Python OpenSSL.crypto.dump_privatekey() Examples
The following are 30
code examples of OpenSSL.crypto.dump_privatekey().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
OpenSSL.crypto
, or try the search function
.
.
Example #1
| Source File: ssl.py From Exchange2domain with MIT License | 6 votes |
|
def generateImpacketCert(certname='/tmp/impacket.crt'):
# Create a private key
pkey = crypto.PKey()
pkey.generate_key(crypto.TYPE_RSA, 2048)
# Create the certificate
cert = crypto.X509()
cert.gmtime_adj_notBefore(0)
# Valid for 5 years
cert.gmtime_adj_notAfter(60*60*24*365*5)
subj = cert.get_subject()
subj.CN = 'impacket'
cert.set_pubkey(pkey)
cert.sign(pkey, "sha256")
# We write both from the same file
with open(certname, 'w') as certfile:
certfile.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey).decode('utf-8'))
certfile.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert).decode('utf-8'))
LOG.debug('Wrote certificate to %s' % certname)
# Class to wrap the client socket in SSL when serving as a SOCKS server
Example #2
| Source File: serving.py From Building-Recommendation-Systems-with-Python with MIT License | 6 votes |
|
def generate_adhoc_ssl_context():
"""Generates an adhoc SSL context for the development server."""
crypto = _get_openssl_crypto_module()
import tempfile
import atexit
cert, pkey = generate_adhoc_ssl_pair()
cert_handle, cert_file = tempfile.mkstemp()
pkey_handle, pkey_file = tempfile.mkstemp()
atexit.register(os.remove, pkey_file)
atexit.register(os.remove, cert_file)
os.write(cert_handle, crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
os.write(pkey_handle, crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey))
os.close(cert_handle)
os.close(pkey_handle)
ctx = load_ssl_context(cert_file, pkey_file)
return ctx
Example #3
| Source File: turnserver.py From aioice with BSD 3-Clause "New" or "Revised" License | 6 votes |
|
def create_self_signed_cert(name="localhost"):
from OpenSSL import crypto
# create key pair
key = crypto.PKey()
key.generate_key(crypto.TYPE_RSA, 2048)
# create self-signed certificate
cert = crypto.X509()
cert.get_subject().CN = name
cert.set_serial_number(1000)
cert.gmtime_adj_notBefore(0)
cert.gmtime_adj_notAfter(10 * 365 * 86400)
cert.set_issuer(cert.get_subject())
cert.set_pubkey(key)
cert.sign(key, "sha1")
with open(CERT_FILE, "wb") as fp:
fp.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
with open(KEY_FILE, "wb") as fp:
fp.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, key))
Example #4
| Source File: test_crypto.py From oss-ftp with MIT License | 6 votes |
|
def test_dump_privatekey_passphraseCallback(self):
"""
:py:obj:`dump_privatekey` writes an encrypted PEM when given a callback which
returns the correct passphrase.
"""
passphrase = b("foo")
called = []
def cb(writing):
called.append(writing)
return passphrase
key = load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM)
pem = dump_privatekey(FILETYPE_PEM, key, GOOD_CIPHER, cb)
self.assertTrue(isinstance(pem, binary_type))
self.assertEqual(called, [True])
loadedKey = load_privatekey(FILETYPE_PEM, pem, passphrase)
self.assertTrue(isinstance(loadedKey, PKeyType))
self.assertEqual(loadedKey.type(), key.type())
self.assertEqual(loadedKey.bits(), key.bits())
Example #5
| Source File: serving.py From scylla with Apache License 2.0 | 6 votes |
|
def generate_adhoc_ssl_context():
"""Generates an adhoc SSL context for the development server."""
crypto = _get_openssl_crypto_module()
import tempfile
import atexit
cert, pkey = generate_adhoc_ssl_pair()
cert_handle, cert_file = tempfile.mkstemp()
pkey_handle, pkey_file = tempfile.mkstemp()
atexit.register(os.remove, pkey_file)
atexit.register(os.remove, cert_file)
os.write(cert_handle, crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
os.write(pkey_handle, crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey))
os.close(cert_handle)
os.close(pkey_handle)
ctx = load_ssl_context(cert_file, pkey_file)
return ctx
Example #6
| Source File: publickey.py From chepy with GNU General Public License v3.0 | 6 votes |
|
def dump_pkcs12_cert(self, password: str):
"""Get the private key and cert from pkcs12 cert
Args:
password (str): Password for certificate
Returns:
Chepy: The Chepy object.
"""
if isinstance(password, str):
password = password.encode()
pk12 = _pyssl_crypto.load_pkcs12(self._convert_to_bytes(), password)
self.state = {
"private": _pyssl_crypto.dump_privatekey(
_pyssl_crypto.FILETYPE_PEM, pk12.get_privatekey()
),
"cert": _pyssl_crypto.dump_certificate(
_pyssl_crypto.FILETYPE_PEM, pk12.get_certificate()
),
}
return self
Example #7
| Source File: serving.py From Financial-Portfolio-Flask with MIT License | 6 votes |
|
def generate_adhoc_ssl_context():
"""Generates an adhoc SSL context for the development server."""
crypto = _get_openssl_crypto_module()
import tempfile
import atexit
cert, pkey = generate_adhoc_ssl_pair()
cert_handle, cert_file = tempfile.mkstemp()
pkey_handle, pkey_file = tempfile.mkstemp()
atexit.register(os.remove, pkey_file)
atexit.register(os.remove, cert_file)
os.write(cert_handle, crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
os.write(pkey_handle, crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey))
os.close(cert_handle)
os.close(pkey_handle)
ctx = load_ssl_context(cert_file, pkey_file)
return ctx
Example #8
| Source File: serving.py From Building-Recommendation-Systems-with-Python with MIT License | 6 votes |
|
def generate_adhoc_ssl_context():
"""Generates an adhoc SSL context for the development server."""
crypto = _get_openssl_crypto_module()
import tempfile
import atexit
cert, pkey = generate_adhoc_ssl_pair()
cert_handle, cert_file = tempfile.mkstemp()
pkey_handle, pkey_file = tempfile.mkstemp()
atexit.register(os.remove, pkey_file)
atexit.register(os.remove, cert_file)
os.write(cert_handle, crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
os.write(pkey_handle, crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey))
os.close(cert_handle)
os.close(pkey_handle)
ctx = load_ssl_context(cert_file, pkey_file)
return ctx
Example #9
| Source File: createPemFiles.py From devopsloft with GNU General Public License v3.0 | 6 votes |
|
def SelfSignedCertificate():
# create a key pair
k = crypto.PKey()
k.generate_key(crypto.TYPE_RSA, 1024)
# create a self-signed cert
cert = crypto.X509()
cert.get_subject().C = "IL"
cert.get_subject().ST = "Jerusalem"
cert.get_subject().L = "Jerusalem"
cert.get_subject().OU = "DevOps Loft"
cert.get_subject().CN = gethostname()
cert.set_serial_number(1000)
cert.gmtime_adj_notBefore(0)
cert.gmtime_adj_notAfter(10*365*24*60*60)
cert.set_issuer(cert.get_subject())
cert.set_pubkey(k)
cert.sign(k, 'sha1')
with open(CERT_FILE, "wb") as cert_f:
cert_f.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
with open(KEY_FILE, "wb") as key_f:
key_f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, k))
Example #10
| Source File: serving.py From Flask-P2P with MIT License | 6 votes |
|
def generate_adhoc_ssl_context():
"""Generates an adhoc SSL context for the development server."""
crypto = _get_openssl_crypto_module()
import tempfile
import atexit
cert, pkey = generate_adhoc_ssl_pair()
cert_handle, cert_file = tempfile.mkstemp()
pkey_handle, pkey_file = tempfile.mkstemp()
atexit.register(os.remove, pkey_file)
atexit.register(os.remove, cert_file)
os.write(cert_handle, crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
os.write(pkey_handle, crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey))
os.close(cert_handle)
os.close(pkey_handle)
ctx = load_ssl_context(cert_file, pkey_file)
return ctx
Example #11
| Source File: server.py From Loki with MIT License | 6 votes |
|
def gen_cert(self):
key_pair = crypto.PKey()
key_pair.generate_key(crypto.TYPE_RSA, 2048)
cert = crypto.X509()
cert.get_subject().O = 'Loki'
cert.get_subject().CN = 'Sami'
cert.get_subject().OU = 'Pure-L0G1C'
cert.get_subject().C = 'US'
cert.get_subject().L = 'Los Santos'
cert.get_subject().ST = 'California'
cert.set_serial_number(SystemRandom().randint(2048 ** 8, 4096 ** 8))
cert.gmtime_adj_notBefore(0)
cert.gmtime_adj_notAfter(256 * 409600)
cert.set_issuer(cert.get_subject())
cert.set_pubkey(key_pair)
cert.sign(key_pair, 'sha256')
with open(const.CERT_FILE, 'wb') as f:
f.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
with open(const.KEY_FILE, 'wb') as f:
f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, key_pair))
Example #12
| Source File: serving.py From planespotter with MIT License | 6 votes |
|
def generate_adhoc_ssl_context():
"""Generates an adhoc SSL context for the development server."""
crypto = _get_openssl_crypto_module()
import tempfile
import atexit
cert, pkey = generate_adhoc_ssl_pair()
cert_handle, cert_file = tempfile.mkstemp()
pkey_handle, pkey_file = tempfile.mkstemp()
atexit.register(os.remove, pkey_file)
atexit.register(os.remove, cert_file)
os.write(cert_handle, crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
os.write(pkey_handle, crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey))
os.close(cert_handle)
os.close(pkey_handle)
ctx = load_ssl_context(cert_file, pkey_file)
return ctx
Example #13
| Source File: authentication.py From deskcon-desktop with GNU General Public License v3.0 | 6 votes |
|
def generate_keypair(uuid):
hostname = socket.gethostname()
# create a key pair
keypair = crypto.PKey()
keypair.generate_key(crypto.TYPE_RSA, 2048)
# create a self-signed cert
cert = crypto.X509()
cert.set_version(2)
cert.get_subject().CN = str(uuid)+"/"+hostname
cert.get_issuer().CN = str(uuid)+"/"+hostname
cert.set_serial_number(1000)
cert.gmtime_adj_notBefore(0)
cert.gmtime_adj_notAfter(10*365*24*60*60)
cert.set_pubkey(keypair)
cert.sign(keypair, 'sha256')
certificate = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
privatekey = crypto.dump_privatekey(crypto.FILETYPE_PEM, keypair)
return certificate, privatekey
Example #14
| Source File: test_ca.py From flocker with Apache License 2.0 | 6 votes |
|
def test_certificate_matches_private_key(self):
"""
A certificate matches the private key it is meant to
be paired with.
"""
path = FilePath(self.mktemp())
path.makedirs()
ca = RootCredential.initialize(path, b"mycluster")
priv = ca.credential.keypair.keypair.original
pub = ca.credential.certificate.getPublicKey().original
pub_asn1 = crypto.dump_privatekey(crypto.FILETYPE_ASN1, pub)
priv_asn1 = crypto.dump_privatekey(crypto.FILETYPE_ASN1, priv)
pub_der = asn1.DerSequence()
pub_der.decode(pub_asn1)
priv_der = asn1.DerSequence()
priv_der.decode(priv_asn1)
pub_modulus = pub_der[1]
priv_modulus = priv_der[1]
self.assertEqual(pub_modulus, priv_modulus)
Example #15
| Source File: _mtls_helper.py From google-auth-library-python with Apache License 2.0 | 5 votes |
|
def decrypt_private_key(key, passphrase):
"""A helper function to decrypt the private key with the given passphrase.
google-auth library doesn't support passphrase protected private key for
mutual TLS channel. This helper function can be used to decrypt the
passphrase protected private key in order to estalish mutual TLS channel.
For example, if you have a function which produces client cert, passphrase
protected private key and passphrase, you can convert it to a client cert
callback function accepted by google-auth::
from google.auth.transport import _mtls_helper
def your_client_cert_function():
return cert, encrypted_key, passphrase
# callback accepted by google-auth for mutual TLS channel.
def client_cert_callback():
cert, encrypted_key, passphrase = your_client_cert_function()
decrypted_key = _mtls_helper.decrypt_private_key(encrypted_key,
passphrase)
return cert, decrypted_key
Args:
key (bytes): The private key bytes in PEM format.
passphrase (bytes): The passphrase bytes.
Returns:
bytes: The decrypted private key in PEM format.
Raises:
ImportError: If pyOpenSSL is not installed.
OpenSSL.crypto.Error: If there is any problem decrypting the private key.
"""
from OpenSSL import crypto
# First convert encrypted_key_bytes to PKey object
pkey = crypto.load_privatekey(crypto.FILETYPE_PEM, key, passphrase=passphrase)
# Then dump the decrypted key bytes
return crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey)
Example #16
| Source File: test_ssl_util.py From quay with Apache License 2.0 | 5 votes |
|
def generate_test_cert(hostname="somehostname", san_list=None, expires=1000000):
"""
Generates a test SSL certificate and returns the certificate data and private key data.
"""
# Based on: http://blog.richardknop.com/2012/08/create-a-self-signed-x509-certificate-in-python/
# Create a key pair.
k = crypto.PKey()
k.generate_key(crypto.TYPE_RSA, 1024)
# Create a self-signed cert.
cert = crypto.X509()
cert.get_subject().CN = hostname
# Add the subjectAltNames (if necessary).
if san_list is not None:
cert.add_extensions([crypto.X509Extension(b"subjectAltName", False, b", ".join(san_list))])
cert.set_serial_number(1000)
cert.gmtime_adj_notBefore(0)
cert.gmtime_adj_notAfter(expires)
cert.set_issuer(cert.get_subject())
cert.set_pubkey(k)
cert.sign(k, "sha1")
# Dump the certificate and private key in PEM format.
cert_data = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
key_data = crypto.dump_privatekey(crypto.FILETYPE_PEM, k)
return (cert_data, key_data)
Example #17
| Source File: serving.py From planespotter with MIT License | 5 votes |
|
def make_ssl_devcert(base_path, host=None, cn=None):
"""Creates an SSL key for development. This should be used instead of
the ``'adhoc'`` key which generates a new cert on each server start.
It accepts a path for where it should store the key and cert and
either a host or CN. If a host is given it will use the CN
``*.host/CN=host``.
For more information see :func:`run_simple`.
.. versionadded:: 0.9
:param base_path: the path to the certificate and key. The extension
``.crt`` is added for the certificate, ``.key`` is
added for the key.
:param host: the name of the host. This can be used as an alternative
for the `cn`.
:param cn: the `CN` to use.
"""
from OpenSSL import crypto
if host is not None:
cn = '*.%s/CN=%s' % (host, host)
cert, pkey = generate_adhoc_ssl_pair(cn=cn)
cert_file = base_path + '.crt'
pkey_file = base_path + '.key'
with open(cert_file, 'wb') as f:
f.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
with open(pkey_file, 'wb') as f:
f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey))
return cert_file, pkey_file
Example #18
| Source File: serving.py From Building-Recommendation-Systems-with-Python with MIT License | 5 votes |
|
def make_ssl_devcert(base_path, host=None, cn=None):
"""Creates an SSL key for development. This should be used instead of
the ``'adhoc'`` key which generates a new cert on each server start.
It accepts a path for where it should store the key and cert and
either a host or CN. If a host is given it will use the CN
``*.host/CN=host``.
For more information see :func:`run_simple`.
.. versionadded:: 0.9
:param base_path: the path to the certificate and key. The extension
``.crt`` is added for the certificate, ``.key`` is
added for the key.
:param host: the name of the host. This can be used as an alternative
for the `cn`.
:param cn: the `CN` to use.
"""
from OpenSSL import crypto
if host is not None:
cn = "*.%s/CN=%s" % (host, host)
cert, pkey = generate_adhoc_ssl_pair(cn=cn)
cert_file = base_path + ".crt"
pkey_file = base_path + ".key"
with open(cert_file, "wb") as f:
f.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
with open(pkey_file, "wb") as f:
f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey))
return cert_file, pkey_file
Example #19
| Source File: _openssl_crypt.py From alfred-gmail with MIT License | 5 votes |
|
def pkcs12_key_as_pem(private_key_bytes, private_key_password):
"""Convert the contents of a PKCS#12 key to PEM using pyOpenSSL.
Args:
private_key_bytes: Bytes. PKCS#12 key in DER format.
private_key_password: String. Password for PKCS#12 key.
Returns:
String. PEM contents of ``private_key_bytes``.
"""
private_key_password = _helpers._to_bytes(private_key_password)
pkcs12 = crypto.load_pkcs12(private_key_bytes, private_key_password)
return crypto.dump_privatekey(crypto.FILETYPE_PEM,
pkcs12.get_privatekey())
Example #20
| Source File: __init__.py From python-symphony with Apache License 2.0 | 5 votes |
|
def p12parse(self):
''' parse p12 cert and get the cert / priv key for requests module '''
# open it, using password. Supply/read your own from stdin.
p12 = crypto.load_pkcs12(open(self.p12, 'rb').read(), self.pwd)
# grab the certs / keys
p12cert = p12.get_certificate() # (signed) certificate object
p12private = p12.get_privatekey() # private key.
# dump private key and cert
symphony_key = crypto.dump_privatekey(crypto.FILETYPE_PEM, p12private)
symphony_crt = crypto.dump_certificate(crypto.FILETYPE_PEM, p12cert)
# write tmpfiles
crtpath = self.write_tmpfile(symphony_crt)
keypath = self.write_tmpfile(symphony_key)
# return cert and privkey
return crtpath, keypath
Example #21
| Source File: _openssl_crypt.py From luci-py with Apache License 2.0 | 5 votes |
|
def pkcs12_key_as_pem(private_key_bytes, private_key_password):
"""Convert the contents of a PKCS#12 key to PEM using pyOpenSSL.
Args:
private_key_bytes: Bytes. PKCS#12 key in DER format.
private_key_password: String. Password for PKCS#12 key.
Returns:
String. PEM contents of ``private_key_bytes``.
"""
private_key_password = _to_bytes(private_key_password)
pkcs12 = crypto.load_pkcs12(private_key_bytes, private_key_password)
return crypto.dump_privatekey(crypto.FILETYPE_PEM,
pkcs12.get_privatekey())
Example #22
| Source File: serving.py From Building-Recommendation-Systems-with-Python with MIT License | 5 votes |
|
def make_ssl_devcert(base_path, host=None, cn=None):
"""Creates an SSL key for development. This should be used instead of
the ``'adhoc'`` key which generates a new cert on each server start.
It accepts a path for where it should store the key and cert and
either a host or CN. If a host is given it will use the CN
``*.host/CN=host``.
For more information see :func:`run_simple`.
.. versionadded:: 0.9
:param base_path: the path to the certificate and key. The extension
``.crt`` is added for the certificate, ``.key`` is
added for the key.
:param host: the name of the host. This can be used as an alternative
for the `cn`.
:param cn: the `CN` to use.
"""
from OpenSSL import crypto
if host is not None:
cn = "*.%s/CN=%s" % (host, host)
cert, pkey = generate_adhoc_ssl_pair(cn=cn)
cert_file = base_path + ".crt"
pkey_file = base_path + ".key"
with open(cert_file, "wb") as f:
f.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
with open(pkey_file, "wb") as f:
f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey))
return cert_file, pkey_file
Example #23
| Source File: _openssl_crypt.py From aqua-monitor with GNU Lesser General Public License v3.0 | 5 votes |
|
def pkcs12_key_as_pem(private_key_bytes, private_key_password):
"""Convert the contents of a PKCS#12 key to PEM using pyOpenSSL.
Args:
private_key_bytes: Bytes. PKCS#12 key in DER format.
private_key_password: String. Password for PKCS#12 key.
Returns:
String. PEM contents of ``private_key_bytes``.
"""
private_key_password = _to_bytes(private_key_password)
pkcs12 = crypto.load_pkcs12(private_key_bytes, private_key_password)
return crypto.dump_privatekey(crypto.FILETYPE_PEM,
pkcs12.get_privatekey())
Example #24
| Source File: test_ssl.py From learn_python3_spider with MIT License | 5 votes |
|
def generateCertificateFiles(basename, organization, organizationalUnit):
"""
Create certificate files key, req and cert prefixed by C{basename} for
given C{organization} and C{organizationalUnit}.
"""
pkey, req, cert = generateCertificateObjects(organization, organizationalUnit)
for ext, obj, dumpFunc in [
('key', pkey, crypto.dump_privatekey),
('req', req, crypto.dump_certificate_request),
('cert', cert, crypto.dump_certificate)]:
fName = os.extsep.join((basename, ext)).encode("utf-8")
FilePath(fName).setContent(dumpFunc(crypto.FILETYPE_PEM, obj))
Example #25
| Source File: ssl.py From NintendoClients with MIT License | 5 votes |
|
def encode(self, format): return crypto.dump_privatekey(TypeMap[format], self.obj)
Example #26
| Source File: certs.py From pycopia with Apache License 2.0 | 5 votes |
|
def get_pem(self):
return crypto.dump_privatekey(crypto.FILETYPE_PEM, self._key)
Example #27
| Source File: certs.py From pycopia with Apache License 2.0 | 5 votes |
|
def emit(self, fo, filetype="pem"):
if self.__passphrase is not None:
text = self.encrypt(self.__passphrase)
else:
text = crypto.dump_privatekey(crypto.FILETYPE_PEM, self._key)
fo.write(text)
Example #28
| Source File: certs.py From pycopia with Apache License 2.0 | 5 votes |
|
def encrypt(self, passphrase):
self._key.check()
text = crypto.dump_privatekey(crypto.FILETYPE_PEM, self._key,
'aes-256-cbc', passphrase)
return text
Example #29
| Source File: acm_pca.py From cfn-generic-custom-resource with MIT License | 5 votes |
|
def dump_private_key(self, private_key):
return crypto.dump_privatekey(
crypto.FILETYPE_PEM,
private_key
)
Example #30
| Source File: acm_pca.py From cfn-generic-custom-resource with MIT License | 5 votes |
|
def dump_private_key(self, private_key):
return crypto.dump_privatekey(
crypto.FILETYPE_PEM,
private_key
)
