python serialization cryptography pem certificate-revocation

How to Serialize Python Cryptography CRL Object into PEM

I use python cryptography package to create a CRL object. But I need to convert this object into PEM format. In their documentation they don't seem to have an opposite of deserialization operation x509.load_pem_x509_crl. At the end of the codes below, how do I convert "crl" to PEM. Any idea?

from cryptography import x509
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.x509.oid import NameOID
import datetime
one_day = datetime.timedelta(1, 0, 0)
private_key = rsa.generate_private_key(
    public_exponent=65537,
    key_size=2048,
)
builder = x509.CertificateRevocationListBuilder()
builder = builder.issuer_name(x509.Name([
    x509.NameAttribute(NameOID.COMMON_NAME, u'cryptography.io CA'),
]))
builder = builder.last_update(datetime.datetime.today())
builder = builder.next_update(datetime.datetime.today() + one_day)
revoked_cert = x509.RevokedCertificateBuilder().serial_number(
    333
).revocation_date(
    datetime.datetime.today()
).build()
builder = builder.add_revoked_certificate(revoked_cert)
crl = builder.sign(
    private_key=private_key, algorithm=hashes.SHA256(),
)
# how to convert crl to PEM?

Solution

The CertificateRevocationListBuilder#sign() method returns a CertificateRevocationList object whose public_bytes() method can be used to perform serialization.

Deserialization is done with x509.load_pem_x509_crl().

Example:

...

# Serialize
from cryptography.hazmat.primitives import serialization
pem = crl.public_bytes(encoding=serialization.Encoding.PEM)
print(pem.decode('utf8'))

# Deserialize
from cryptography import x509
crl = x509.load_pem_x509_crl(pem)
pem = crl.public_bytes(encoding=serialization.Encoding.PEM) # Check
print(pem.decode('utf8'))

with e.g. the following output: