PKI tools for e.g. checking certificate CRL/OCSP revocation
Project description
PKI tools exposes a high level cryptography API and wrappers for e.g.:
- Loading certificates from PEM strings/files/cryptography object into a pydantic model including all x509 v3 extensions
- Checking revocation of certificates using OCSP with CRL fallback
- Creating Certs, CSR, CRL easy with pure pydantic objects to e.g. get a PEM file
Docs
Documentation is available at: https://pki-tools.fulder.dev
Quickstart
Install
pip install pki-tools
Usage
Loading from PEM
from pki_tools import Certificate, Chain, CertificateSigningRequest
cert_pem = """
-----BEGIN CERTIFICATE-----
<CERT_PEM_BYTES>
-----END CERTIFICATE-----
"""
issuer_cert_pem = """
-----BEGIN CERTIFICATE-----
<ISSUER_CERT_PEM_BYTES>
-----END CERTIFICATE-----
"""
csr_pem= """
-----BEGIN CERTIFICATE REQUEST-----
<CSR_PEM_BYTES>
-----END CERTIFICATE REQUEST-----
"""
cert = Certificate.from_pem_string(cert_pem)
chain = Chain.from_pem_string(issuer_cert_pem)
csr = CertificateSigningRequest.from_pem_string(csr_pem)
Checking revocation using OCSP with CRL fallback
The following example uses cert and chain from the loading examples above
from pki_tools import is_revoked
if is_revoked(cert, chain):
print("Certificate Revoked!")
Creating
Self signed certificate
import datetime
from pki_tools import (
Certificate,
Name,
Validity,
RSAKeyPair,
SignatureAlgorithm,
HashAlgorithm,
HashAlgorithmName,
)
name = Name(cn=["Cert CN"])
cert = Certificate(
subject=name,
issuer=name,
validity=Validity(
not_before=datetime.datetime.today(),
not_after=datetime.datetime.today() + datetime.timedelta(days=1),
),
)
sha512_alg = SignatureAlgorithm(
algorithm=HashAlgorithm(name=HashAlgorithmName.SHA512)
)
cert.sign(RSAKeyPair.generate(), sha512_alg)
print(cert.pem_string)
Create CSR
from pki_tools import (
Name,
HashAlgorithm,
HashAlgorithmName,
CertificateSigningRequest,
SignatureAlgorithm,
RSAKeyPair,
)
name = Name(cn=["Cert CN"])
csr = CertificateSigningRequest(subject=name)
sha512_alg = SignatureAlgorithm(
algorithm=HashAlgorithm(name=HashAlgorithmName.SHA512)
)
csr.sign(RSAKeyPair.generate(), sha512_alg)
print(csr.pem_string)
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
pki_tools-0.0.32.tar.gz
(25.5 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file pki_tools-0.0.32.tar.gz.
File metadata
- Download URL: pki_tools-0.0.32.tar.gz
- Upload date:
- Size: 25.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.8.1 CPython/3.10.12 Linux/6.5.0-1015-azure
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
7eb26383a089245d813ab7a2cfe5d37ef9e2cc0f28c656e2063738689ae9a967
|
|
| MD5 |
53d06b26f47fe0458c5de24e6d6e2737
|
|
| BLAKE2b-256 |
de4f62fc61a0ac404755bed3101f44bccf5e41e7a9165b3bacde74193a43913b
|
File details
Details for the file pki_tools-0.0.32-py3-none-any.whl.
File metadata
- Download URL: pki_tools-0.0.32-py3-none-any.whl
- Upload date:
- Size: 33.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.8.1 CPython/3.10.12 Linux/6.5.0-1015-azure
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a122321f17aa59848e23ad73c2a4ffaef7f835dbe6406adaf536d7e33c49c8fb
|
|
| MD5 |
a3c6bee04e7593d04b05e4588b9fff1a
|
|
| BLAKE2b-256 |
31d79f6601fb08893ab0efe41e7cd64f1bcf1798e2d6a34ada69af45b2c60d78
|
