Re: Searching for a usable X509 implementation
On 05.07.2015 07:33, Laura Creighton wrote: > For an RSA key in PEM format you can do: > from OpenSSL.crypto import _new_mem_buf, _lib, _bio_to_string > > def dump_rsa_public_key(pkey): > bio = _new_mem_buf() > result = _lib.PEM_write_bio_RSAPublicKey(bio, > _lib.EVP_PKEY_get1_RSA(pkey._ > pkey)) > # if result == 0: ERROR! Figure out what you want to do here ... > return _bio_to_string(bio) Oh, hacky :-) > The original version of PyOpenSSL was written by Martin Sjögren, when > he was working for me, and we had no need for such a thing at the time, > since we just saved full certificates. You are right that it is very > odd that nobody else has needed them since then, and this probably > should be added to PyOpenSSL. Sadly my impression is that pyOpenSSL development is slow at best. I've had an issue with it a while back and was missing some feature which someone else had already suggested. It kindof was some back and forth in their bugtracker and then all discussion died. IIRC (and my memory may be wrong) it was about the ability to check signatures of one certificate against a well-defined truststore (especially against only one to identify parent certificates by crypto). I was frustrated back then about the indecisiveness and wrote my own wrapper around the functions I needed and was done with it. Best regards, Johannes -- >> Wo hattest Du das Beben nochmal GENAU vorhergesagt? > Zumindest nicht öffentlich! Ah, der neueste und bis heute genialste Streich unsere großen Kosmologen: Die Geheim-Vorhersage. - Karl Kaos über Rüdiger Thomas in dsa -- https://mail.python.org/mailman/listinfo/python-list
Re: Searching for a usable X509 implementation
In a message of Sun, 05 Jul 2015 02:27:22 +0200, Laura Creighton writes: >In a message of Fri, 03 Jul 2015 17:11:10 -0700, Dennis Jacobfeuerborn writes: >>Hi, >>I'm trying to implement certificate functionality in a python app but after >>fighting with pyOpenSSL and M2Crypto I'm thinking about writing wrapper >>functions for the OpenSSL command line tool instead or switching the app to >>another language all together. >> >>Apparently PyOpenSSL has no way to save a public key to a file which is >>baffling. M2Crypto has that ability but apparently no usable way to verify a >>certificate? > >PyOpenSSL does, you must have missed it when looking. >You are looking for OpenSSL.crypto.dump_certificate(type, cert) >Dump the certificate cert into a buffer string encoded with the type type. > >Laura Excuse me. I misunderstood your mail. You only want to save the public key, and not a certificate or a certificate request. I don't see a way to do this in PEM or ASN.1 format. For an RSA key in PEM format you can do: from OpenSSL.crypto import _new_mem_buf, _lib, _bio_to_string def dump_rsa_public_key(pkey): bio = _new_mem_buf() result = _lib.PEM_write_bio_RSAPublicKey(bio, _lib.EVP_PKEY_get1_RSA(pkey._ pkey)) # if result == 0: ERROR! Figure out what you want to do here ... return _bio_to_string(bio) There are similar things for other formats and DSA keys. The original version of PyOpenSSL was written by Martin Sjögren, when he was working for me, and we had no need for such a thing at the time, since we just saved full certificates. You are right that it is very odd that nobody else has needed them since then, and this probably should be added to PyOpenSSL. Laura -- https://mail.python.org/mailman/listinfo/python-list
Re: Searching for a usable X509 implementation
In a message of Fri, 03 Jul 2015 17:11:10 -0700, Dennis Jacobfeuerborn writes: >Hi, >I'm trying to implement certificate functionality in a python app but after >fighting with pyOpenSSL and M2Crypto I'm thinking about writing wrapper >functions for the OpenSSL command line tool instead or switching the app to >another language all together. > >Apparently PyOpenSSL has no way to save a public key to a file which is >baffling. M2Crypto has that ability but apparently no usable way to verify a >certificate? PyOpenSSL does, you must have missed it when looking. You are looking for OpenSSL.crypto.dump_certificate(type, cert) Dump the certificate cert into a buffer string encoded with the type type. Laura -- https://mail.python.org/mailman/listinfo/python-list
Re: Searching for a usable X509 implementation
Hi Dennis, On 07/03/2015 06:11 PM, Dennis Jacobfeuerborn wrote: > Hi, I'm trying to implement certificate functionality in a python app > but after fighting with pyOpenSSL and M2Crypto I'm thinking about > writing wrapper functions for the OpenSSL command line tool instead > or switching the app to another language all together. My X.509 needs have never been more than basic, but PyOpenSSL has always had what I need. > Apparently PyOpenSSL has no way to save a public key to a file which > is baffling. M2Crypto has that ability but apparently no usable way > to verify a certificate? Is dump_certificate what you need? See https://pyopenssl.readthedocs.org/en/latest/api/crypto.html#OpenSSL.crypto.dump_certificate or this example for detailed usage: https://github.com/msabramo/pyOpenSSL/blob/master/examples/mk_simple_certs.py > Is there really no usable module out there to enable straightforward > certificate handling? I'm not aware of anything better than PyOpenSSL. Carl signature.asc Description: OpenPGP digital signature -- https://mail.python.org/mailman/listinfo/python-list
