pyOpenSSL creating a pem file

2019-05-06 18:26发布

站内问答 / Python
503 3 4

I've created a key pair using the following code in python with pyOpenSSL:

from OpenSSL import crypto
k = crypto.PKey()
k.generate_key(crypto.TYPE_RSA, 2048)
  1. Now how can I create the private and public key .pem files from the key object?
  2. If there is any tutorial available please let me know. I found none. From the manual, it's difficult to know as I'm new to OpenSSL.
  3. What are the chances that the same code will create two same key pairs is there is no specific unique key is being used in RSA?

3条回答
做自己的国王
2楼-- · 2019-05-06 18:53

I know this is an old question - but as I've just found it I thought I'd add an answer.

The easiest way to do this with Python 3.x is to use PyCryptodome.

The in Python (for a 2048-bit key):

from Cryptodome.PublicKey import RSA
key = RSA.generate(2048)
pv_key_string = key.exportKey()
with open ("private.pem", "w") as prv_file:
    print("{}".format(pv_key_string.decode()), file=prv_file)

pb_key_string = key.publickey().exportKey()
 with open ("public.pem", "w") as pub_file:
    print("{}".format(pb_key_string.decode()), file=pub_file)

If you want to check the private key on the (Linux) command-line use:

$ openssl rsa -check -inform pem -noout -in private.pem 
RSA key ok
...
查看更多
0人赞 添加讨论(0) 举报
ゆ 、 Hurt°
3楼-- · 2019-05-06 18:55

I hope this will help people in the future, because I had this same need and couldn't find an answer so I did it myself. Thought I would share it with you.

1. Creating a PEM file

bio_pub = _new_mem_buf()  # Memory buffers to write to
bio_priv = _new_mem_buf()

helper = OpenSSL.crypto._PassphraseHelper(OpenSSL.crypto.FILETYPE_PEM, None)

pk = OpenSSL.crypto.PKey()
pk.generate_key(OpenSSL.crypto.TYPE_RSA, n)

# Convert from EVP_PKEY type to RSA type
rsa_pkey = _lib.EVP_PKEY_get1_RSA(pk._pkey)


result_code = _lib.PEM_write_bio_RSAPublicKey(bio_pub, rsa_pkey)
result_code = _lib.PEM_write_bio_RSAPrivateKey(
    bio_priv, rsa_pkey, _ffi.NULL, _ffi.NULL, 0,
    helper.callback, helper.callback_args)

After this part you will have the public and private keys in your buffers. To get it as a string you can call the functions:

_bio_to_string(bio_pub), _bio_to_string(bio_priv)

I used these imports for the special "private" functions of OpenSSL.crypto:

import OpenSSL
from OpenSSL._util import lib as _lib, ffi as _ffi
from OpenSSL.crypto import _new_mem_buf, _bio_to_string
查看更多
0人赞 添加讨论(0) 举报
霸刀☆藐视天下
4楼-- · 2019-05-06 19:01

You can create a .pem key by follow this tutorial at:

https://help.ubuntu.com/community/OpenSSL

that suppose you want to create a CA(certificate authority) certificate, that is little complicate because you already have to get a CA from somewhere because it's not free.

if you only want to create a key juste for your ssl connection test it better to create a self-sign certificate.

then make sure first you have install openssl and you have resolve the CN (Common Name) on your serve. without that you will be in trouble to use the created certificate.

for the Self-sign certificate use this command line:

$ openssl genrsa -des3 -passout pass:x -out server.pass.key 2048
$ openssl rsa -passin pass:x -in server.pass.key -out server.key
$ rm server.pass.key
$ openssl req -new -key server.key -out server.csr (list of question to answer)
$ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

after you got the certificate create you have to activate your server mod-ssl and add the line where is locate your certificate. later you have to insert that certificate in your IE certificate list to get it work with you apache ssl connection daemon.

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)