[Cryptography-dev] Processing public key algorithm 'ecdsa-with-SHA256'

Thu Apr 20 08:37:00 EDT 2017

Sure, you can parse an X.509 certificate and then do whatever you want with
it:
https://cryptography.io/en/latest/x509/reference/#cryptography.x509.load_pem_x509_certificate

There's no standard JSON serializatino for X.509, but you can use the
individual attributes/methods from a certificate to serialize it however
you like.

Alex

On Thu, Apr 20, 2017 at 8:28 AM, Paul King <paul at grumpypunk.com> wrote:

>
> Hi Alex,
>
> Thanks for the rapid response.
>
> I am trying to process a lot of certificates so that I can do some
> research on them. I have them in PEM format and I would ideally like to
> process them once to get them into JSON, and from there try other things.
> So I am processing rather than manipulating/changing.
>
> One thing I have learnt is that ASN1 is horrible and there are so many
> variant/corner cases! For this reason I want to try and use a well
> maintained package so cryptography makes sense.
>
> I can always process a log with the command line “openssl” statement and I
> want to achieve a similar programmatic solution with python. Does that make
> sense?
>
> I could use the openssl command line and then process the text but that
> doesn’t seem a good way to start!
>
>
> On 20 Apr 2017, at 13:22, Alex Gaynor <alex.gaynor at gmail.com> wrote:
>
> Hi Paul,
>
> If what you're trying to do is manipulate X.509 certificates and public
> keys, I think you'll have an easier time using the pyca/cryptography APIs,
> they're significantly richer and better tested -- and since pyOpenSSL
> depends on pyca/cryptography you already have a copy :-)
>
> https://cryptography.io/en/latest/x509/ are our X.509 docs, and
> https://cryptography.io/en/latest/hazmat/primitives/
> asymmetric/serialization/ are the docs for key serialization. Let us know
> if you have any questions.
>
> Alex
>
> On Thu, Apr 20, 2017 at 8:14 AM, Paul King via Cryptography-dev <
> cryptography-dev at python.org> wrote:
>
>> Hi
>>
>> I am using pyOpenSSL to process a PEM certificate.
>>
>> From the command line I can use ‘openssl x509 -inform pem -text -in
>> 10.pem’ to process the certificate and can see:
>>
>> Signature Algorithm: ecdsa-with-SHA256
>>
>> However, when I try this in python with pyOpenSSL on my Mac, I struggle.
>>
>> Can someone advise me on how to process this type in python with
>> pyOpenSSL?
>>
>> Code:
>>
>>     pub = cert.get_pubkey()
>>     pub_asn1 = OpenSSL.crypto.dump_publickey(
>> OpenSSL.crypto.FILETYPE_ASN1, pub )
>>
>> Similarly I want to do the same for the Subject Public Key:
>>
>>         Subject Public Key Info:
>>             Public Key Algorithm: id-ecPublicKey
>>                 Public-Key: (256 bit)
>>                 pub:
>>                     <-snip->
>>                 ASN1 OID: prime256v1
>>                 NIST CURVE: P-256
>>
>>
>> Does that make sense for what I am trying to do, and should I be able to
>> do this with pyOpenSSL?
>>
>>
>> Thanks
>> Paul
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> Cryptography-dev mailing list
>> Cryptography-dev at python.org
>> https://mail.python.org/mailman/listinfo/cryptography-dev
>>
>
>
>
> --
> "I disapprove of what you say, but I will defend to the death your right
> to say it." -- Evelyn Beatrice Hall (summarizing Voltaire)
> "The people's good is the highest law." -- Cicero
> GPG Key fingerprint: D1B3 ADC0 E023 8CA6
>
>
>

-- 
"I disapprove of what you say, but I will defend to the death your right to
say it." -- Evelyn Beatrice Hall (summarizing Voltaire)
"The people's good is the highest law." -- Cicero
GPG Key fingerprint: D1B3 ADC0 E023 8CA6
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/cryptography-dev/attachments/20170420/7eaf6b50/attachment-0001.html>