[Cryptography-dev] Extracting pub key from a csr

Paul Kehrer paul.l.kehrer at gmail.com
Thu Aug 29 23:38:18 EDT 2024


public_key is a method on your csr object that returns the public_key,
not an attribute.

-Paul

On Thu, Aug 29, 2024 at 8:36 PM Robert Moskowitz <rgm at htt-consult.com> wrote:
>
> I tried that and:
>
> public_bytes = public_key.public_bytes(
>      encoding=serialization.Encoding.Raw,
>      format=serialization.PublicFormat.Raw)
>
>      public_bytes = public_key.public_bytes(
>                     ^^^^^^^^^^
> NameError: name 'public_key' is not defined
>
> so I tried
>
> public_bytes = csr.public_key.public_bytes(
>      encoding=serialization.Encoding.Raw,
>      format=serialization.PublicFormat.Raw)
>
>      public_bytes = csr.public_key.public_bytes(
>                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^
> AttributeError: 'builtin_function_or_method' object has no attribute
> 'public_bytes'
>
> then
>
> public_bytes = csr.public_bytes(
>      encoding=serialization.Encoding.DER)
>
> b'0\x81\x8f0C\x02\x01\x000\x101\x0e0\x0c\x06\x03U\x04\x05\x13\x05x12240*0\x05\x06\x03+ep\x03!\x00*,\xeb\xfb\xde\x01|8\xc4\xfdv\xf5\xc8j-\x07;<\xa8OI\x16\x93\x0c\xe2\xb8\xf3\x9b\x9d\xbf\x8fm\xa0\x000\x05\x06\x03+ep\x03A\x00\xc6\xe4~\xbd\xf8\xe0\x01\x9b\xd8\xd1\xcc$\xe9;\x85Gd\x9eb\x98\xdds\xab\x00\xa2\x13-\xb14_\x93bK\x17\xecg\xca/,n\x12\x9eb\x04\x13\xce\xad\xe6\x95\x9fh\xf0\x05\x84\x9f-\xfa3\x06%L\xd0^\x03'
>
> Which looks more like the whole csr, being to large to be 32 bytes.
>
>
>
>
> On 8/29/24 23:15, Alex Gaynor wrote:
> > All of our public key types have a public_bytes() method that can be
> > used to serialize the key as you wish:
> > https://cryptography.io/en/latest/hazmat/primitives/asymmetric/ed25519/#cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey.public_bytes
> >
> > Alex
> >
> > On Thu, Aug 29, 2024 at 11:12 PM Robert Moskowitz <rgm at htt-consult.com> wrote:
> >> I want a variable that is the bits of the public key so that if I print
> >> it, I get something like:
> >>
> >> 0xf32938f7ff6918d5bbdc52483f31e3725875456a9aeb83f915461a5ea629acda
> >>
> >> or whatever type that I can then change to what I need elsewhere.
> >>
> >> On 8/29/24 23:02, Alex Gaynor wrote:
> >>> You're getting back the public key object for that CSR. When you say
> >>> you want the "public key itself" what do you mean?
> >>>
> >>> Alex
> >>>
> >>> On Thu, Aug 29, 2024 at 10:54 PM Robert Moskowitz <rgm at htt-consult.com> wrote:
> >>>> I have a csr with an eddsa25519 key:
> >>>>
> >>>> -----BEGIN CERTIFICATE REQUEST-----
> >>>> MIGPMEMCAQAwEDEOMAwGA1UEBRMFeDEyMjQwKjAFBgMrZXADIQAqLOv73gF8OMT9
> >>>> dvXIai0HOzyoT0kWkwziuPObnb+PbaAAMAUGAytlcANBAMbkfr344AGb2NHMJOk7
> >>>> hUdknmKY3XOrAKITLbE0X5NiSxfsZ8ovLG4SnmIEE86t5pWfaPAFhJ8t+jMGJUzQ
> >>>> XgM=
> >>>> -----END CERTIFICATE REQUEST-----
> >>>>
> >>>> I want the Pbkey of
> >>>>
> >>>>            Subject Public Key Info:
> >>>>                Public Key Algorithm: ED25519
> >>>>                    ED25519 Public-Key:
> >>>>                    pub:
> >>>>                        e7:3f:5c:a1:b7:78:8a:75:e4:7b:91:4c:0c:1c:48:
> >>>>                        d7:f8:06:c1:f1:9d:58:b0:4d:c9:48:7f:3d:1d:bc:
> >>>>                        ac:16
> >>>>
> >>>> I am following
> >>>>
> >>>> https://cryptography.io/en/3.4.7/x509/reference.html#loading-certificate-signing-requests
> >>>> and
> >>>> https://cryptography.io/en/3.4.7/x509/reference.html#x-509-csr-certificate-signing-request-builder-object
> >>>>
> >>>> I tried the following to get the key:
> >>>>
> >>>> from cryptography.hazmat.primitives import serialization
> >>>> from cryptography.hazmat.primitives.asymmetric import ed25519
> >>>> from cryptography import x509
> >>>> from cryptography.x509.oid import NameOID
> >>>> from cryptography.hazmat.primitives.serialization import load_pem_private_key
> >>>>
> >>>> with open(uacsr, "rb") as f:
> >>>>        pem_req_data = f.read()
> >>>>        csr = x509.load_pem_x509_csr(pem_req_data)
> >>>> csr_pbkey = csr.public_key()
> >>>> print(csr_pbkey)
> >>>>
> >>>> and get:
> >>>>
> >>>> <cryptography.hazmat.backends.openssl.ed25519._Ed25519PublicKey object at 0x7f513f0d39d0>
> >>>>
> >>>> not the public key itself.
> >>>>
> >>>> What am I missing here?
> >>>>
> >>>> thanks
> >>>>
> >>>> _______________________________________________
> >>>> Cryptography-dev mailing list
> >>>> Cryptography-dev at python.org
> >>>> https://mail.python.org/mailman/listinfo/cryptography-dev
> >>>
> >
>
> _______________________________________________
> Cryptography-dev mailing list
> Cryptography-dev at python.org
> https://mail.python.org/mailman/listinfo/cryptography-dev


More information about the Cryptography-dev mailing list