我刚开始使用pyOpenSSL库来生成证书并读取现有的证书。但是,我想在我的程序中生成一个p12 / pfx包而不是标准的pem文件。我无法为此找到合适的API。仅用于转储pkcs12对象。任何人都可以让我知道如何做到这一点?
谢谢
使用privkeydata中的示例PEM私钥数据和certdata中的证书数据(为了更好的可读性,我将其移到答案的底部),我认为以下是您正在寻找的内容:
>>> cert = crypto.load_certificate(crypto.FILETYPE_PEM, certdata)
>>> privkey = crypto.load_privatekey(crypto.FILETYPE_PEM, privkeydata)
>>> pfx = crypto.PKCS12Type()
>>> pfx.set_privatekey(privkey)
>>> pfx.set_certificate(cert)
>>> pfxdata = pfx.export('passphrase')
>>> with open('test.pfx', 'wb') as pfxfile:
... pfxfile.write(pfxdata)
...
>>>
通过在shell中调用openssl来检查结果:
$ openssl pkcs12 -info -in test.pfx -passin pass:passphrase -passout pass:otherpassphrase
MAC Iteration 1
MAC verified OK
PKCS7 Encrypted data: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048
Certificate bag
Bag Attributes
localKeyID: 97 AD B9 5B EC 5B BA 6D BC F7 D3 06 EA CC 12 A1 52 AE 90 7B
subject=/C=nl/ST=Noord-Holland/O=Mobilefish.com/L=Zaandam/OU=Marketing/CN=www.mobilefish.com/[email protected]
issuer=/C=nl/ST=Noord-Holland/O=Mobilefish.com/L=Zaandam/OU=Marketing/CN=www.mobilefish.com/[email protected]
-----BEGIN CERTIFICATE-----
MIID0zCCAzygAwIBAgIBADANBgkqhkiG9w0BAQQFADCBqDELMAkGA1UEBhMCbmwx
FjAUBgNVBAgTDU5vb3JkLUhvbGxhbmQxFzAVBgNVBAoTDk1vYmlsZWZpc2guY29t
MRAwDgYDVQQHEwdaYWFuZGFtMRIwEAYDVQQLEwlNYXJrZXRpbmcxGzAZBgNVBAMT
End3dy5tb2JpbGVmaXNoLmNvbTElMCMGCSqGSIb3DQEJARYWY29udGFjdEBtb2Jp
bGVmaXNoLmNvbTAeFw0xNTExMTQwMjAyNDlaFw0xNjExMTMwMjAyNDlaMIGoMQsw
CQYDVQQGEwJubDEWMBQGA1UECBMNTm9vcmQtSG9sbGFuZDEXMBUGA1UEChMOTW9i
aWxlZmlzaC5jb20xEDAOBgNVBAcTB1phYW5kYW0xEjAQBgNVBAsTCU1hcmtldGlu
ZzEbMBkGA1UEAxMSd3d3Lm1vYmlsZWZpc2guY29tMSUwIwYJKoZIhvcNAQkBFhZj
b250YWN0QG1vYmlsZWZpc2guY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
gQC2Yw+5xKhhelVmH7Weu9eMhreuRvQXuNsyi5SA0sBXboOybox5oJZAWbL84KN5
gX1qN7U62szotl3K49bRlzbKu/TmcVdJYlRlnwusL5XQJDKv+uERlUU0QDXeswEu
M93UxkeN/j0vKfjp8k/Ny4qc5pNOT/dqNRyx01pVFV8NFwIDAQABo4IBCTCCAQUw
HQYDVR0OBBYEFKEXjyTmz/vOVxHbtJCJUraUZhxsMIHVBgNVHSMEgc0wgcqAFKEX
jyTmz/vOVxHbtJCJUraUZhxsoYGupIGrMIGoMQswCQYDVQQGEwJubDEWMBQGA1UE
CBMNTm9vcmQtSG9sbGFuZDEXMBUGA1UEChMOTW9iaWxlZmlzaC5jb20xEDAOBgNV
BAcTB1phYW5kYW0xEjAQBgNVBAsTCU1hcmtldGluZzEbMBkGA1UEAxMSd3d3Lm1v
YmlsZWZpc2guY29tMSUwIwYJKoZIhvcNAQkBFhZjb250YWN0QG1vYmlsZWZpc2gu
Y29tggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAanK63a/8Emwl
v4i8XI57hkt3Iq0NbMveGT01DrBiRUJ/Uf7jpS+j4blcaUUJ6JuOk+wrwYZIZqZE
9mHfiPKMNps22OYXoHkaZPcxtofpyTGE2tnW2ReauTKCVPSczQPqn7mhBG2t6TJs
YBpp0s2I/q7a4bVbowibPbO3RK1kBcA=
-----END CERTIFICATE-----
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048
Bag Attributes
localKeyID: 97 AD B9 5B EC 5B BA 6D BC F7 D3 06 EA CC 12 A1 52 AE 90 7B
Key Attributes: <No Attributes>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIQ4sDzexzf6gCAggA
MBQGCCqGSIb3DQMHBAjmWBnhSdfEJgSCAoCQMrLa0Y+V3zrgRtjesa6Er/dJFz40
rpN2unNBpdrFMkuEIcCAnlNoLKJpe3x20ly4QrYaDG7sxMbdxnr3jqf4Jy0TxgnC
nC5x8hDhIV+M7gnXQiiGTK2VPDeJ2n3/hmmIEgleBOSdbz39O1Ik52+E47Fee+pB
W9b2au/p8NUE66v7JgN+VQVG6EcXCsyFkFivl1O+eokcTwa9q3sqPW+xTiPJ43LH
yKAvjT7vWOYark6QK8Gcth4Y8FdKMA6kHNim/LAtl4Vc1Af5qHMubBO1C+Avw0HE
Qt3DP/mkdwLYjisBbqjpAFkTsdEuMIwyhuExCSu0w+QfxjVAezyC6y+7IWfBfRpG
j9+MNy9qe0DqKIQ/P09GeoXJH8Yy0RQiA1XpQBcGSuRHj6B3lWUlxtTlGlTmxlzO
yPDJXxaUmMNTCNQlYu7CBj2FOXXewAuGi0nv8/bbZpWxSgyZcVcJlCtYZq+9NmYv
RhGwfhWuNsQZQmtFDgtpg/GYD8TFV6oc6mmTurBkLEL2KGCnPWVRH8xyJeb87/EF
/H/2gA5P9aS/K3cN3OsgC5uUi38jgFZ2p69TPNLjxBHK5HakaCgh1Txdx9dcAoMt
lA/GRBu/CoqA48O4vV3RyrB0ZNSYyAYTuVRjJ+50d427InaUwrwaYCakpbxXKrlH
jvb2gKtXnvIpNnE32N1whORBGU+srEO8tz/Il5AYrZ21ESIixX9pftAgIiEMc7Xw
WmV3NexkHZGvyCG1vq62LzNxgEBN3Ng013gYdLXbO1y/pXcSRHGRdidvIwYefBbs
Yo6yvsUgdtfeAwlCC+ojgB6rTKhlbk2Yex6y9sxRCSMHibiwnveuNez+
-----END ENCRYPTED PRIVATE KEY-----
示例PEM在mobilefish上创建并复制/粘贴:
>>> certdata = """-----BEGIN CERTIFICATE-----
... MIID0zCCAzygAwIBAgIBADANBgkqhkiG9w0BAQQFADCBqDELMAkGA1UEBhMCbmwx
... FjAUBgNVBAgTDU5vb3JkLUhvbGxhbmQxFzAVBgNVBAoTDk1vYmlsZWZpc2guY29t
... MRAwDgYDVQQHEwdaYWFuZGFtMRIwEAYDVQQLEwlNYXJrZXRpbmcxGzAZBgNVBAMT
... End3dy5tb2JpbGVmaXNoLmNvbTElMCMGCSqGSIb3DQEJARYWY29udGFjdEBtb2Jp
... bGVmaXNoLmNvbTAeFw0xNTExMTQwMjAyNDlaFw0xNjExMTMwMjAyNDlaMIGoMQsw
... CQYDVQQGEwJubDEWMBQGA1UECBMNTm9vcmQtSG9sbGFuZDEXMBUGA1UEChMOTW9i
... aWxlZmlzaC5jb20xEDAOBgNVBAcTB1phYW5kYW0xEjAQBgNVBAsTCU1hcmtldGlu
... ZzEbMBkGA1UEAxMSd3d3Lm1vYmlsZWZpc2guY29tMSUwIwYJKoZIhvcNAQkBFhZj
... b250YWN0QG1vYmlsZWZpc2guY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
... gQC2Yw+5xKhhelVmH7Weu9eMhreuRvQXuNsyi5SA0sBXboOybox5oJZAWbL84KN5
... gX1qN7U62szotl3K49bRlzbKu/TmcVdJYlRlnwusL5XQJDKv+uERlUU0QDXeswEu
... M93UxkeN/j0vKfjp8k/Ny4qc5pNOT/dqNRyx01pVFV8NFwIDAQABo4IBCTCCAQUw
... HQYDVR0OBBYEFKEXjyTmz/vOVxHbtJCJUraUZhxsMIHVBgNVHSMEgc0wgcqAFKEX
... jyTmz/vOVxHbtJCJUraUZhxsoYGupIGrMIGoMQswCQYDVQQGEwJubDEWMBQGA1UE
... CBMNTm9vcmQtSG9sbGFuZDEXMBUGA1UEChMOTW9iaWxlZmlzaC5jb20xEDAOBgNV
... BAcTB1phYW5kYW0xEjAQBgNVBAsTCU1hcmtldGluZzEbMBkGA1UEAxMSd3d3Lm1v
... YmlsZWZpc2guY29tMSUwIwYJKoZIhvcNAQkBFhZjb250YWN0QG1vYmlsZWZpc2gu
... Y29tggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAanK63a/8Emwl
... v4i8XI57hkt3Iq0NbMveGT01DrBiRUJ/Uf7jpS+j4blcaUUJ6JuOk+wrwYZIZqZE
... 9mHfiPKMNps22OYXoHkaZPcxtofpyTGE2tnW2ReauTKCVPSczQPqn7mhBG2t6TJs
... YBpp0s2I/q7a4bVbowibPbO3RK1kBcA=
... -----END CERTIFICATE-----"""
>>> privkeydata = """-----BEGIN RSA PRIVATE KEY-----
... MIICXAIBAAKBgQC2Yw+5xKhhelVmH7Weu9eMhreuRvQXuNsyi5SA0sBXboOybox5
... oJZAWbL84KN5gX1qN7U62szotl3K49bRlzbKu/TmcVdJYlRlnwusL5XQJDKv+uER
... lUU0QDXeswEuM93UxkeN/j0vKfjp8k/Ny4qc5pNOT/dqNRyx01pVFV8NFwIDAQAB
... AoGBAIzWW/tYV6nGHJHapJWpeZ4DHW2PTsfOsD0MuaTsmSgqp7muUf1Nuxh/644I
... LVQTYPQXhnOnJ5n/0NduLqD0ApMk2IAdP0w224Yk3HJaMTu/KgOMj7gyDJvUOncY
... GNoxRZ9Fz/ByNUdL+OmZdECaSbcVR/PftYlduEFdy5PEcGBBAkEA8ab14UgMz7Tw
... 5zy32QWljTlmLBAuFZ73tbxNpDlX4WtP3ye1eAGm2usNVjf9vtfpfXspicgPI9z8
... Va2en2q1twJBAME3SZw/pmhijjn8+0FLO7ieooHfnEJ7XZWeEVnPU9cW66fe6EqN
... foToJadmU6avWFiIRYPazRECCgzOxkDrY6ECQCXzBmIeooRr8fkee/DFBj6raPQ6
... hkI2+Me9jqPfrYFlDOIKpmD2QXHXv/xuRpcV6UEfemJ83IPRTH9YCLUYWPkCQEu8
... eT0m8fquzyNJ188DR3iZrgeMeDrTEp7oI9L5YtrH4D2gMZuvlO1R9hiFErsetlmV
... qPIDXSiSjQ/yKWIfIqECQH8Q7WuTIpNbJjoMOoLZ18NqTDPFOG/L0BFeb/ovMZ06
... LNLN9K1eJ0ZQUHy447A3auCeMhJLG8JfBG7Kjk4wul4=
... -----END RSA PRIVATE KEY-----"""