pyOpenSSL creating a pem file

匿名 (未验证) 提交于 2019-12-03 08:52:47

问题:

I've created a key pair using the following code in python with pyOpenSSL:

from OpenSSL import crypto k = crypto.PKey() k.generate_key(crypto.TYPE_RSA, 2048) 
  1. Now how can I create the private and public key .pem files from the key object?
  2. If there is any tutorial available please let me know. I found none. From the manual, it's difficult to know as I'm new to OpenSSL.
  3. What are the chances that the same code will create two same key pairs is there is no specific unique key is being used in RSA?

回答1:

I hope this will help people in the future, because I had this same need and couldn't find an answer so I did it myself. Thought I would share it with you.

1. Creating a PEM file

bio_pub = _new_mem_buf()  # Memory buffers to write to bio_priv = _new_mem_buf()  helper = OpenSSL.crypto._PassphraseHelper(OpenSSL.crypto.FILETYPE_PEM, None)  pk = OpenSSL.crypto.PKey() pk.generate_key(OpenSSL.crypto.TYPE_RSA, n)  # Convert from EVP_PKEY type to RSA type rsa_pkey = _lib.EVP_PKEY_get1_RSA(pk._pkey)   result_code = _lib.PEM_write_bio_RSAPublicKey(bio_pub, rsa_pkey) result_code = _lib.PEM_write_bio_RSAPrivateKey(     bio_priv, rsa_pkey, _ffi.NULL, _ffi.NULL, 0,     helper.callback, helper.callback_args) 

After this part you will have the public and private keys in your buffers. To get it as a string you can call the functions:

_bio_to_string(bio_pub), _bio_to_string(bio_priv) 

I used these imports for the special "private" functions of OpenSSL.crypto:

import OpenSSL from OpenSSL._util import lib as _lib, ffi as _ffi from OpenSSL.crypto import _new_mem_buf, _bio_to_string 


回答2:

I know this is an old question - but as I've just found it I thought I'd add an answer.

The easiest way to do this with Python 3.x is to use PyCryptodome.

The in Python (for a 2048-bit key):

from Cryptodome.PublicKey import RSA key = RSA.generate(2048) pv_key_string = key.exportKey() with open ("private.pem", "w") as prv_file:     print("{}".format(pv_key_string.decode()), file=prv_file)  pb_key_string = key.publickey().exportKey()  with open ("public.pem", "w") as pub_file:     print("{}".format(pb_key_string.decode()), file=pub_file) 

If you want to check the private key on the (Linux) command-line use:

$ openssl rsa -check -inform pem -noout -in private.pem  RSA key ok ... 


回答3:

You can create a .pem key by follow this tutorial at:

https://help.ubuntu.com/community/OpenSSL

that suppose you want to create a CA(certificate authority) certificate, that is little complicate because you already have to get a CA from somewhere because it's not free.

if you only want to create a key juste for your ssl connection test it better to create a self-sign certificate.

then make sure first you have install openssl and you have resolve the CN (Common Name) on your serve. without that you will be in trouble to use the created certificate.

for the Self-sign certificate use this command line:

$ openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 $ openssl rsa -passin pass:x -in server.pass.key -out server.key $ rm server.pass.key $ openssl req -new -key server.key -out server.csr (list of question to answer) $ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt  

after you got the certificate create you have to activate your server mod-ssl and add the line where is locate your certificate. later you have to insert that certificate in your IE certificate list to get it work with you apache ssl connection daemon.



标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!