def getPublicKey(self, format='JWK'):
"""
Return public key as a PEM or JWK string or as a JCS/JWK in an JSONObjectWriter
"""
if exportFormatCheck(format) == 'PEM':
if self.isRSA():
return exportPublicKeyAsPem(self.nativePrivateKey.publickey())
return exportPublicKeyAsPem(
self.nativePrivateKey.get_verifying_key())
publicKey = JSONObjectWriter()
if self.isRSA():
publicKey.setString('kty', 'RSA')
publicKey.setCryptoBigNum('n', self.nativePrivateKey.n)
publicKey.setCryptoBigNum('e', self.nativePrivateKey.e)
else:
publicKey.setString('kty', 'EC')
publicKey.setString('crv', getEcCurveName(self.nativePrivateKey))
point = self.nativePrivateKey.get_verifying_key().to_string()
length = len(point)
if length % 2:
raise ValueError('EC point length error')
length >>= 1
publicKey.setBinary('x', point[:length])
publicKey.setBinary('y', point[length:])
if format == 'JWK':
return publicKey.serialize()
return publicKey
# This is a short program showing a possible CSR using JCS for the
# ACME (Automatic Certificate Management Environment) system
theKey = ('{'
' "kty":"EC",'
' "crv":"P-256",'
' "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4",'
' "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM",'
' "d":"870MB6gfuTJ4HtUnUvYMyJpr5eUZNP4Bk43bVdj3eAE"'
'}')
from org.webpki.json import SignatureKey
from org.webpki.json.Writer import JSONObjectWriter
jsonObject = JSONObjectWriter().setString(
"@context",
"https://letsencrypt.org/acme/v1").setString("@qualifier",
"CertificateRequest")
jsonObject.setString("domain", "example.com")
jsonObject.setBinary("secret", '\x56\x23\x23\x00\x10')
jsonObject.setSignature(SignatureKey.new(theKey))
print jsonObject.serialize()
'0BM+HmsiWnYEud7gU0Qi9MTzf4DMkabb0b01AMsA3WXUIoUxYXb0hdUHeWAivylo\n'
'6b2Vz0bkF04+Q0Bos9yMFQtOqkl1x7IfW5SrxZn07c/sWoStfA8nuFkayaf24p09\n'
'LLXUVQKBgDjFqNGi34b0Du1LcWNhHKc1UV8JjvMTXgynfte2BeptG994fXHvFt6G\n'
'+N3RpzlSgNk1QuHLze3qmAOqYfwNR/dXNDmiOIZ2vEb+F8pNvajAR/7A3GVbE/Ex\n'
'WzQhroBt4fEiJusZfznJVTjnzeTmIGxpNTyHMznbVDA9eY+tW1du\n'
'-----END RSA PRIVATE KEY-----\n')
class CustomSigner(BaseKey):
def __init__(self,privateKeyString,algorithm):
# Custom constructor
self.nativePrivateKey = RSA.importKey(privateKeyString)
self.algorithm = algorithm
def signData(self,data):
# Implementation: bare-bones and hard-coded
return PKCS1_v1_5.new(self.nativePrivateKey).sign(SHA256.new(data))
def setSignatureMetaData(self,jsonObjectWriter):
# Implementation: bare-bones and hard-coded
jsonObjectWriter.setString('algorithm',self.algorithm)
publicKey = jsonObjectWriter.setObject('publicKey')
publicKey.setString('type','RSA')
publicKey.setCryptoBigNum('n',self.nativePrivateKey.n)
publicKey.setCryptoBigNum('e',self.nativePrivateKey.e)
jsonObject = JSONObjectWriter().setString("@context","https://letsencrypt.org/acme/v1").setString("@qualifier","CertificateRequest")
jsonObject.setString("domain","example.com")
jsonObject.setBinary("secret",'\x56\x23\x23\x00\x10');
jsonObject.setSignature(CustomSigner(theKey,'RS256')) # Custom init parameters
print jsonObject.serialize()