本文整理汇总了Python中OpenSSL.crypto.PKey.generate_key方法的典型用法代码示例。如果您正苦于以下问题:Python PKey.generate_key方法的具体用法?Python PKey.generate_key怎么用?Python PKey.generate_key使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类OpenSSL.crypto.PKey的用法示例。
在下文中一共展示了PKey.generate_key方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: _sign_ca
# 需要导入模块: from OpenSSL.crypto import PKey [as 别名]
# 或者: from OpenSSL.crypto.PKey import generate_key [as 别名]
def _sign_ca(self,cn,cnp):
#使用合法的CA证书为代理程序生成服务器证书
# create certificate
try:
key = PKey()
key.generate_key(TYPE_RSA, 2048)
# Generate CSR
req = X509Req()
req.get_subject().CN = cn
req.set_pubkey(key)
req.sign(key, 'sha256')
# Sign CSR
cert = X509()
cert.set_version(2)
cert.set_subject(req.get_subject())
cert.set_serial_number(self.serial)
cert.gmtime_adj_notBefore(0)
cert.gmtime_adj_notAfter(31536000)
cert.set_issuer(self.cert.get_subject())
ss = ("DNS:%s" % cn).encode(encoding="utf-8")
cert.add_extensions(
[X509Extension(b"subjectAltName", False, ss)])
cert.set_pubkey(req.get_pubkey())
cert.sign(self.key, 'sha256')
with open(cnp, 'wb+') as f:
f.write(dump_privatekey(FILETYPE_PEM, key))
f.write(dump_certificate(FILETYPE_PEM, cert))
except Exception as e:
raise Exception("generate CA fail:{}".format(str(e)))示例2: __getitem__
# 需要导入模块: from OpenSSL.crypto import PKey [as 别名]
# 或者: from OpenSSL.crypto.PKey import generate_key [as 别名]
def __getitem__(self, cn):
cnp = path.sep.join([self.cache_dir, '.pymp_%s.pem' % cn])
if not path.exists(cnp):
# create certificate
key = PKey()
key.generate_key(TYPE_RSA, 2048)
# Generate CSR
req = X509Req()
req.get_subject().CN = cn
req.set_pubkey(key)
req.sign(key, 'sha1')
# Sign CSR
cert = X509()
cert.set_subject(req.get_subject())
cert.set_serial_number(self.serial)
cert.gmtime_adj_notBefore(0)
cert.gmtime_adj_notAfter(31536000)
cert.set_issuer(self.cert.get_subject())
cert.set_pubkey(req.get_pubkey())
cert.sign(self.key, 'sha1')
with open(cnp, 'wb+') as f:
f.write(dump_privatekey(FILETYPE_PEM, key))
f.write(dump_certificate(FILETYPE_PEM, cert))
return cnp示例3: make_certificate
# 需要导入模块: from OpenSSL.crypto import PKey [as 别名]
# 或者: from OpenSSL.crypto.PKey import generate_key [as 别名]
def make_certificate(
ca_crt_path = 'ca.crt',
ca_key_path = 'ca.key',
server_crt_path = 'server.crt',
server_key_path = 'server.key',
vars=None):
# make the certificat of CA
# need passphrase ?
ca_key = PKey()
ca_key.generate_key(TYPE_RSA, 1024)
dump_write(dump_privatekey(FILETYPE_PEM, ca_key),
ca_key_path)
# MAKE THE CA SELF-SIGNED CERTIFICATE
cert = X509()
sub = cert.get_subject()
set_x509_ca(sub, vars=vars)
#FORMAT : YYYYMMDDhhmmssZ
after = '20200101000000Z'
before = '20090101000000Z'
cert.set_notAfter(after)
cert.set_notBefore(before)
cert.set_serial_number(1)
cert.set_pubkey(ca_key)
cert.set_issuer(cert.get_subject())
cert.sign(ca_key,"MD5")
dump_write(dump_certificate(FILETYPE_PEM, cert),
ca_crt_path)
print "Generated CA certificate in %s" % ca_crt_path
# MAKE THE SERVER CERTIFICATE
s_key = PKey()
s_key.generate_key(TYPE_RSA, 1024)
dump_write(dump_privatekey(FILETYPE_PEM, s_key),
server_key_path)
s_cert = X509()
s_sub = s_cert.get_subject()
set_x509_serv(s_sub, vars=vars)
#FORMAT : YYYYMMDDhhmmssZ
after = '20200101000000Z'
before = '20090101000000Z'
s_cert.set_notAfter(after)
s_cert.set_notBefore(before)
s_cert.set_serial_number(2)
s_cert.set_pubkey(s_key)
s_cert.set_issuer(cert.get_subject())
s_cert.sign(ca_key,"MD5")
dump_write(dump_certificate(FILETYPE_PEM, s_cert),
server_crt_path)
print "Generated Server certificate in %s" % server_crt_path
for p in [ca_key_path, server_key_path]:
os.chmod(p, 0600)示例4: test_use_privatekey
# 需要导入模块: from OpenSSL.crypto import PKey [as 别名]
# 或者: from OpenSSL.crypto.PKey import generate_key [as 别名]
def test_use_privatekey(self):
"""
L{Context.use_privatekey} takes an L{OpenSSL.crypto.PKey} instance.
"""
key = PKey()
key.generate_key(TYPE_RSA, 128)
ctx = Context(TLSv1_METHOD)
ctx.use_privatekey(key)
self.assertRaises(TypeError, ctx.use_privatekey, "")示例5: gen_rsa_key
# 需要导入模块: from OpenSSL.crypto import PKey [as 别名]
# 或者: from OpenSSL.crypto.PKey import generate_key [as 别名]
def gen_rsa_key(bits):
"""
Generate an RSA key and returns it in PEM format.
:rtype: An RSA key as an `pyopenssl.OpenSSL.crypto.PKey`
"""
key = PKey()
key.generate_key(TYPE_RSA, bits)
return crypto.dump_privatekey(SSL.FILETYPE_PEM, key)示例6: test_rsaGeneration
# 需要导入模块: from OpenSSL.crypto import PKey [as 别名]
# 或者: from OpenSSL.crypto.PKey import generate_key [as 别名]
def test_rsaGeneration(self):
"""
L{PKeyType.generate_key} generates an RSA key when passed
L{TYPE_RSA} as a type and a reasonable number of bits.
"""
bits = 128
key = PKey()
key.generate_key(TYPE_RSA, bits)
self.assertEqual(key.type(), TYPE_RSA)
self.assertEqual(key.bits(), bits)示例7: test_regeneration
# 需要导入模块: from OpenSSL.crypto import PKey [as 别名]
# 或者: from OpenSSL.crypto.PKey import generate_key [as 别名]
def test_regeneration(self):
"""
L{PKeyType.generate_key} can be called multiple times on the same
key to generate new keys.
"""
key = PKey()
for type, bits in [(TYPE_RSA, 512), (TYPE_DSA, 576)]:
key.generate_key(type, bits)
self.assertEqual(key.type(), type)
self.assertEqual(key.bits(), bits)示例8: test_signWithPublicKey
# 需要导入模块: from OpenSSL.crypto import PKey [as 别名]
# 或者: from OpenSSL.crypto.PKey import generate_key [as 别名]
def test_signWithPublicKey(self):
"""
L{X509Req.sign} raises L{ValueError} when pass a L{PKey} with no
private part as the signing key.
"""
request = self.signable()
key = PKey()
key.generate_key(TYPE_RSA, 512)
request.set_pubkey(key)
pub = request.get_pubkey()
self.assertRaises(ValueError, request.sign, pub, 'MD5')示例9: createDGPairs
# 需要导入模块: from OpenSSL.crypto import PKey [as 别名]
# 或者: from OpenSSL.crypto.PKey import generate_key [as 别名]
def createDGPairs(username):
private_path = 'private/'
public_path = 'public/'
private_path += username
public_path += username
P = PKey()
P.generate_key(TYPE_RSA, 1024)
#写入
with open(public_path,'w') as f:
f.write(dump_publickey(FILETYPE_PEM, P).decode('utf-8'))
with open(private_path,'w') as f:
f.write(dump_privatekey(FILETYPE_PEM, P).decode('utf-8'))示例10: test_dsaGeneration
# 需要导入模块: from OpenSSL.crypto import PKey [as 别名]
# 或者: from OpenSSL.crypto.PKey import generate_key [as 别名]
def test_dsaGeneration(self):
"""
L{PKeyType.generate_key} generates a DSA key when passed
L{TYPE_DSA} as a type and a reasonable number of bits.
"""
# 512 is a magic number. The DSS (Digital Signature Standard)
# allows a minimum of 512 bits for DSA. DSA_generate_parameters
# will silently promote any value below 512 to 512.
bits = 512
key = PKey()
key.generate_key(TYPE_DSA, bits)
self.assertEqual(key.type(), TYPE_DSA)
self.assertEqual(key.bits(), bits)示例11: check_success
# 需要导入模块: from OpenSSL.crypto import PKey [as 别名]
# 或者: from OpenSSL.crypto.PKey import generate_key [as 别名]
def check_success(self):
"""
Call the method repeatedly such that it will return a PKey object.
"""
small = xrange(3)
for i in xrange(self.iterations):
key = PKey()
key.generate_key(TYPE_DSA, 256)
for i in small:
cert = X509()
cert.set_pubkey(key)
for i in small:
cert.get_pubkey()示例12: create_session_cert
# 需要导入模块: from OpenSSL.crypto import PKey [as 别名]
# 或者: from OpenSSL.crypto.PKey import generate_key [as 别名]
def create_session_cert(cacert, cakey, cn='localhost', serial=1):
LOG.debug('Creating session certificate')
key = PKey()
key.generate_key(TYPE_RSA, 1024)
cert = X509()
cert.get_subject().CN = cn
cert.set_serial_number(serial)
cert.gmtime_adj_notBefore(0)
cert.gmtime_adj_notAfter(365*24*60*60)
cert.set_issuer(cacert.get_subject())
cert.set_pubkey(key)
cert.sign(cakey, 'sha1')
return cert, key示例13: makeCertificate
# 需要导入模块: from OpenSSL.crypto import PKey [as 别名]
# 或者: from OpenSSL.crypto.PKey import generate_key [as 别名]
def makeCertificate(**kw):
keypair = PKey()
keypair.generate_key(TYPE_RSA, 512)
certificate = X509()
certificate.gmtime_adj_notBefore(0)
certificate.gmtime_adj_notAfter(60 * 60 * 24 * 365) # One year
for xname in certificate.get_issuer(), certificate.get_subject():
for (k, v) in kw.items():
setattr(xname, k, v)
certificate.set_serial_number(counter())
certificate.set_pubkey(keypair)
certificate.sign(keypair, "md5")
return keypair, certificate示例14: create_self_signed_cacert
# 需要导入模块: from OpenSSL.crypto import PKey [as 别名]
# 或者: from OpenSSL.crypto.PKey import generate_key [as 别名]
def create_self_signed_cacert():
LOG.debug('Creating CA certificate')
cakey = PKey()
cakey.generate_key(TYPE_RSA, 1024)
cacert = X509()
cacert.get_subject().CN = 'n3'
cacert.set_serial_number(1)
cacert.gmtime_adj_notBefore(0)
cacert.gmtime_adj_notAfter(365*24*60*60)
cacert.set_issuer(cacert.get_subject())
cacert.set_pubkey(cakey)
cacert.add_extensions([
X509Extension(b'basicConstraints', True, b'CA:TRUE, pathlen:0'),
X509Extension(b'keyUsage', True, b'keyCertSign, cRLSign'),
X509Extension(b'subjectKeyIdentifier', False, b'hash', subject=cacert)])
cacert.sign(cakey, 'sha1')
return cacert, cakey示例15: create_csr
# 需要导入模块: from OpenSSL.crypto import PKey [as 别名]
# 或者: from OpenSSL.crypto.PKey import generate_key [as 别名]
def create_csr(store,
dn_cn,
hostcert,
sans = None,
dn_ou = CS_DEF_RA_OU,
dn_l = CS_DEF_RA_L,
dn_o = CS_DEF_CA_O,
dn_c = CS_DEF_CA_C,
email = CS_DEF_EMAIL,
keybits = CS_DEF_KEYBITS,
):
""" Create a CSR PEM string for the given parameters. """
if not store.get_state() == CS_Const.Nothing:
raise Exception("Certificate in wrong state to create new CSR.")
# Generate a key
key = PKey()
key.generate_key(crypto.TYPE_RSA, keybits)
# Generate a CSR
csr = X509Req()
csr.set_pubkey(key)
dn = csr.get_subject()
dn.CN = dn_cn
dn.OU = dn_ou
dn.L = dn_l
dn.O = dn_o
dn.C = dn_c
# Create the relevant extension
if hostcert:
ext_details = ["DNS:%s" % dn_cn]
else:
ext_details = ["email:%s" % email]
if sans:
ext_details.extend(sans)
ext = X509Extension("subjectAltName", False, ','.join(ext_details))
csr.add_extensions([ext])
csr.sign(key, "md5")
# Convert the CSR & KEY to PEM files
key_pem = crypto.dump_privatekey(crypto.FILETYPE_PEM, key)
csr_pem = crypto.dump_certificate_request(crypto.FILETYPE_PEM, csr)
# Write them out to the store
store.write(CS_Const.KEY_FILE, key_pem, CS_DEF_KEYPERMS)
store.write(CS_Const.CSR_FILE, csr_pem, CS_DEF_CSRPERMS)
# Just to be 100% sure everything is compabile...
# ... Ensure the key is in PKCS#1 format
CS_CertTools.pkcs8_to_pkcs1(store.get_path(CS_Const.KEY_FILE))