self.nativePrivateKey = RSA.importKey(privateKeyString) self.algorithm = algorithm def signData(self,data): # Implementation: bare-bones and hard-coded return PKCS1_v1_5.new(self.nativePrivateKey).sign(SHA256.new(data)) def setSignatureMetaData(self,jsonObjectWriter): # Implementation: bare-bones and hard-coded jsonObjectWriter.setString('algorithm',self.algorithm) publicKey = jsonObjectWriter.setObject('publicKey') publicKey.setString('type','RSA') publicKey.setCryptoBigNum('n',self.nativePrivateKey.n) publicKey.setCryptoBigNum('e',self.nativePrivateKey.e) jsonObject = JSONObjectWriter().setString("@context","https://letsencrypt.org/acme/v1").setString("@qualifier","CertificateRequest") jsonObject.setString("domain","example.com") jsonObject.setBinary("secret",'\x56\x23\x23\x00\x10'); jsonObject.setSignature(CustomSigner(theKey,'RS256')) # Custom init parameters print jsonObject.serialize()