[Cryptography-dev] Extracting pub key from a csr

Robert Moskowitz rgm at htt-consult.com
Fri Aug 30 06:40:28 EDT 2024 

For want of a parens, 2 hours were lost....  :)
I do trip on this, still, a lot.  Blame my dyslexia!

thanks!

On 8/30/24 01:57, Glyph wrote:
> You will note that 
> https://cryptography.io/en/latest/hazmat/primitives/asymmetric/ed25519/#cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PrivateKey.public_key has 
> parentheses after it in its description.  That's it.  You just forgot 
> the parens.  i.e., try:
>
> public_bytes = csr.public_key*()*.public_bytes(
>      encoding=serialization.Encoding.Raw,
>      format=serialization.PublicFormat.Raw,
> )
>
> Hope that helps,
>
> -g
>
>> On Aug 29, 2024, at 8:59 PM, Robert Moskowitz <rgm at htt-consult.com> 
>> wrote:
>>
>> I may know a lot about x.509 objects (and use openssl command line a 
>> lot), but I am a serious hack at anything python, so I am missing 
>> your point wrt what I need to do after reading in the csr to get a 
>> var that contains the public key in bytes I can use.
>>
>> So, please, be a little understanding and convey some understanding 
>> to me.  I have spent a lot of hours trying to grok
>>
>> https://cryptography.io/en/latest/hazmat/primitives/asymmetric/ed25519
>>
>> And still come up short.
>>
>> thanks
>>
>> On 8/29/24 23:38, Paul Kehrer wrote:
>>> public_key is a method on your csr object that returns the public_key,
>>> not an attribute.
>>>
>>> -Paul
>>>
>>> On Thu, Aug 29, 2024 at 8:36 PM Robert Moskowitz 
>>> <rgm at htt-consult.com> wrote:
>>>> I tried that and:
>>>>
>>>> public_bytes = public_key.public_bytes(
>>>>      encoding=serialization.Encoding.Raw,
>>>>      format=serialization.PublicFormat.Raw)
>>>>
>>>>      public_bytes = public_key.public_bytes(
>>>>                     ^^^^^^^^^^
>>>> NameError: name 'public_key' is not defined
>>>>
>>>> so I tried
>>>>
>>>> public_bytes = csr.public_key.public_bytes(
>>>>      encoding=serialization.Encoding.Raw,
>>>>      format=serialization.PublicFormat.Raw)
>>>>
>>>>      public_bytes = csr.public_key.public_bytes(
>>>>                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>>> AttributeError: 'builtin_function_or_method' object has no attribute
>>>> 'public_bytes'
>>>>
>>>> then
>>>>
>>>> public_bytes = csr.public_bytes(
>>>>      encoding=serialization.Encoding.DER)
>>>>
>>>> b'0\x81\x8f0C\x02\x01\x000\x101\x0e0\x0c\x06\x03U\x04\x05\x13\x05x12240*0\x05\x06\x03+ep\x03!\x00*,\xeb\xfb\xde\x01|8\xc4\xfdv\xf5\xc8j-\x07;<\xa8OI\x16\x93\x0c\xe2\xb8\xf3\x9b\x9d\xbf\x8fm\xa0\x000\x05\x06\x03+ep\x03A\x00\xc6\xe4~\xbd\xf8\xe0\x01\x9b\xd8\xd1\xcc$\xe9;\x85Gd\x9eb\x98\xdds\xab\x00\xa2\x13-\xb14_\x93bK\x17\xecg\xca/,n\x12\x9eb\x04\x13\xce\xad\xe6\x95\x9fh\xf0\x05\x84\x9f-\xfa3\x06%L\xd0^\x03'
>>>>
>>>> Which looks more like the whole csr, being to large to be 32 bytes.
>>>>
>>>>
>>>>
>>>>
>>>> On 8/29/24 23:15, Alex Gaynor wrote:
>>>>> All of our public key types have a public_bytes() method that can be
>>>>> used to serialize the key as you wish:
>>>>> https://cryptography.io/en/latest/hazmat/primitives/asymmetric/ed25519/#cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey.public_bytes
>>>>>
>>>>> Alex
>>>>>
>>>>> On Thu, Aug 29, 2024 at 11:12 PM Robert Moskowitz 
>>>>> <rgm at htt-consult.com> wrote:
>>>>>> I want a variable that is the bits of the public key so that if I 
>>>>>> print
>>>>>> it, I get something like:
>>>>>>
>>>>>> 0xf32938f7ff6918d5bbdc52483f31e3725875456a9aeb83f915461a5ea629acda
>>>>>>
>>>>>> or whatever type that I can then change to what I need elsewhere.
>>>>>>
>>>>>> On 8/29/24 23:02, Alex Gaynor wrote:
>>>>>>> You're getting back the public key object for that CSR. When you say
>>>>>>> you want the "public key itself" what do you mean?
>>>>>>>
>>>>>>> Alex
>>>>>>>
>>>>>>> On Thu, Aug 29, 2024 at 10:54 PM Robert Moskowitz 
>>>>>>> <rgm at htt-consult.com> wrote:
>>>>>>>> I have a csr with an eddsa25519 key:
>>>>>>>>
>>>>>>>> -----BEGIN CERTIFICATE REQUEST-----
>>>>>>>> MIGPMEMCAQAwEDEOMAwGA1UEBRMFeDEyMjQwKjAFBgMrZXADIQAqLOv73gF8OMT9
>>>>>>>> dvXIai0HOzyoT0kWkwziuPObnb+PbaAAMAUGAytlcANBAMbkfr344AGb2NHMJOk7
>>>>>>>> hUdknmKY3XOrAKITLbE0X5NiSxfsZ8ovLG4SnmIEE86t5pWfaPAFhJ8t+jMGJUzQ
>>>>>>>> XgM=
>>>>>>>> -----END CERTIFICATE REQUEST-----
>>>>>>>>
>>>>>>>> I want the Pbkey of
>>>>>>>>
>>>>>>>>            Subject Public Key Info:
>>>>>>>>                Public Key Algorithm: ED25519
>>>>>>>>                    ED25519 Public-Key:
>>>>>>>>                    pub:
>>>>>>>>                        e7:3f:5c:a1:b7:78:8a:75:e4:7b:91:4c:0c:1c:48:
>>>>>>>>                        d7:f8:06:c1:f1:9d:58:b0:4d:c9:48:7f:3d:1d:bc:
>>>>>>>>                        ac:16
>>>>>>>>
>>>>>>>> I am following
>>>>>>>>
>>>>>>>> https://cryptography.io/en/3.4.7/x509/reference.html#loading-certificate-signing-requests
>>>>>>>> and
>>>>>>>> https://cryptography.io/en/3.4.7/x509/reference.html#x-509-csr-certificate-signing-request-builder-object
>>>>>>>>
>>>>>>>> I tried the following to get the key:
>>>>>>>>
>>>>>>>> from cryptography.hazmat.primitives import serialization
>>>>>>>> from cryptography.hazmat.primitives.asymmetric import ed25519
>>>>>>>> from cryptography import x509
>>>>>>>> from cryptography.x509.oid import NameOID
>>>>>>>> from cryptography.hazmat.primitives.serialization import 
>>>>>>>> load_pem_private_key
>>>>>>>>
>>>>>>>> with open(uacsr, "rb") as f:
>>>>>>>>        pem_req_data = f.read()
>>>>>>>>        csr = x509.load_pem_x509_csr(pem_req_data)
>>>>>>>> csr_pbkey = csr.public_key()
>>>>>>>> print(csr_pbkey)
>>>>>>>>
>>>>>>>> and get:
>>>>>>>>
>>>>>>>> <cryptography.hazmat.backends.openssl.ed25519._Ed25519PublicKey 
>>>>>>>> object at 0x7f513f0d39d0>
>>>>>>>>
>>>>>>>> not the public key itself.
>>>>>>>>
>>>>>>>> What am I missing here?
>>>>>>>>
>>>>>>>> thanks
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Cryptography-dev mailing list
>>>>>>>> Cryptography-dev at python.org
>>>>>>>> https://mail.python.org/mailman/listinfo/cryptography-dev
>>>> _______________________________________________
>>>> Cryptography-dev mailing list
>>>> Cryptography-dev at python.org
>>>> https://mail.python.org/mailman/listinfo/cryptography-dev
>>> _______________________________________________
>>> Cryptography-dev mailing list
>>> Cryptography-dev at python.org
>>> https://mail.python.org/mailman/listinfo/cryptography-dev
>>
>> _______________________________________________
>> Cryptography-dev mailing list
>> Cryptography-dev at python.org
>> https://mail.python.org/mailman/listinfo/cryptography-dev
>
>
> _______________________________________________
> Cryptography-dev mailing list
> Cryptography-dev at python.org
> https://mail.python.org/mailman/listinfo/cryptography-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.python.org/pipermail/cryptography-dev/attachments/20240830/ef33954a/attachment.html>

More information about the Cryptography-dev mailing list