我使用 pyopenssl python 设置的密码来制作 .pfx 文件不适用

问题描述 投票:0回答:0

我使用 python 和 PyOpenSSL 包创建了一个 .pfx 文件。当我在 Adobe acrobat pro 中加载它时,它需要密码并且不接受给定的密码。

我正在尝试使用 python 和 PyOpenSSL 包来自动生成数字签名来实现它。我创建了我的私钥。使用它,我提出了一个证书请求,并创建了一个带有现有证书作为颁发者的证书。使用新准备的证书,我创建了一个带有密码的 .pfx 文件。当我尝试在 Adobe acrobat 中加载 .pfx 文件并输入给定的密码时,它会抛出错误密码。我在下面附上了我的代码,

RSA_E = 65537
RSA_BITS = 2048
def __init__(self):
    with open("user-com.crt", "rb") as f:
        ca_cert_pem = f.read()
        self.ca_cert = load_pem_x509_certificate(ca_cert_pem)
    with open("user-com.key", "rb") as f:
        ca_key_pem = f.read()
        self.ca_key = load_pem_private_key(ca_key_pem, password=None)
    self.create_pfx()
def create_pfx(self):
    key = ec.generate_private_key(ec.SECP256R1())
    private_key_bytes = key.private_bytes(
        encoding=Encoding.PEM,
        format=PrivateFormat.PKCS8,
        encryption_algorithm=NoEncryption()
    )
    with open('test2.key', 'wb') as f:
        f.write(private_key_bytes)
    CSRB = x509.CertificateSigningRequestBuilder()
    CSRB = CSRB.subject_name(x509.Name([
        x509.NameAttribute(x509.NameOID.COMMON_NAME, 'user'),
        x509.NameAttribute(x509.NameOID.ORGANIZATION_NAME, "user"),
        x509.NameAttribute(x509.NameOID.COUNTRY_NAME, "IN"),
        x509.NameAttribute(x509.NameOID.LOCALITY_NAME, "Chennai"),
        x509.NameAttribute(x509.NameOID.STATE_OR_PROVINCE_NAME, "Tamilnadu"),
        x509.NameAttribute(x509.NameOID.EMAIL_ADDRESS, "user.com")
    ]))
    CSRB = CSRB.add_extension(
        x509.BasicConstraints(ca=False, path_length=None), critical=True,
    )

    csr = CSRB.sign(key, hashes.SHA256(), 'password')
    csr_pem = csr.public_bytes(serialization.Encoding.PEM)
    with open("test2.csr", "wb") as f:
        f.write(csr_pem)

    builder = x509.CertificateBuilder()
    builder = builder.subject_name(csr.subject)
    builder = builder.issuer_name(self.ca_cert.subject)
    builder = builder.public_key(csr.public_key())
    builder = builder.serial_number(x509.random_serial_number())
    builder = builder.not_valid_before(datetime.utcnow())
    builder = builder.not_valid_after(datetime.utcnow() + timedelta(days=365))
    builder = builder.add_extension(x509.BasicConstraints(ca=False, path_length=None), critical=True)

    cert = builder.sign(self.ca_key, hashes.SHA256())
    cert_pem = cert.public_bytes(encoding=serialization.Encoding.PEM)
    with open("test2.crt", "wb") as f:
        f.write(cert_pem)

    pfx = serialize_key_and_certificates(
        "Test2 certificate and private key".encode("utf-8"),
        key,
        cert,
        None,
        serialization.BestAvailableEncryption(b'password')
    )
    with open("Test2.pfx", "wb") as f:
        f.write(pfx)
python-3.x automation openssl pyopenssl
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.