本文介绍了如何在Python中使用OpenSSL从pfx文件中提取密钥?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我需要使用pfx
文件中的certificate
和key
对xml
进行签名.
I need to sign an xml
with the certificate
and key
from a pfx
file.
换句话说,我有一个pfx文件,需要从其中提取pem
和key
来对我的xml
进行签名.
In other words, I have a pfx file, from where I need to extract the pem
an key
to sign my xml
.
我发现此脚本可以从pfx中提取笔和键,但是却给了我错误:
I've found this script to extract the pen and key from pfx, but is giving me error:
import OpenSSL.crypto
pfx_path = 'D:\\facturacion_electronica\\cetificado_prueba\\llama.pfx'
pfx_password = 'caballo123'
def load_public_key(pfx_path, pfx_password):
''' Read the public key and return as PEM encoded '''
# print('Opening:', pfx_path)
with open(pfx_path, 'rb') as f:
pfx_data = f.read()
# print('Loading PFX contents:')
pfx = OpenSSL.crypto.load_pkcs12(pfx_data, pfx_password)
public_key = OpenSSL.crypto.dump_publickey(
OpenSSL.crypto.FILETYPE_PEM,
p12.get_certificate().get_pubkey())
print(public_key)
return public_key
load_public_key(pfx_path, pfx_password)
错误:
python openssl.py
openssl.py:17: DeprecationWarning: str for passphrase is no longer accepted, use bytes
pfx = OpenSSL.crypto.load_pkcs12(pfx_data, pfx_password)
Traceback (most recent call last):
File "openssl.py", line 28, in <module>
load_public_key(pfx_path, pfx_password)
File "openssl.py", line 21, in load_public_key
p12.get_certificate().get_pubkey())
NameError: name 'p12' is not defined
提取了pem和密钥后,我将使用它来对XML进行签名:
from lxml import etree
from signxml import XMLSigner, XMLVerifier
passwd = 'caballo123'
cd = 'D:\\facturacion_electronica\\cetificado_prueba\\'
data_to_sign = "<Test/>"
cert = open("example.pem").read()
key = open("example.key").read()
root = etree.fromstring(data_to_sign)
signed_root = XMLSigner().sign(root, key=key, cert=cert)
verified_data = XMLVerifier().verify(signed_root).signed_xml
推荐答案
我已经在约翰·汉利(John Hanley)的个人页面上找到了答案:
I've found the answer on John Hanley personal page:
https://www.jhanley.com/google-cloud-extracting-private-key-from-service-account-p12-credentials/
import OpenSSL.crypto
import os
pfx_cert = 'D:\\facturacion_electronica\\cetificado_prueba\\llama.pfx'
pfx_password = b'caballo123'
###########################################################
# Version 1.00
# Date Created: 2018-12-21
# Last Update: 2018-12-21
# https://www.jhanley.com
# Copyright (c) 2018, John J. Hanley
# Author: John Hanley
###########################################################
# Convert a Google P12 (PFX) service account into private key and certificate.
# Convert an SSL Certifcate (PFX) into private key, certificate and CAs.
def write_CAs(filename, p12):
# Write the Certificate Authorities, if any, to filename
if os.path.exists(filename):
os.remove(filename)
ca = p12.get_ca_certificates()
if ca is None:
return
print('Creating Certificate CA File:', filename)
with open(filename, 'wb') as f:
for cert in ca:
f.write(OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, cert))
def pfx_to_pem(pfx_path, pfx_password, pkey_path, pem_path, pem_ca_path):
'''
Decrypt the P12 (PFX) file and create a private key file and certificate file.
Input:
pfx_path INPUT: This is the Google P12 file or SSL PFX certificate file
pfx_password INPUT: Password used to protect P12 (PFX)
pkey_path INPUT: File name to write the Private Key to
pem_path INPUT: File name to write the Certificate to
pem_ca_path INPUT: File name to write the Certificate Authorities to
'''
print('Opening:', pfx_path)
with open(pfx_path, 'rb') as f_pfx:
pfx = f_pfx.read()
print('Loading P12 (PFX) contents:')
p12 = OpenSSL.crypto.load_pkcs12(pfx, pfx_password)
print('Creating Private Key File:', pkey_path)
with open(pkey_path, 'wb') as f:
# Write Private Key
f.write(OpenSSL.crypto.dump_privatekey(OpenSSL.crypto.FILETYPE_PEM, p12.get_privatekey()))
print('Creating Certificate File:', pem_path)
with open(pem_path, 'wb') as f:
# Write Certificate
f.write(OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, p12.get_certificate()))
# Google P12 does not have certifiate authorities but SSL PFX certificates do
write_CAs(pem_ca_path, p12)
# Start here
pfx_to_pem(
pfx_cert, # Google Service Account P12 file
pfx_password, # P12 file password
'llama.key', # Filename to write private key
'llama_cert.pem', # Filename to write certificate
'llama_ca.pem') # Filename to write CAs if present
这篇关于如何在Python中使用OpenSSL从pfx文件中提取密钥?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!