Reputation: 39

python create signature X509

I would like to know how can I create a signature X509 using python.

I can not find any good example explaining about how such signature can be generated using python.

The goal is to have something like:

Thanks...

Upvotes: 2

Answers (2)

hpr

Reputation: 164

The previous answer calls an OS command and thus, it is not platform independent. That code won't work on Windows, for example.

A 100% python solution could be done using the cryptography module

https://cryptography.io/en/latest/

from cryptography import x509
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.x509.oid import NameOID
import datetime
one_day = datetime.timedelta(1, 0, 0)
private_key = rsa.generate_private_key(
    public_exponent=65537,
    key_size=2048,
)
public_key = private_key.public_key()
builder = x509.CertificateBuilder()
builder = builder.subject_name(x509.Name([
    x509.NameAttribute(NameOID.COMMON_NAME, u'test'),
]))
builder = builder.issuer_name(x509.Name([
    x509.NameAttribute(NameOID.COMMON_NAME, u'test'),
]))
builder = builder.not_valid_before(datetime.datetime.today() - one_day)
builder = builder.not_valid_after(datetime.datetime.today() + (one_day * 30))
builder = builder.serial_number(x509.random_serial_number())
builder = builder.public_key(public_key)
builder = builder.add_extension(
    x509.BasicConstraints(ca=False, path_length=None), critical=True,
)
certificate = builder.sign(
    private_key=private_key, algorithm=hashes.SHA256(),
)

Upvotes: 0

Anurag Uniyal

Reputation: 88717

Here is the simplest way

>>> cmd = "openssl req   -x509 -nodes -days 365   -subj '/C=US/ST=Oregon/L=Portland/CN=www.madboa.com'   -newkey rsa:1024 -keyout mycert.pem"
>>> from subprocess import Popen, PIPE
>>> proc = Popen(cmd, stdout=PIPE, stderr=PIPE, shell=True)
>>> print proc.stdout.read()
-----BEGIN CERTIFICATE-----
MIICvzCCAiigAwIBAgIJAO9AofW3r93ZMA0GCSqGSIb3DQEBBQUAMEoxCzAJBgNV
BAYTAlVTMQ8wDQYDVQQIEwZPcmVnb24xETAPBgNVBAcTCFBvcnRsYW5kMRcwFQYD
VQQDEw53d3cubWFkYm9hLmNvbTAeFw0xMTA2MTQyMjE3MzZaFw0xMjA2MTMyMjE3
MzZaMEoxCzAJBgNVBAYTAlVTMQ8wDQYDVQQIEwZPcmVnb24xETAPBgNVBAcTCFBv
cnRsYW5kMRcwFQYDVQQDEw53d3cubWFkYm9hLmNvbTCBnzANBgkqhkiG9w0BAQEF
AAOBjQAwgYkCgYEAk/omGua0jgvVAOvYfRS6Se/5O9opDolw3FguU0+iqz+NViaq
NbcxzuYmWwvy6rS3+MYrvMYY8ii6aAE7QuLryK70JZjDQZZr18HvtZ5Fsso0Y4py
LINVDr2242wBlPm8V+PTsV9uxmeJDuITlzlrX2pdyVPbbJjHjkYOSSx5EhUCAwEA
AaOBrDCBqTAdBgNVHQ4EFgQUQcvE5FPtuZdgsNzY83uC+l4ENZQwegYDVR0jBHMw
cYAUQcvE5FPtuZdgsNzY83uC+l4ENZShTqRMMEoxCzAJBgNVBAYTAlVTMQ8wDQYD
VQQIEwZPcmVnb24xETAPBgNVBAcTCFBvcnRsYW5kMRcwFQYDVQQDEw53d3cubWFk
Ym9hLmNvbYIJAO9AofW3r93ZMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
gYEAMAUvDANYFvHzBMbHG0zmwy0VrifbuK3hp4bhkhIBonttxWrn0TmSFNmiCt5W
UetGj1+NKGBiA3zKRzyW9o05l4rqiwyfNXikrLS1xiFpQ2mHtWWv9T6t0p/CM3Od
UVuH3+QoW0VLLgtoH46nb5VImuryB1NovZo8mjJ0H7b/6WE=
-----END CERTIFICATE-----

So similarly use 'openssl x509' with correct command line options for you and read it in python, else you can try to have a look at PyCrypto and Google Keyczar

Upvotes: 3

python create signature X509

Answers (2)

Related Questions