PKI tools for e.g. checking certificate CRL/OCSP revocation
Project description
PKI tools exposes a high level cryptography API and wrappers for e.g.:
- Loading certificates from PEM strings/files/cryptography object into a pydantic model including all x509 v3 extensions
- Checking revocation of certificates using OCSP with CRL fallback
- Creating Certs, CSR, CRL easy with pure pydantic objects to e.g. get a PEM file
Docs
Documentation is available at: https://pki-tools.fulder.dev
Quickstart
Install
pip install pki-tools
Usage
Loading from PEM
from pki_tools import Certificate, Chain, CertificateSigningRequest
cert_pem = """
-----BEGIN CERTIFICATE-----
<CERT_PEM_BYTES>
-----END CERTIFICATE-----
"""
issuer_cert_pem = """
-----BEGIN CERTIFICATE-----
<ISSUER_CERT_PEM_BYTES>
-----END CERTIFICATE-----
"""
csr_pem= """
-----BEGIN CERTIFICATE REQUEST-----
<CSR_PEM_BYTES>
-----END CERTIFICATE REQUEST-----
"""
cert = Certificate.from_pem_string(cert_pem)
chain = Chain.from_pem_string(issuer_cert_pem)
csr = CertificateSigningRequest.from_pem_string(csr_pem)
Checking revocation using OCSP with CRL fallback
The following example uses cert and chain from the loading examples above
from pki_tools import is_revoked
if is_revoked(cert, chain):
print("Certificate Revoked!")
Creating
Self signed certificate
import datetime
from pki_tools import (
Certificate,
Name,
Validity,
RSAKeyPair,
SHA512,
)
name = Name(cn=["Cert CN"])
cert = Certificate(
subject=name,
issuer=name,
validity=Validity(
not_before=datetime.datetime.today(),
not_after=datetime.datetime.today() + datetime.timedelta(days=1),
),
)
cert.sign(RSAKeyPair.generate(), SHA512)
print(cert.pem_string)
Create CSR
from pki_tools import (
Name,
CertificateSigningRequest,
RSAKeyPair,
SHA512,
)
name = Name(cn=["Cert CN"])
csr = CertificateSigningRequest(subject=name)
csr.sign(RSAKeyPair.generate(), SHA512)
print(csr.pem_string)
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
pki_tools-0.0.40.tar.gz
(26.4 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file pki_tools-0.0.40.tar.gz.
File metadata
- Download URL: pki_tools-0.0.40.tar.gz
- Upload date:
- Size: 26.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.8.2 CPython/3.10.12 Linux/6.5.0-1015-azure
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c0e59d9de1a0447311fef3ce3ec46790fac0916a2ede3d092c28ced9685d7a24
|
|
| MD5 |
6693cc915f79b952b79eec91a2c78dfe
|
|
| BLAKE2b-256 |
01fee813b79458e202a3406e3172a1c80cd99c88d283cd642fef2bfd40e23ddf
|
File details
Details for the file pki_tools-0.0.40-py3-none-any.whl.
File metadata
- Download URL: pki_tools-0.0.40-py3-none-any.whl
- Upload date:
- Size: 34.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.8.2 CPython/3.10.12 Linux/6.5.0-1015-azure
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
718fc5e2870f09e46ea1e09f803527373906b202e730f9a516f5a3536f7d91dd
|
|
| MD5 |
a18529c99ef2d28e53b6cef566446391
|
|
| BLAKE2b-256 |
5aa3c528174a7eb88138db401f6bc2973e3a1091a80425ba71c8f12e86fd365e
|
