def exportPrivKey(privkey, passwd=None):
""" 获取导出加密key
# sudo openssl pkcs8 -in key.pem -topk8 -v2 des3 -passout 123456 -out enckey.pem
# 1. 将私钥转换成pkcs8文件
a. 带密码
sudo openssl pkcs8 -in key.pem -topk8 -v2 des3 -inform PEM -passout pass:123456 -out enckey1.pem
b. 无密码
sudo openssl pkcs8 -in key.pem -topk8 -v2 des3 -inform PEM -nocrypt -out enckey2.pem
"""
# 校验是不是正确的key
try:
EVP.load_key_string(privkey)
except EVP.EVPError as e:
raise EVP.EVPError(e)
except Exception as e:
raise Exception(e)
uuidstr = str(uuid.uuid1())
privkeypath = "/tmp/private-key-{}.pem".format(uuidstr)
enckeypath = "/tmp/encrypted-key-{}.pem".format(uuidstr)
with open(privkeypath, 'wb') as f:
f.write(privkey)
if passwd:
cmd = "sudo openssl pkcs8 -in {} -topk8 -v2 des3 -inform PEM -passout pass:{} -out {}".format(
privkeypath, passwd, enckeypath)
else:
cmd = "sudo openssl pkcs8 -in {} -topk8 -v2 des3 -inform PEM -nocrypt -out {}".format(
privkeypath, enckeypath)
p = subprocess.Popen(cmd, shell=True)
p.wait()
if p.returncode == 0:
with open(enckeypath, 'r') as f:
enckey = f.read()
os.unlink(privkeypath)
os.unlink(enckeypath)
return enckey
raise Exception("Error read key")
