M2Crypto: AttributeError: 'CSR' object has no attribute 'pkey'
Matthias Güntert
MatzeGuentert at gmx.de
Sat Aug 1 13:16:14 EDT 2009
Hello python-guys
I am trying to build a python based certificate authority using
m2crypto. I am quite new to python and I am asking myself why my code
snippets below throw the following Traceback:
$ python csr.py
...++++++++++++
...............++++++++++++
Traceback (most recent call last):
File "csr.py", line 48, in <module>
csr.create_cert_signing_request(pubkey, cert_name)
File "csr.py", line 17, in create_cert_signing_request
cert_request.set_pubkey(keypair)
File "/usr/lib64/python2.6/site-packages/M2Crypto/X509.py", line 926,
in set_pubkey
return m2.x509_req_set_pubkey( self.req, pkey.pkey )
AttributeError: 'CSR' object has no attribute 'pkey'
Bellow are my modules containing two classes CSR and Keypair. There
seems to be something wrong in the way I am calling
csr.create_cert_signing_request(), because if I directly add the key
generation part to the create_cert_singing_request function it works...
http://www.heikkitoivonen.net/m2crypto/api/M2Crypto.X509.Request-class.html#set_pubkey
This link states out, that the instance function set_pubkey takes an
EVP_KEY object as argument, and thats what I am passing to it, or not?
I really would be happy if someone could give me a helping hand on this
and maybe could comment every style / ... mistake I made to accelerate
my learning experience.
Thanks,
Matthias
$ cat csr.py
from config import *
from keypair import *
from M2Crypto import X509, EVP
class CSR(object):
def __init__(self):
pass
def create_cert_signing_request(keypair, cert_name,
cert_extension_stack=None):
# create a certificate signing request object
cert_request = X509.Request()
# set certificate version to 3
cert_request.set_version(3)
# which rsa public key should be used?
cert_request.set_pubkey(keypair)
# create an subject for the certificate request
cert_request.set_subject_name(cert_name)
if cert_extension_stack != None:
# add the extensions to the request
cert_request.add_extensions(cert_extension_stack)
# sign the request using the RSA key pair
cert_request.sign(keypair, 'sha1')
return cert_request
if __name__ == "__main__":
csr = CSR()
cert_name = X509.X509_Name()
keyp = Keypair()
keyp.create_keypair()
keyp.save_keypair("host.key")
pubkey = keyp.get_keypair()
cert_name.C = "GB"
cert_name.ST = "Greater Manchester"
cert_name.L = "Salford"
cert_name.O = "COMODO CA Limited"
cert_name.CN = "COMODO Certification Authority"
cert_name.OU = "Information Technology"
cert_name.Email = "contact at comodo.com"
csr.create_cert_signing_request(pubkey, cert_name)
$ cat keypair.py
from M2Crypto import X509, m2, RSA, EVP
from config import *
class Keypair(object):
def __init__(self):
self.config = Config()
self.keypair = EVP.PKey()
def create_keypair(self):
# generate an RSA key pair
# OpenSSL book page 232
# second argument should be a constant RSA_F4 or RSA_3
rsa_key_pair =
RSA.gen_key(int(self.config.get_attribute('CA','key_size')), m2.RSA_F4)
# check if RSA key pair is usable
# OpenSSL book page 232
if rsa_key_pair.check_key() != 1:
print 'error while generating key!'
sys.exit()
# EVP object which can hold either a DSA or an RSA object
# OpenSSL book page 236
evp_key_container = EVP.PKey()
evp_key_container.assign_rsa(rsa_key_pair)
self.keypair = evp_key_container
def save_keypair(self, filename):
self.keypair.save_key(filename, None)
def load_keypair(self, filename):
self.keypair = EVP.load_key(filename)
def get_keypair(self):
return self.keypair
def get_public_key(self):
return self.keypair.pkey
def print_keypair(self):
print self.keypair.as_pem(None)
if __name__ == "__main__":
key = Keypair()
key.create_keypair()
key.save_keypair("test.key")
print key.get_keypair()
print key.get_public_key()
More information about the Python-list
mailing list