pythoncryptographyopenssldigital-certificatepyopenssl

Python: reading a pkcs12 certificate with pyOpenSSL.crypto


I have a valid certificate issued by the spanish authority (FNMT) and I want to play with it to learn more about it. The file has extension .p12

I would like to read the information in it (first and last name) and check if the certificate is valid. Is it possible to do that with pyOpenSSL? I guess I have to use the crypto module in OpenSSL. Any help or useful link? Trying reading here: http://packages.python.org/pyOpenSSL/openssl-crypto.html but not much information :-(


Solution

  • It's fairly straight-forward to use. This isn't tested, but should work:

    # load OpenSSL.crypto
    from OpenSSL import crypto
    
    # open it, using password. Supply/read your own from stdin.
    p12 = crypto.load_pkcs12(open("/path/to/cert.p12", 'rb').read(), passwd)
    
    # get various properties of said file.
    # note these are PyOpenSSL objects, not strings although you
    # can convert them to PEM-encoded strings.
    p12.get_certificate()     # (signed) certificate object
    p12.get_privatekey()      # private key.
    p12.get_ca_certificates() # ca chain.
    

    For more examples, have a look through the unit test code of pyopenssl. Pretty much every way you might want to use the library is there

    See also here or without adverts here.