I’m using the cryptography module (https://cryptography.io/en/latest/) to try
and generate some cert/key/identities.
It's pretty easy using said module to generate the contents of .pem file for a
private key:
keyPEMBytes = privateKey.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=serialization.NoEncryption())
It’s also easy to generate the contents of a .cer/.pem file for an associated
cert:
certBytes = certificate.public_bytes(encoding=serialization.Encoding.PEM)
But I need them (and their chain) balled up on a single .p12 (PKCS12) file.
Said module documents how to parse/consume PKCS12 formats, but nothing (that I
can find) about how one can generate them.
My understanding of PKI stuff is hit and miss though, so maybe I'm just not
searching the right keyword in the documentation?
I can create the .p12 file at the command line on Linux using
openssl pkcs12 -export -out myIdentity.p12 -inkey myPrivKey.pem -in
myCert.crt -certfile myCertChain.crt
So I could just wrap calls like this with subprocess/cmd and mess with
tempfiles/pipes. I was hoping to keep it all in memory/python though.
Is there a different python TLS library that I should be considering, that can
do this?
(stack overflow version if you’re into the points and all that:
https://stackoverflow.com/questions/54677841/how-do-can-i-generate-a-pkcs12-file-using-python-and-the-cryptography-module)
--
https://mail.python.org/mailman/listinfo/python-list
