cryptosyspki 22.0.0

Python interface to CryptoSys PKI

This is a Python interface to the CryptoSys PKI Pro library.

CryptoSys PKI Pro is a library to carry out public key cryptography using RSA and ECDSA. You can generate and manage X.509 certificates, PKCS#8/PKCS#12 private keys and CMS/PKCS#7 objects. It includes all required supporting cryptographic utilities.

CryptoSys PKI Pro v22.0 or above must be installed on your system. This is available from

https://www.cryptosys.net/pki/.

To use in Python’s REPL

>>> from cryptosyspki import *
>>> Gen.version() # "hello world!" for CryptoSys PKI
210000
>>> Hash.hex_from_data(b'abc') # compute SHA-1 hash in hex of 'abc' as bytes
'a9993e364706816aba3e25717850c26c9cd0d89d'
>>> Hash.hex_from_string('abc', Hash.Alg.SHA256)   # same but over a string and using SHA-256
'ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad'
>>> h = Hash.data(b'abc')   # h is a byte array (bytes->bytes)
>>> print(Cnv.tohex(h))     # display the byte array in hex
A9993E364706816ABA3E25717850C26C9CD0D89D

If you don’t like import * and find cryptosyspki a bit long to type each time, try

>>> import cryptosyspki as pki
>>> pki.Gen.version() #  Underlying core PKI dll
210000
>>> pki.__version__   # cryptosyspki.py package
'21.0.0'

Examples

There is a series of tests in test_pki.py (source). You should find an example there of what you want to do.

These tests require a subdirectory work in the same folder which must contain all the required test files. A spare set of these test files is available separately in pkiPythonTestFiles.zip

test
|   test_pki.py
|
\---work
    |   <...all required test files>
    |
    \---tmp.XXXXXXXX
            <..temporary files...>

The test function creates a new temporary subdirectory each time, which is deleted automatically. If you want to keep this temp folder for debugging, then add the argument nodelete on the command line.

This structure is already set up in the distribution file, so unzip the file cryptosyspki-x.x.x.zip and open a command-line prompt in the test subdirectory. You can do any of the following.

1. python test_pki.py

2. py.test -v

3. Open the file test_pki.py using IDLE and select Run > Run Module (F5).

We’ve tested this using the Python 3.12.0 interpreter and IDLE, PyCharm 2023.2, and py.test.

Contact

For more information or to make suggestions, please contact us at https://www.cryptosys.net/contact/

David Ireland

DI Management Services Pty Ltd

Australia

<https://www.di-mgt.com.au> <https://www.cryptosys.net>

19 October 2023

Revision History

22.0.0 (2023-10-22)

• Changes to match main core CryptoSys PKI DLL module version 22.0.

21.0.1 (2023-04-19)

• Fixed error in test_pki.py for test_cnv_shortpathname().

• Updated documentation.

21.0.0 (2023-01-01)

• Changes to match main core CryptoSys PKI DLL module version 21.0.

• Added fix to work on Linux platform.

20.6.0 (2022-09-10)

• Changes to match main core CryptoSys PKI DLL module version 20.6.

20.5.0 (2022-07-18)

• Changes to match main core CryptoSys PKI DLL module version 20.5.

20.4.0 (2022-05-02)

• Changes to match main core CryptoSys PKI DLL module version 20.4.

20.3.0 (2022-01-05)

• Changes to match main core CryptoSys PKI DLL module version 20.3.

20.0.0 (2020-10-19)

• Changes to match main core CryptoSys PKI DLL module version 20.0.

12.4.0 (2020-05-13)

• Changes to match main core CryptoSys PKI DLL module version 12.4.

12.3.0 (2020-03-09)

• Changes to match main core CryptoSys PKI DLL module version 12.3.

12.2.0 (2019-12-27)

• Updated for Python 3.

• Changes to match main core module version 12.2.

• Added new methods Cms.*_bytes() to handle byte arrays specifically.

• The existing Cms.*_string() methods now handle full UTF-8-encoded strings.

• Removed Cnv.utf8_to_latin1() and Cnv.utf8_from_latin1() - not relevant with Python 3.

• Added Hash.hex_from_string() and Hmac.hex_from_string() methods to handle UTF-8 string types.

12.1.0 (2018-12-16)

• Changes to match main core module versions 12.0 and 12.1.

• Added support for RSA-PSS in RSA signatures, CMS signed-data objects and X.509 certificates.

• Added support for RSA-OAEP in RSA encryption and CMS enveloped-data objects.

• Added support for ECDSA in X.509 certificates.

• Added support for ZLIB compression.

• Added support for AES-GCM authenticated encryption.

• Added functions to read certificate strings from P7 chain files and PFX files.

• Added option for quicker single pass in Wipe.file().

• Changed parameter in Cms.make_sigdata_*() functions from Cms.HashAlg type to Cms.SigAlg.

11.3.0 (2017-10-31)

• Changes to match main core module (11.3).

11.2.0 (2017-08-11)

• Synchronized cryptosyspki.py version number with main core module (11.2).

• Substantial changes to inline documentation.

• Renamed Rng.bytes to Rng.bytestring to avoid clashes with Python built-in function.

• Changed optional parameters in X509.cert_path_is_valid() and X509.get_cert_count_from_p7().

0.1.1 (2016-08-27)

• Minor changes.

0.1.0 (2016-05-25)

• First release of cryptosyspki.py v0.1.0.