个人中心
gpt4 book ai didi

python - 在 Python 中读取证书

转载 作者:太空宇宙 更新时间:2023-11-03 14:09:09 25 4
gpt4 key购买 nike

我生成了一些证书如下:

OpenSSL> req -new -nodes -newkey rsa:2048 -keyout cert.key -out cert.csr

我没有太多接触证书相关的工作,但作为签署我的 xml 的第一步,我需要阅读这个证书文件,但我在这方面失败得很惨。

这是我通过 SO 获得的一些尝试的终端外壳转储:

尝试1

In [2]: import OpenSSL.crypto

In [3]: st_cert=open('_test_certs/cert.csr', 'rt').read()

In [4]: st_cert
Out[4]: '-----BEGIN CERTIFICATE REQUEST-----\r\nMIIXsDDCAakCAQAwfDELMAkGA1UEBhMCSU4xFTATBgNVBAcMDERlZmF1bHQgQ2l0\r\neTEiMCAGA1UECgwZaW5Db250cm9sLVB1cmNoYXNlQ29udHJvbDEbMBkGA1UECwwS\r\naW5jb250cm9sbXRmLXBjYXBpMRUwEwYDVQQDDAxJYmlib19DbGllbnQwggEiMA0G\r\nCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqYYPd8qXWGY/7vG1QcofjT5ghODSQ\r\nJ0eiJWudnf/hrx8vykdFNeARAVZGWBgj6DGBRPznHKBX1QbvrjcZPmgGOnxJW2ax\r\nNpJ1spN4GLI3OD0lOVl4U5U9g9yPrjHRxntz3TaN5wsNy/OUn5BzGpNrMetNrSId\r\n8DDyQqhuLYpqdqwUm/j/sABLjx9G7e+C65xQCg4LBVNHw/qFAHv4bFqZbGcSnwkv\r\nNc596OHJRAvQ4p4XsJ346EVXpW2KV0iJfENvNcDTytxJ/lV3ayakhdfQcRSWD4Mk\r\n4RVaHTnk9p4AWUOuA3mTCfiRWPYu5hRGypb0ayBHGr902hWIel9cwLhDAgMBAAGg\r\nADANBgkqhkiG9w0BAQUFAAOCAQEAbVxm4DxXyah2APV8U43T/teR0EdH0MyB56wT\r\nDOmJ+eZk5q4QoxNy65Y11cdbkExCXhA7kUHhTjaoEES06zuroanAO59/OLZ+9gUP\r\ncspN0MSo0Dq58jTu030f5yQpARQsgCkQ7xkm2OYtSOkIx8iRnDywax20YRYE6JaB\r\nyfi4oyWoSpGUMEfQY9vGukqf9HKN7f9UFep0Lk5aJ6Jl4V9T1fR6n+IZCUMMd2ij\r\nVM3ywRM/zUgzPy0nE728LI2FmitwHqAmHchRfbHcEZI/xqVeT99NrqCzjX6gNtZa\r\nv8VZTDPDJAKoHX8xvKZLfyMYe2teW1SHPB9Vzhg2VQuutU+zVw==\r\n-----END CERTIFICATE REQUEST-----\r\n'

In [5]: c=OpenSSL.crypto

In [6]: cert=c.load_certificate(c.FILETYPE_PEM, st_cert)
---------------------------------------------------------------------------
Error                                     Traceback (most recent call last)
<ipython-input-6-50f41db2c094> in <module>()
----> 1 cert=c.load_certificate(c.FILETYPE_PEM, st_cert)

/usr/local/lib/python2.7/site-packages/OpenSSL/crypto.pyc in load_certificate(type, buffer)
   1509
   1510     if x509 == _ffi.NULL:
-> 1511         _raise_current_error()
   1512
   1513     cert = X509.__new__(X509)

/usr/local/lib/python2.7/site-packages/OpenSSL/_util.pyc in exception_from_error_queue(exception_type)
     46                 text(lib.ERR_reason_error_string(error))))
     47
---> 48     raise exception_type(errors)
     49
     50

Error: [('PEM routines', 'PEM_read_bio', 'no start line')]

尝试2

In [46]: from Crypto.PublicKey import RSA

In [47]: from Crypto.Util import asn1

In [48]: from base64 import b64decode

In [49]: keyDER = b64decode(cert)

In [50]: keyDER
Out[50]: '0\x82\x02\xf00\x82\x01\xd8\x02\x01\x000\x81\x891\x0b0\t\x06\x03U\x04\x06\x13\x02IN1\x100\x0e\x06\x03U\x04\x08\x13\x07HARYANA1\x100\x0e\x06\x03U\x04\x07\x13\x07GURGAON1"0 \x06\x03U\x04\n\x13\x19inControl-PurchaseControl1\x1b0\x19\x06\x03U\x04\x0b\x13\x12incontrolmtf-pcapi1\x150\x13\x06\x03U\x04\x03\x14\x0cIbibo_Client0\x82\x01"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x000\x82\x01\n\x02\x82\x01\x01\x00\xb9\xa8\xfaXY\x1c\x98\xd8SA\xf9\x92\x8cG\x8b\x945\xe4\xf4~\xe9|:\xf9Ei\xde\x17\x0c\x90{#\x9e\xfb.%\xb1\xaf \x831y\xcfb=\x9b\xd3\x9cP/\xd7\xfc\xc8\xaeGy+\xde\xe9\xd2Jn\x8e.|2B\xd6\xc4\xd3\xd7U\xce\xe5 _\x1eW\x81\xe7W\xddD\'\xe7Ow\xf6\x15\xc4\xb31\xe9\x89\xb7\xcaA\xc2\xba\xc1\xb5c\xa03\x0e\xe4\r\xc4\xc1\xc1\xf2 Zzl\xb7\xb1\xce%\x82\x85\x16\xcc \xd9-^\x01N\xab\xc1\xa7\xfa\x18=\xaeA?\xf59v-\xd0`/c\xb8\x92F\xf7\xe0`\xca\xdb\xce\xda\x8dP\x0c\xeb\xd1\xb0%\xb7\x94\x86\xbb9\xd5}/\xea\x8f\xf0K\x8a\xaf\x90\xf1}aj\x83\x8e<R\xa3\xaa\xcb\x10<A#2n\xe8\xb9)\x90\xc8D\xe8\\\xf9j!\xa4h\x8c\xbe\xa8\x96\xa8\x15\xa5\x9at\x83U@\xf6\x8fK\x80u\xda\x9c/gA\xc6\x86\x16\xaf\xd9\xf4\x13\xcf\xb7\x13\xfe\x15d\xbb\xfd\xeb\x14\x9a7+\xd9\x04\x9ef\x8ck\x02\x03\x01\x00\x01\xa0!0\x1f\x06\t*\x86H\x86\xf7\r\x01\t\x071\x12\x13\x10BqtsA11BiFS3UA==0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x8f\xc6q\xcd6\xfaM\xaah\x1a\xea\x04\x03\'[\x1aR\xda\x15\x1dp5\xb6\xb3n\xfa\x1a\x81\x8e}\xcb(d\xb6\xb5\xbc[\xb4D\x970\xbb\xd1\xefXc\x8a\xde{V\xb0_i\xf2<_\xad\x9f\xe8)N\xc2e\'%\xe2\xe5\xecr\x15\xe6\xb3\x08\xfd\x88\x07lf^\x03\xb3\x90}\x93\x84\xfb\xf9Z\x91\x9d\xea\xde\xda\x94]\xd7\r\x97\xd4\x16I\xf4 \xedmW\x8b\xf09\x80\xbc\x11\xd6\xe6a\xd2\xfbFj\xe5\xbf\x93\x7fu\x12\xdf\xa0AV\xdd\xd2\x08\x88\x81\xe5Z\xd3\xae\xcd\xa0BD\xdb\x0b\x9c\xdb\xe1D\xfc6>\x13\xed7\x17\xab\x05(\x8a\xd7I1\x9a\xad\xa7\xde$\xab0\x8e\xe1Jk>6\xb4\xb6\xbd\xed\xe4&\x9c\xef:\xf81\xe3*\xa7\xd77\xf0\xcbx\x01c^\x9cP\xef\x1eA\xf5\x1f\xf1\xac\xcf\xd3D\xc6\xda!\xad\xd5T\x91\xd7\x8c\x99\x0eI\xb6a\x96\xccu8\n\x04y$\xfb\x9f\xff\x80By#\xf0\xe1\xf6w\xaar\xfd\xbe\x02\xceV?\x04>\x7f\x9e\x8c\x92'

In [51]: seq = asn1.DerSequence()

In [52]: seq
Out[52]: <Crypto.Util.asn1.DerSequence instance at 0x1169d7710>

In [53]: seq.decode(keyDER)
Out[53]: 756L

In [54]: keyPub = RSA.construct( (seq[0], seq[1]) )
---------------------------------------------------------------------------
AssertionError                            Traceback (most recent call last)
<ipython-input-54-f8c06e826410> in <module>()
----> 1 keyPub = RSA.construct( (seq[0], seq[1]) )

/usr/local/lib/python2.7/site-packages/pycrypto-2.6.1-py2.7-macosx-10.10-x86_64.egg/Crypto/PublicKey/RSA.pyc in construct(self, tup)
    537         :Return: An RSA key object (`_RSAobj`).
    538         """
--> 539         key = self._math.rsa_construct(*tup)
    540         return _RSAobj(self, key)
    541

/usr/local/lib/python2.7/site-packages/pycrypto-2.6.1-py2.7-macosx-10.10-x86_64.egg/Crypto/PublicKey/_slowmath.pyc in rsa_construct(n, e, d, p, q, u)
     82 def rsa_construct(n, e, d=None, p=None, q=None, u=None):
     83     """Construct an RSAKey object"""
---> 84     assert isinstance(n, long)
     85     assert isinstance(e, long)
     86     assert isinstance(d, (long, type(None)))

AssertionError:

尝试 3

In [41]: import OpenSSL.crypto

In [42]: cert
Out[42]: 'MIIC8DCCAdgCAQAwgYkxCzAJBgNVBAYTAklOMRAwDgYDVQQIEwdIQVJZQU5BMRAwDgYDVQQHEwdHVVJHQU9OMSIwIAYDVQQKExlpbkNvbnRyb2wtUHVyY2hhc2VDb250cm9sMRswGQYDVQQLExJpbmNvbnRyb2xtdGYtcGNhcGkxFTATBgNVBAMUDEliaWJvX0NsaWVudDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALmo+lhZHJjYU0H5koxHi5Q15PR+6Xw6+UVp3hcMkHsjnvsuJbGvIIMxec9iPZvTnFAv1/zIrkd5K97p0kpuji58MkLWxNPXVc7lIF8eV4HnV91EJ+dPd/YVxLMx6Ym3ykHCusG1Y6AzDuQNxMHB8iBaemy3sc4lgoUWzCDZLV4BTqvBp/oYPa5BP/U5di3QYC9juJJG9+BgytvO2o1QDOvRsCW3lIa7OdV9L+qP8EuKr5DxfWFqg448UqOqyxA8QSMybui5KZDIROhc+WohpGiMvqiWqBWlmnSDVUD2j0uAddqcL2dBxoYWr9n0E8+3E/4VZLv96xSaNyvZBJ5mjGsCAwEAAaAhMB8GCSqGSIb3DQEJBzESExBCcXRzQTExQmlGUzNVQT09MA0GCSqGSIb3DQEBBQUAA4IBAQCPxnHNNvpNqmga6gQDJ1saUtoVHXA1trNu+hqBjn3LKGS2tbxbtESXMLvR71hjit57VrBfafI8X62f6ClOwmUnJeLl7HIV5rMI/YgHbGZeA7OQfZOE+/lakZ3q3tqUXdcNl9QWSfQg7W1Xi/A5gLwR1uZh0vtGauW/k391Et+gQVbd0giIgeVa067NoEJE2wuc2+FE/DY+E+03F6sFKIrXSTGarafeJKswjuFKaz42tLa97eQmnO86+DHjKqfXN/DLeAFjXpxQ7x5B9R/xrM/TRMbaIa3VVJHXjJkOSbZhlsx1OAoEeST7n/+AQnkj8OH2d6py/b4CzlY/BD5/noyS'

In [43]: c=OpenSSL.crypto

In [44]: cert=c.load_certificate(c.FILETYPE_PEM, cert)
---------------------------------------------------------------------------
Error                                     Traceback (most recent call last)
<ipython-input-44-4c3ed52bc50d> in <module>()
----> 1 cert=c.load_certificate(c.FILETYPE_PEM, cert)

/usr/local/lib/python2.7/site-packages/OpenSSL/crypto.pyc in load_certificate(type, buffer)
   1509
   1510     if x509 == _ffi.NULL:
-> 1511         _raise_current_error()
   1512
   1513     cert = X509.__new__(X509)

/usr/local/lib/python2.7/site-packages/OpenSSL/_util.pyc in exception_from_error_queue(exception_type)
     46                 text(lib.ERR_reason_error_string(error))))
     47
---> 48     raise exception_type(errors)
     49
     50

Error: [('PEM routines', 'PEM_read_bio', 'no start line')]

尝试 4

In [37]: from Crypto.PublicKey import RSA

In [38]: from base64 import b64decode

In [39]: keyDER = b64decode(cert)

In [40]: keyPub = RSA.importKey(keyDER)
---------------------------------------------------------------------------
ValueError                                Traceback (most recent call last)
<ipython-input-40-6053c2c14edb> in <module>()
----> 1 keyPub = RSA.importKey(keyDER)

/usr/local/lib/python2.7/site-packages/pycrypto-2.6.1-py2.7-macosx-10.10-x86_64.egg/Crypto/PublicKey/RSA.pyc in importKey(self, externKey, passphrase)
    678         if bord(externKey[0])==0x30:
    679                 # This is probably a DER encoded key
--> 680                 return self._importKeyDER(externKey)
    681
    682         raise ValueError("RSA key format is not supported")

/usr/local/lib/python2.7/site-packages/pycrypto-2.6.1-py2.7-macosx-10.10-x86_64.egg/Crypto/PublicKey/RSA.pyc in _importKeyDER(self, externKey)
    586             pass
    587
--> 588         raise ValueError("RSA key format is not supported")
    589
    590     def importKey(self, externKey, passphrase=None):

ValueError: RSA key format is not supported

我只是在寻找一种 pythonic 方式来读取证书和 key 文件。

已经试过了:

How to read a RSA public key in PEM + PKCS#1 format

How to load an RSA key from a PEM file and use it in python-crypto

How to verify a JWT using python PyJWT with a public PEM cert?

最佳答案

该 openssl 命令生成一个 key 对和一个证书签名请求 (CSR)不是证书。将 CSR 提供​​给证书颁发机构 (CA) 进行签名。然后您可以从 CA 获得证书。

为了内部使用和测试目的,通常会生成一个自签名证书。 openssl 命令是:

openssl req -x509 -newkey rsa:2048 -sha256 -keyout key.pem -nodes -out cert.pem -days 365

生成的证书和 key 文件都是 PEM 格式(基本上是用页眉和页脚行进行 Base64 编码),您在尝试 #1 中的代码现在应该可以读取证书。

如果从 key.pem 中删除页眉和页脚行,则来自 this answer 的代码应该可以读取 RSA key 。

关于python - 在 Python 中读取证书,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/34808308/

25 4 0
文章推荐: c# - 在 ASP.NET 中从 SQL Server 读取 XML 文件
文章推荐: Jupyter 和 PyCharm 中的 Python 统计模型和简单指数平滑
文章推荐: c# - 在 JavaScript 中镜像 C# 模型 - ASP.NET MVC
文章推荐: ubuntu - 服务器设置 : Subdomain or different port for API and single or multiple ssl certificates for a docker, nginx、web 和 api 设置?
太空宇宙
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com