def generate_certificate(self, domain, save_model): """This function takes a domain name as a parameter and then creates a certificate and key with the domain name (replacing dots by underscores), finally signing the certificate using specified CA and returns the path of key and cert files. If you are yet to generate a CA then check the top comments""" logger.info("SimpleCA: certificate creation request %s" % (domain,)) ca_private_key = asymmetric.load_private_key( self.ca_key, password=settings.CA_KEY_PASSWD) ca_certificate = asymmetric.load_certificate(self.ca_crt) end_entity_public_key, end_entity_private_key = \ asymmetric.generate_pair('rsa', bit_size=2048) builder = CertificateBuilder( { 'country_name': 'CR', 'state_or_province_name': 'San Jose', 'locality_name': 'Costa Rica', 'organization_name': save_model.name, "organizational_unit_name": save_model.institution_unit, 'common_name': domain, }, end_entity_public_key ) now = timezone.now() builder.issuer = ca_certificate builder.begin_date = now builder.end_date = now+timedelta(settings.CA_CERT_DURATION) builder.key_usage = set(['digital_signature']) end_entity_certificate = builder.build(ca_private_key) # settings.CA_CERT_DURATION server_public_key, server_private_key = \ asymmetric.generate_pair('rsa', bit_size=2048) save_model.private_key = asymmetric.dump_private_key( end_entity_private_key, None) save_model.public_key = asymmetric.dump_public_key( end_entity_public_key) save_model.public_certificate = pem_armor_certificate( end_entity_certificate) save_model.server_sign_key = asymmetric.dump_private_key( server_private_key, None) save_model.server_public_key = asymmetric.dump_public_key( server_public_key) logger.debug("SimpleCA: New certificate for %s is %r" % (domain, save_model.public_certificate)) return save_model
def create_certificate(): root_ca_public_key, root_ca_private_key = asymmetric.generate_pair( 'rsa', bit_size=2048) with open('root_ca.key', 'wb') as f: f.write(asymmetric.dump_private_key(root_ca_private_key, u'p')) with open('root_ca_public.key', 'wb') as f: f.write(asymmetric.dump_public_key(root_ca_public_key, 'pem')) builder = CertificateBuilder( { u'country_name': u'US', u'state_or_province_name': u'Massachusetts', u'locality_name': u'Amherst', u'organization_name': u'Name Certifying service', u'common_name': u'NCS Root CA', }, root_ca_public_key) builder.self_signed = True builder.ca = True root_ca_certificate = builder.build(root_ca_private_key) with open('root_ca.crt', 'wb') as f: f.write(pem_armor_certificate(root_ca_certificate)) # Generate an end-entity key and certificate, signed by the root end_entity_public_key, end_entity_private_key = asymmetric.generate_pair( 'rsa', bit_size=2048) with open('ramteja_tadishetti_private.key', 'wb') as f: f.write(asymmetric.dump_private_key(end_entity_private_key, u'p')) with open('ramteja_tadishetti_public.key', 'wb') as f: f.write(asymmetric.dump_public_key(end_entity_public_key, 'pem')) builder = CertificateBuilder( { u'country_name': u'US', u'state_or_province_name': u'Massachusetts', u'locality_name': u'Amherst', u'organization_name': u'Ramteja Tadishetti Corp', u'common_name': u'ramtejatadishetti', }, end_entity_public_key) builder.issuer = root_ca_certificate #builder.set_extension( u'1.2.840.113549.1.1.1', 'ramteja', allow_deprecated=False) end_entity_certificate = builder.build(root_ca_private_key) with open('ramteja_tadishetti.crt', 'wb') as f: f.write(pem_armor_certificate(end_entity_certificate))
def build_ca(): if not os.path.exists(settings.CA_PATH): os.makedirs(settings.CA_PATH) root_ca_public_key, root_ca_private_key = asymmetric.generate_pair( 'rsa', bit_size=4096) with open(settings.CA_KEY, 'wb') as f: f.write( asymmetric.dump_private_key(root_ca_private_key, settings.CA_KEY_PASSWD)) builder = CertificateBuilder( { 'country_name': 'CR', 'state_or_province_name': 'San Jose', 'locality_name': 'Costa Rica', 'organization_name': 'DFVA Independiente', 'common_name': 'DFVA Root CA 1', }, root_ca_public_key) now = timezone.now() builder.self_signed = True builder.ca = True builder.end_date = now + timedelta(settings.CA_CERT_DURATION * 10) root_ca_certificate = builder.build(root_ca_private_key) with open(settings.CA_CERT, 'wb') as f: f.write(pem_armor_certificate(root_ca_certificate)) builder = CertificateListBuilder('http://crl.dfva.info', root_ca_certificate, 1000) crl_list = builder.build(root_ca_private_key) with open(settings.CA_CRL, 'wb') as f: f.write(crl_list.dump())
def generate_cert_and_key(cn, filename, keysize, keytype='rsa'): ca_key_name = '%s.key' % filename ca_cert_name = '%s.crt' % filename curdir = pathlib.Path(__file__).parent # Generate and save the key and certificate for the root CA root_ca_public_key, root_ca_private_key = asymmetric.generate_pair( keytype, bit_size=keysize) with open(curdir.joinpath(ca_key_name), 'wb') as f: f.write(asymmetric.dump_private_key(root_ca_private_key, None)) builder = CertificateBuilder( { 'country_name': 'US', 'state_or_province_name': 'Massachusetts', 'locality_name': 'Newbury', 'organization_name': 'Codex Non Sufficit LC', 'common_name': cn, }, root_ca_public_key) builder.self_signed = True builder.ca = True root_ca_certificate = builder.build(root_ca_private_key) with open(curdir.joinpath(ca_cert_name), 'wb') as f: f.write(pem_armor_certificate(root_ca_certificate))
def generate_certificate(self, domain, save_model): logger.info("Dogtag: certificate creation request %s" % (domain,)) public_key, private_key = asymmetric.generate_pair( 'rsa', bit_size=2048) data = { 'common_name': domain, 'organization_name': save_model.name, 'organizational_unit_name': save_model.institution_unit, 'email_address': save_model.email } data.update(settings.DOGTAG_CERTIFICATE_SCHEME) builder = CSRBuilder( data, public_key ) #builder.subject_alt_domains = ['codexns.io', 'codexns.com'] request = builder.build(private_key) inputs = { "cert_request_type": "pkcs10", "cert_request": pem_armor_csr(request).decode(), "requestor_name": settings.DOGTAG_CERT_REQUESTER, "requestor_email": settings.DOGTAG_CERT_REQUESTER_EMAIL, } logger.debug("Dogtag: request certificate %r" % (inputs,)) conn = self.get_connection() cert_client = pki.cert.CertClient(conn) certificates = cert_client.enroll_cert("caServerCert", inputs) server_public_key, server_private_key = \ asymmetric.generate_pair('rsa', bit_size=2048) save_model.private_key = asymmetric.dump_private_key(private_key, None) save_model.public_key = asymmetric.dump_public_key(public_key) save_model.public_certificate = certificates[0].cert.encoded.encode() save_model.server_sign_key = asymmetric.dump_private_key( server_private_key, None) save_model.server_public_key = asymmetric.dump_public_key( server_public_key) logger.debug("Dogtag: New certificate for %s is %r" % (domain, save_model.public_certificate)) return save_model
def self_enroll(skip_notify=False): assert os.getuid() == 0 and os.getgid( ) == 0, "Can self-enroll only as root" from certidude import const, config common_name = const.FQDN os.umask(0o0177) try: path, buf, cert, signed, expires = get_signed(common_name) self_public_key = asymmetric.load_public_key(path) private_key = asymmetric.load_private_key(config.SELF_KEY_PATH) except FileNotFoundError: # certificate or private key not found click.echo("Generating private key for frontend: %s" % config.SELF_KEY_PATH) with open(config.SELF_KEY_PATH, 'wb') as fh: if public_key.algorithm == "ec": self_public_key, private_key = asymmetric.generate_pair( "ec", curve=public_key.curve) elif public_key.algorithm == "rsa": self_public_key, private_key = asymmetric.generate_pair( "rsa", bit_size=public_key.bit_size) else: raise NotImplemented( "CA certificate public key algorithm %s not supported" % public_key.algorithm) fh.write(asymmetric.dump_private_key(private_key, None)) else: now = datetime.utcnow() if now + timedelta(days=1) < expires: click.echo( "Certificate %s still valid, delete to self-enroll again" % path) return builder = CSRBuilder({"common_name": common_name}, self_public_key) request = builder.build(private_key) pid = os.fork() if not pid: from certidude import authority, config from certidude.common import drop_privileges drop_privileges() assert os.getuid() != 0 and os.getgid() != 0 path = os.path.join(config.REQUESTS_DIR, common_name + ".pem") click.echo("Writing certificate signing request for frontend: %s" % path) with open(path, "wb") as fh: fh.write( pem_armor_csr(request)) # Write CSR with certidude permissions authority.sign(common_name, skip_notify=skip_notify, skip_push=True, overwrite=True, profile=config.PROFILES["srv"]) click.echo("Frontend certificate signed") sys.exit(0) else: os.waitpid(pid, 0) os.system("systemctl reload nginx")
def do_run(): private = asymmetric.load_private_key(os.path.join(fixtures_dir, 'keys/test.key')) for password in [None, 'password123']: pem_serialized = asymmetric.dump_private_key(private, password, target_ms=20) private_reloaded = asymmetric.load_private_key(pem_serialized, password) self.assertTrue(pem.detect(pem_serialized)) self.assertIsInstance(private_reloaded, asymmetric.PrivateKey) self.assertEqual('rsa', private_reloaded.algorithm)
def self_enroll(): assert os.getuid() == 0 and os.getgid( ) == 0, "Can self-enroll only as root" from certidude import const common_name = const.FQDN directory = os.path.join("/var/lib/certidude", const.FQDN) self_key_path = os.path.join(directory, "self_key.pem") try: path, buf, cert, signed, expires = get_signed(common_name) self_public_key = asymmetric.load_public_key(path) private_key = asymmetric.load_private_key(self_key_path) except FileNotFoundError: # certificate or private key not found with open(self_key_path, 'wb') as fh: if public_key.algorithm == "ec": self_public_key, private_key = asymmetric.generate_pair( "ec", curve=public_key.curve) elif public_key.algorithm == "rsa": self_public_key, private_key = asymmetric.generate_pair( "rsa", bit_size=public_key.bit_size) else: NotImplemented fh.write(asymmetric.dump_private_key(private_key, None)) else: now = datetime.utcnow() if now + timedelta(days=1) < expires: click.echo( "Certificate %s still valid, delete to self-enroll again" % path) return builder = CSRBuilder({"common_name": common_name}, self_public_key) request = builder.build(private_key) pid = os.fork() if not pid: from certidude import authority from certidude.common import drop_privileges drop_privileges() assert os.getuid() != 0 and os.getgid() != 0 path = os.path.join(directory, "requests", common_name + ".pem") click.echo("Writing request to %s" % path) with open(path, "wb") as fh: fh.write( pem_armor_csr(request)) # Write CSR with certidude permissions authority.sign(common_name, skip_push=True, overwrite=True, profile=config.PROFILES["srv"]) sys.exit(0) else: os.waitpid(pid, 0) if os.path.exists("/etc/systemd"): os.system("systemctl reload nginx") else: os.system("service nginx reload")
def _read_key(self, path): # type: (str) -> str try: privkey = asymmetric.load_private_key(path) except Exception as e: raise CommandError("Error reading private key at {}: {}".format(path, e)) key_pem = asymmetric.dump_private_key(privkey, None, 'pem') return key_pem
def test_dump_private(self): private = asymmetric.load_private_key( os.path.join(fixtures_dir, 'keys/test.key')) pem_serialized = asymmetric.dump_private_key(private, 'password123', target_ms=20) private_reloaded = asymmetric.load_private_key(pem_serialized, 'password123') self.assertIsInstance(private_reloaded, asymmetric.PrivateKey) self.assertEqual('rsa', private_reloaded.algorithm)
def _generate_key(self, path): # type: (str) -> str try: with open(path, 'wb') as f: _, privkey = asymmetric.generate_pair('rsa', bit_size=2048) key_pem = asymmetric.dump_private_key(privkey, None, 'pem') f.write(key_pem) except IOError: raise CommandError("{} is not a path to a writable file.".format(path)) return key_pem
def do_run(): private = asymmetric.load_private_key( os.path.join(fixtures_dir, 'keys/test.key')) for password in [None, 'password123']: pem_serialized = asymmetric.dump_private_key(private, password, target_ms=20) private_reloaded = asymmetric.load_private_key( pem_serialized, password) self.assertTrue(pem.detect(pem_serialized)) self.assertIsInstance(private_reloaded, asymmetric.PrivateKey) self.assertEqual('rsa', private_reloaded.algorithm)
def private_key_as_pem(self, passphrase=None): """ Return the private key as a PEM-encoded string. :param passphrase: If a `str` object is supplied, encrypt the private key with the passphrase before converting it to PEM format. If `None` is supplied, convert it to PEM format without performing any encryption. :return: private key in PEM format :rtype: str """ return asymmetric.dump_private_key(self._private_key, _bytes_to_unicode(passphrase))
def test_ec_generate(self): public, private = asymmetric.generate_pair('ec', curve='secp256r1') self.assertEqual('ec', public.algorithm) self.assertEqual('secp256r1', public.asn1.curve[1]) original_data = b'This is data to sign' signature = asymmetric.ecdsa_sign(private, original_data, 'sha1') self.assertIsInstance(signature, byte_cls) asymmetric.ecdsa_verify(public, signature, original_data, 'sha1') raw_public = asymmetric.dump_public_key(public) asymmetric.load_public_key(raw_public) raw_private = asymmetric.dump_private_key(private, None) asymmetric.load_private_key(raw_private, None)
def generate_pair(name, quiet=False, key_type='rsa', key_size=2048): if not quiet: write('Generating {} keys ... '.format(name), end='') public_key, private_key = asymmetric.generate_pair(key_type, bit_size=key_size) with open(path.join(certs_dir, '{}.key'.format(name)), 'wb') as f: f.write(asymmetric.dump_private_key(private_key, None)) with open(path.join(certs_dir, '{}.pubkey'.format(name)), 'wb') as f: f.write(asymmetric.dump_public_key(public_key)) if not quiet: write('done')
def test_dsa_generate(self): public, private = asymmetric.generate_pair('dsa', bit_size=1024) self.assertEqual('dsa', public.algorithm) self.assertEqual(1024, public.bit_size) original_data = b'This is data to sign' signature = asymmetric.dsa_sign(private, original_data, 'sha1') self.assertIsInstance(signature, byte_cls) asymmetric.dsa_verify(public, signature, original_data, 'sha1') raw_public = asymmetric.dump_public_key(public) asymmetric.load_public_key(raw_public) raw_private = asymmetric.dump_private_key(private, None) asymmetric.load_private_key(raw_private, None)
async def create_message(request): body = await request.post() session = await get_session(request) message = bytes(body['message'], 'UTF-8') date = datetime.strptime(body['date'], '%Y-%m-%d') public_key, private_key = asymmetric.generate_pair('rsa', bit_size=4096) ciphertext = asymmetric.rsa_oaep_encrypt(public_key, message) private_key = asymmetric.dump_private_key(private_key, None) user = await db.get_user(request.app, session['username']) message_uuid = uuid.uuid4().hex await db.create_message( request.app, { 'uuid': message_uuid, 'user': user.uuid, 'private_key': binascii.hexlify(private_key).decode('UTF-8'), 'ciphertext': binascii.hexlify(ciphertext).decode('UTF-8'), 'expires': date }) return web.HTTPFound(location=request.app.router['message_detail'].url_for( uuid=message_uuid))
def self_enroll(): from certidude import const common_name = const.FQDN directory = os.path.join("/var/lib/certidude", const.FQDN) self_key_path = os.path.join(directory, "self_key.pem") try: path, buf, cert, signed, expires = get_signed(common_name) public_key = asymmetric.load_public_key(path) private_key = asymmetric.load_private_key(self_key_path) except FileNotFoundError: # certificate or private key not found with open(self_key_path, 'wb') as fh: public_key, private_key = asymmetric.generate_pair('rsa', bit_size=2048) fh.write(asymmetric.dump_private_key(private_key, None)) else: now = datetime.utcnow() if now + timedelta(days=1) < expires: click.echo( "Certificate %s still valid, delete to self-enroll again" % path) return builder = CSRBuilder({"common_name": common_name}, public_key) request = builder.build(private_key) with open(os.path.join(directory, "requests", common_name + ".pem"), "wb") as fh: fh.write(pem_armor_csr(request)) pid = os.fork() if not pid: from certidude import authority from certidude.common import drop_privileges drop_privileges() authority.sign(common_name, skip_push=True, overwrite=True) sys.exit(0) else: os.waitpid(pid, 0) if os.path.exists("/etc/systemd"): os.system("systemctl reload nginx") else: os.system("service nginx reload")
def test_rsa_generate(self): public, private = asymmetric.generate_pair('rsa', bit_size=2048) self.assertEqual('rsa', public.algorithm) self.assertEqual(2048, public.bit_size) original_data = b'This is data to sign' signature = asymmetric.rsa_pkcs1v15_sign(private, original_data, 'sha1') self.assertIsInstance(signature, byte_cls) asymmetric.rsa_pkcs1v15_verify(public, signature, original_data, 'sha1') raw_public = asymmetric.dump_public_key(public) asymmetric.load_public_key(raw_public) raw_private = asymmetric.dump_private_key(private, None) asymmetric.load_private_key(raw_private, None) self.assertIsInstance(private.fingerprint, byte_cls) self.assertIsInstance(public.fingerprint, byte_cls) self.assertEqual(private.fingerprint, public.fingerprint)
def issue_cert(self, csr: CsrBuilder) -> (PrivateKey, Cert): public_key, private_key = asymmetric.generate_pair('rsa', bit_size=4096) builder = CertificateBuilder( { 'country_name': 'US', 'state_or_province_name': 'Massachusetts', 'locality_name': 'Newbury', 'organization_name': 'Codex Non Sufficit LC', 'common_name': 'Will Bond', }, public_key) builder.self_signed = True cert = builder.build(private_key) serial = SerialNumber.from_int(cert.serial_number).as_hex() keypath = self._cert_dir / (serial + '.key') with keypath.open('wb') as f: f.write(asymmetric.dump_private_key(private_key, 'password')) certpath = self._cert_dir / (serial + '.pem') with certpath.open('wb') as f: f.write(pem_armor_certificate(cert))
def create_certificate(): root_ca_public_key, root_ca_private_key = asymmetric.generate_pair( 'rsa', bit_size=2048) with open('root_ca.key', 'wb') as f: f.write(asymmetric.dump_private_key(root_ca_private_key, u'p')) with open('root_ca_public.key', 'wb') as f: f.write(asymmetric.dump_public_key(root_ca_public_key, 'pem')) builder = CertificateBuilder( { u'country_name': u'US', u'state_or_province_name': u'Massachusetts', u'locality_name': u'Amherst', u'organization_name': u'Name Certifying service', u'common_name': u'NCS Root CA', }, root_ca_public_key) builder.self_signed = True builder.ca = True root_ca_certificate = builder.build(root_ca_private_key) with open('root_ca.crt', 'wb') as f: f.write(pem_armor_certificate(root_ca_certificate))
def to_pem(self, password=None): return asymmetric.dump_private_key(self._private_key, passphrase=password, encoding='pem')
def _dump_private(key): return asymmetric.dump_private_key(key, None)
import os from oscrypto import asymmetric from certbuilder import CertificateBuilder fixtures_dir = os.path.join(os.path.dirname(__file__), '..', 'tests', 'fixtures') root_ca_public_key, root_ca_private_key = asymmetric.generate_pair( 'rsa', bit_size=2048) with open(os.path.join(fixtures_dir, 'root.key'), 'wb') as f: f.write( asymmetric.dump_private_key(root_ca_private_key, 'password123', target_ms=20)) builder = CertificateBuilder( { 'country_name': 'US', 'state_or_province_name': 'Massachusetts', 'locality_name': 'Newbury', 'organization_name': 'Codex Non Sufficit LC', 'common_name': 'CodexNS Root CA 1', }, root_ca_public_key) builder.self_signed = True builder.end_entity = False root_ca_certificate = builder.build(root_ca_private_key) with open(os.path.join(fixtures_dir, 'root.crt'), 'wb') as f:
def private_key_pem(self, key): return pem.armor('RSA PRIVATE KEY', asymmetric.dump_private_key(key, None, 'der'))
def generatekey(): if os.path.exists(str(keypath)): print("Certificate already exists in: ") print(keypath) message = sendgrid.Mail() sg = sendgrid.SendGridClient( 'Username ', 'Password' ) # Input username and password of SendGrid account to send emails. # Sends an email so we can track failures of key generation. message.set_from("Email Notification") message.add_to(errorToEmail) message.set_subject("CSR Generation failed report ") message.set_html('CSR Generation failed for ' + domainName + ' KEY file already exists') sg.send(message) sys.exit(1) else: with open(keypath, 'wb') as f: f.write(asymmetric.dump_private_key(private_key, 'ENCRYPT') ) # encrypts private key, using a password to unencrypt builder = CSRBuilder( { 'country_name': country, 'state_or_province_name': state, 'locality_name': city, 'organization_name': companyName, 'common_name': 'secure.' + domainName, }, public_key) request = builder.build(private_key) # Writes the CSR to a file with open(csrpath, 'wb') as f: f.write(pem_armor_csr(request)) f = open(HOME + '/' + csrName) readCSR = f.read() # AUTH INFORMATION FOR DIGICERT headers = { "X-DC-DEVKEY": "", "Content-Type": "application/json", } # Parameters for the DigiCert order p = json.dumps({ "certificate": { "common_name": str('secure.' + domainName), "csr": readCSR, "signature_hash": "sha256", "server_platform": { "id": 31 }, }, "organization": { "id": orgID }, "validity_years": years, "payment_method": "balance", }) response = requests.post( 'https://www.digicert.com/services/v2/order/certificate/ssl_plus', headers=headers, data=p) api_json = json.loads(response.text) print(api_json) idVal = api_json['id'] print(idVal) sg = sendgrid.SendGridClient( 'Username ', 'Password' ) # Creates email, sends to the account contact notifing of order message = sendgrid.Mail() # Grabbed the DigiCert order information for the confirmation email clientInfo = requests.get( 'https://www.digicert.com/services/v2/order/certificate/' + str(idVal), headers=headers) info_json = json.loads(clientInfo.text) # Grabs details from the Order confirmation for email notification clientFirstName = info_json['organization_contact']['first_name'] clientName = info_json['organization_contact'][ 'first_name'] + ' ' + info_json['organization_contact']['last_name'] clientEmail = info_json['organization_contact']['email'] clientPhone = info_json['organization_contact']['telephone'] emailString = """Hello """ + str(clientFirstName) + """, Your DigiCert SSL Certificate order has been placed and is pending your verification. If the new order is not issued soon, your current SSL Certificate will expire. As a result, your secure, online, check out page will no longer function along with your LiveScore survey system. We recommend you contact DigiCert directly to help ensure your SSL Certificate is issued in a timely manner. Your Order Number: """ + str(idVal) + """ Your Current SSL Certificate Expiration: """ + str(expireDate) + """ DigiCert Business Contact Associated with Order (Please confirm this information is correct): """ + str(clientName) + """ """ + str(clientEmail) + """ """ + str(clientPhone) + """ DigiCert Support Phone Number: 801-701-9600 DigiCert Support Email: [email protected] Most of the time, DigiCert attempts an outbound call to the business contact listed in their system. DigiCert requires this phone call as part of their verification process before your SSL Certificate can be issued. If your business contact number listed above is incorrect, please let me know as soon as possible so I can update the order information.""" message.add_bcc(clientEmail) message.add_to( 'User Email' ) # Set add_to email for the users email so that you can monitor the sent emails message.set_from("FROM EMAIL") # the From field value, for people to see message.set_subject("Recent Digicert SSL Certificate Order Placed") message.set_text(emailString) print("email sent to: " + str(clientEmail)) sg.send(message)
def test_dump_private(self): private = asymmetric.load_private_key(os.path.join(fixtures_dir, 'keys/test.key')) pem_serialized = asymmetric.dump_private_key(private, 'password123', target_ms=20) private_reloaded = asymmetric.load_private_key(pem_serialized, 'password123') self.assertIsInstance(private_reloaded, asymmetric.PrivateKey) self.assertEqual('rsa', private_reloaded.algorithm)
def public_key_pem(self, key): return pem.armor('PUBLIC KEY', asymmetric.dump_private_key(key, None, 'der'))
print( pubkey_filename + " already exists, move it somewhere else. I don't want to overwrite any keys." ) elif os.path.isfile(privkey_filename): print( privkey_filename + " already exists, move it somewhere else. I don't want to overwrite any keys." ) else: print("Generating Key Pair") pub, priv = asym.generate_pair("rsa", bit_size=2048) pub_f = open(pubkey_filename, 'wb') priv_f = open(privkey_filename, 'wb') pub_f.write(asym.dump_public_key(pub, "pem")) priv_f.write(asym.dump_private_key(priv, u'salt', "pem")) pub_f.close() priv_f.close() elif command == "sign": if len(sys.argv) < 3: print(help_text) else: url = sys.argv[2] if not os.path.isfile(privkey_filename): print(privkey_filename + " does not exist, run the make_key command.") else: f = open(privkey_filename, 'rb') privkey = f.read() f.close() priv = asym.load_private_key(privkey, u'salt')
import os from oscrypto import asymmetric from certbuilder import CertificateBuilder fixtures_dir = os.path.join(os.path.dirname(__file__), '..', 'tests', 'fixtures') root_ca_private_key = asymmetric.load_private_key(os.path.join(fixtures_dir, 'test.key')) root_ca_certificate = asymmetric.load_certificate(os.path.join(fixtures_dir, 'test.crt')) root_ocsp_public_key, root_ocsp_private_key = asymmetric.generate_pair('rsa', bit_size=2048) with open(os.path.join(fixtures_dir, 'test-ocsp.key'), 'wb') as f: f.write(asymmetric.dump_private_key(root_ocsp_private_key, 'password', target_ms=20)) builder = CertificateBuilder( { 'country_name': 'US', 'state_or_province_name': 'Massachusetts', 'locality_name': 'Newbury', 'organization_name': 'Codex Non Sufficit LC', 'organization_unit_name': 'Testing', 'common_name': 'CodexNS OCSP Responder', }, root_ocsp_public_key ) builder.extended_key_usage = set(['ocsp_signing']) builder.issuer = root_ca_certificate root_ocsp_certificate = builder.build(root_ca_private_key)
def private_key_pem(self): return asymmetric.dump_private_key(self.private_key, None, "pem").decode()
# coding: utf-8 from __future__ import unicode_literals, division, absolute_import, print_function import os from oscrypto import asymmetric from certbuilder import CertificateBuilder fixtures_dir = os.path.join(os.path.dirname(__file__), "..", "tests", "fixtures") root_ca_public_key, root_ca_private_key = asymmetric.generate_pair("rsa", bit_size=2048) with open(os.path.join(fixtures_dir, "root.key"), "wb") as f: f.write(asymmetric.dump_private_key(root_ca_private_key, "password123", target_ms=20)) builder = CertificateBuilder( { "country_name": "US", "state_or_province_name": "Massachusetts", "locality_name": "Newbury", "organization_name": "Codex Non Sufficit LC", "common_name": "CodexNS Root CA 1", }, root_ca_public_key, ) builder.self_signed = True builder.end_entity = False root_ca_certificate = builder.build(root_ca_private_key) with open(os.path.join(fixtures_dir, "root.crt"), "wb") as f:
fixtures_dir = os.path.join(os.path.dirname(__file__), '..', 'tests', 'fixtures') root_ca_private_key = asymmetric.load_private_key( os.path.join(fixtures_dir, 'test.key')) root_ca_certificate = asymmetric.load_certificate( os.path.join(fixtures_dir, 'test.crt')) root_ocsp_public_key, root_ocsp_private_key = asymmetric.generate_pair( 'rsa', bit_size=2048) with open(os.path.join(fixtures_dir, 'test-ocsp.key'), 'wb') as f: f.write( asymmetric.dump_private_key(root_ocsp_private_key, 'password', target_ms=20)) builder = CertificateBuilder( { 'country_name': 'US', 'state_or_province_name': 'Massachusetts', 'locality_name': 'Newbury', 'organization_name': 'Codex Non Sufficit LC', 'organization_unit_name': 'Testing', 'common_name': 'CodexNS OCSP Responder', }, root_ocsp_public_key) builder.extended_key_usage = set(['ocsp_signing']) builder.issuer = root_ca_certificate root_ocsp_certificate = builder.build(root_ca_private_key)