def encode_private_key( key: ec.EllipticCurvePrivateKeyWithSerialization) -> bytes: return key.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.TraditionalOpenSSL, encryption_algorithm=serialization.NoEncryption(), )
def get_private_key_bytes( private_key: ec.EllipticCurvePrivateKeyWithSerialization, encoding: Encoding = Encoding.DER, format: PrivateFormat = PrivateFormat.PKCS8, encryption_algorithm: KeySerializationEncryption = NoEncryption() ) -> bytes: """ Returns the bytes from a cryptography ec.EllipticCurvePrivateKey """ return private_key.private_bytes(encoding=encoding, format=format, encryption_algorithm=encryption_algorithm)
def get_node_tls_cert_pem( key: ec.EllipticCurvePrivateKeyWithSerialization) -> str: b = x509.CertificateBuilder() b = b.serial_number(x509.random_serial_number()) b = b.public_key(key.public_key()) node_id_raw = get_node_id_raw(key) cn = get_node_tls_cn(node_id_raw) x509_name = x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, cn)]) b = b.subject_name(x509_name) b = b.issuer_name(x509_name) now = datetime.now() b = b.not_valid_before(now - timedelta(days=1)) b = b.not_valid_after(now + timedelta(days=365 * 10)) cert = b.sign(private_key=key, algorithm=hashes.SHA256(), backend=default_backend()) cert_pem = cert.public_bytes(encoding=serialization.Encoding.PEM) return cert_pem.decode('ascii')
def generate_certificate(key: EllipticCurvePrivateKeyWithSerialization): hostname = 'localhost' subject = issuer = x509.Name( [x509.NameAttribute(x509.NameOID.COMMON_NAME, hostname)]) cert: Certificate = x509.CertificateBuilder().subject_name( subject).issuer_name(issuer).public_key( key.public_key()).serial_number( x509.random_serial_number()).not_valid_before( utcnow() - datetime.timedelta(seconds=60)).not_valid_after( utcnow() + datetime.timedelta(days=1)).add_extension( x509.BasicConstraints(ca=True, path_length=None), critical=True).add_extension( x509.KeyUsage( digital_signature=True, content_commitment=False, key_encipherment=True, data_encipherment=False, key_agreement=True, key_cert_sign=True, crl_sign=False, encipher_only=False, decipher_only=False, ), critical=True, ).add_extension(x509.ExtendedKeyUsage([ x509.ExtendedKeyUsageOID.SERVER_AUTH, x509.ExtendedKeyUsageOID.CLIENT_AUTH, ]), critical=False).add_extension( x509.SubjectAlternativeName([ x509.DNSName(hostname), ]), critical=False).sign( key, hashes.SHA256(), default_backend()) return cert
def encode_key(key: ec.EllipticCurvePrivateKeyWithSerialization) -> str: """ Returns the key as a PEM formatted string """ return key.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.PKCS8, encryption_algorithm=serialization.NoEncryption()).decode("ascii")
def get_node_id_raw(key: ec.EllipticCurvePrivateKeyWithSerialization) -> bytes: W = key.public_key().public_numbers() pk_bytes = W.x.to_bytes(32, 'big') + W.y.to_bytes(32, 'big') return keccak(pk_bytes)[12:]
def get_node_tls_key_pem( key: ec.EllipticCurvePrivateKeyWithSerialization) -> str: b = key.private_bytes(encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.PKCS8, encryption_algorithm=serialization.NoEncryption()) return b.decode('ascii')
def serialize_key(key: EllipticCurvePrivateKeyWithSerialization) -> str: return key.private_bytes(Encoding.PEM, PrivateFormat.TraditionalOpenSSL, NoEncryption()).decode("utf-8")