PKI tools for e.g. checking certificate CRL/OCSP revocation

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for m_fulder from gravatar.com m_fulder

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: Michal Sadowski
  • Requires: Python >=3.8, <4.0
Classifiers

Project description

Python Badge

PKI tools exposes a high level cryptography API and wrappers for e.g.:

  • Loading certificates from PEM strings/files/cryptography object into a pydantic model including all x509 v3 extensions
  • Checking revocation of certificates using OCSP with CRL fallback
  • Creating Certs, CSR, CRL easy with pure pydantic objects to e.g. get a PEM file

Docs

Documentation is available at: https://pki-tools.fulder.dev

Quickstart

Install

pip install pki-tools

Usage

Loading from PEM

from pki_tools import Certificate, Chain, CertificateSigningRequest

cert_pem = """
-----BEGIN CERTIFICATE-----
<CERT_PEM_BYTES>
-----END CERTIFICATE-----
"""

issuer_cert_pem = """
-----BEGIN CERTIFICATE-----
<ISSUER_CERT_PEM_BYTES>
-----END CERTIFICATE-----
"""

csr_pem= """
-----BEGIN CERTIFICATE REQUEST-----
<CSR_PEM_BYTES>
-----END CERTIFICATE REQUEST-----
"""


cert = Certificate.from_pem_string(cert_pem)
chain = Chain.from_pem_string(issuer_cert_pem)
csr = CertificateSigningRequest.from_pem_string(csr_pem)

Checking revocation using OCSP with CRL fallback

The following example uses cert and chain from the loading examples above

from pki_tools import is_revoked

if is_revoked(cert, chain):
    print("Certificate Revoked!")

Creating

Self signed certificate
import datetime
from pki_tools import (
    Certificate,
    Name,
    Validity,
    RSAKeyPair,
    SignatureAlgorithm,
    HashAlgorithm,
    HashAlgorithmName,
)

name = Name(cn=["Cert CN"])

cert = Certificate(
    subject=name,
    issuer=name,
    validity=Validity(
        not_before=datetime.datetime.today(),
        not_after=datetime.datetime.today() + datetime.timedelta(days=1),
    ),
)

sha512_alg = SignatureAlgorithm(
    algorithm=HashAlgorithm(name=HashAlgorithmName.SHA512)
)

cert.sign(RSAKeyPair.generate(), sha512_alg)

print(cert.pem_string)

Create CSR

from pki_tools import (
  Name,
  HashAlgorithm,
  HashAlgorithmName,
  CertificateSigningRequest,
  SignatureAlgorithm,
  RSAKeyPair,
)

name = Name(cn=["Cert CN"])

csr = CertificateSigningRequest(subject=name)

sha512_alg = SignatureAlgorithm(
  algorithm=HashAlgorithm(name=HashAlgorithmName.SHA512)
)

csr.sign(RSAKeyPair.generate(), sha512_alg)

print(csr.pem_string)

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for m_fulder from gravatar.com m_fulder

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: Michal Sadowski
  • Requires: Python >=3.8, <4.0
Classifiers

Release history Release notifications | RSS feed

1.0.6

1.0.5

1.0.4

1.0.3

1.0.2

1.0.1

1.0.0

0.0.49

0.0.48

0.0.47

0.0.46

0.0.45

0.0.44

0.0.43

0.0.42

0.0.41

0.0.40

0.0.39

0.0.38

0.0.37

0.0.36

0.0.35

0.0.34

0.0.33

This version

0.0.32

0.0.31

0.0.30

0.0.29

0.0.28

0.0.27

0.0.26

0.0.25

0.0.24

0.0.23

0.0.22

0.0.21

0.0.20

0.0.19

0.0.18

0.0.17

0.0.16

0.0.15

0.0.14

0.0.13

0.0.12

0.0.11

0.0.10

0.0.9

0.0.8

0.0.7

0.0.6

0.0.5

0.0.4

0.0.3

0.0.2

0.0.1

0.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pki_tools-0.0.32.tar.gz (25.5 kB view hashes)

Uploaded Source

Built Distribution

pki_tools-0.0.32-py3-none-any.whl (33.3 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page