Searching for a usable X509 implementation

Laura Creighton lac at
Sun Jul 5 07:33:13 CEST 2015

In a message of Sun, 05 Jul 2015 02:27:22 +0200, Laura Creighton writes:
>In a message of Fri, 03 Jul 2015 17:11:10 -0700, Dennis Jacobfeuerborn writes:
>>I'm trying to implement certificate functionality in a python app but after fighting with pyOpenSSL and M2Crypto I'm thinking about writing wrapper functions for the OpenSSL command line tool instead or switching the app to another language all together.
>>Apparently PyOpenSSL has no way to save a public key to a file which is baffling. M2Crypto has that ability but apparently no usable way to verify a certificate?
>PyOpenSSL does, you must have missed it when looking.
>You are looking for OpenSSL.crypto.dump_certificate(type, cert)
>    Dump the certificate cert into a buffer string encoded with the type type.

Excuse me.  I misunderstood your mail.  You only want to save the
public key, and not a certificate or a certificate request.

I don't see a way to do this in PEM or ASN.1 format.

For an RSA key in PEM format you can do:
from OpenSSL.crypto import _new_mem_buf, _lib, _bio_to_string

def dump_rsa_public_key(pkey):
    bio = _new_mem_buf()
    result = _lib.PEM_write_bio_RSAPublicKey(bio, _lib.EVP_PKEY_get1_RSA(pkey._
    # if result == 0: ERROR!  Figure out what you want to do here ...
    return _bio_to_string(bio)

There are similar things for other formats and DSA keys.  

The original version of PyOpenSSL was written by Martin Sjögren, when
he was working for me, and we had no need for such a thing at the time,
since we just saved full certificates.  You are right that it is very
odd that nobody else has needed them since then, and this probably
should be added to PyOpenSSL.


More information about the Python-list mailing list