PKI tools for e.g. checking certificate CRL/OCSP revocation
Project description
pki-tools
PKI tools exposes a high level cryptography
API for e.g.:
- checking revocation of certificates:
- using CRL defined in the x509 CRL distribution points extension (https://datatracker.ietf.org/doc/html/rfc5280.html#section-4.2.1.13)
- using OCSP defined in the x509 Authority Information Access extension (https://datatracker.ietf.org/doc/html/rfc5280.html#section-4.2.2.1)
- loading certificates from PEM format
- saving certificates to files
- reading certificates from files
Installation
pip install pki-tools
Usage
See Documentation for available functions.
Examples
Checking OCSP and CRL revocation
The following examples uses PEM strings for certificate and issuer. Note that it's possible to use x509.Certificate parameters instead as well as OcspIssuerUri type for the issuer in order to download and cache the issuer certificate.
from pki_tools import is_revoked
from pki_tools.types import PemCert
cert_pem = """
-----BEGIN CERTIFICATE-----
<CERT_PEM_BYTES>
-----END CERTIFICATE-----
"""
issuer_cert_pem = """
-----BEGIN CERTIFICATE-----
<ISSUER_CERT_PEM_BYTES>
-----END CERTIFICATE-----
"""
if is_revoked(PemCert(cert_pem), PemCert(issuer_cert_pem)):
print("Certificate Revoked!")
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
pki_tools-0.0.7.tar.gz
(5.5 kB
view hashes)
Built Distribution
Close
Hashes for pki_tools-0.0.7-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 8c144ba666306111dca11e60f3242e86d385b8ecf5ade65c06105e8cea000777 |
|
MD5 | 4a08de71c3bddf43cc85cdd4dab5fb99 |
|
BLAKE2b-256 | bdbe2abc471120b711c1ef188f6b0e4b44361ad63893dfd35c7041d7fc4859c1 |