Skip to main content

pure python jks file parser

Project description

pyjks
=====

A pure python Java KeyStore file parser, including private key decryption.

Usage example (transforming an encrypted jks file into an OpenSSL context):
```python
import OpenSSL
import jks

_ASN1 = OpenSSL.crypto.FILETYPE_ASN1

def jksfile2context(jks_file, passphrase):
keystore = jks.KeyStore.load(jks_file, passphrase)
pkey = OpenSSL.crypto.load_privatekey(_ASN1, keystore.private_key.pkey)
trusted_certs = [OpenSSL.crypto.load_certificate(_ASN1, cert.cert)
for cert in keystore.certs]
public_cert = OpenSSL.crypto.load_certificate(
_ASN1, keystore.private_keys[0].cert_chain[0][1])

ctx = OpenSSL.SSL.Context(OpenSSL.SSL.TLSv1_METHOD)
ctx.use_privatekey(pkey)
ctx.use_certificate(public_cert)
#want to know ASAP if there is a problem with the protected
ctx.check_privatekey()
cert_store = ctx.get_cert_store()
for cert in trusted_certs:
cert_store.add_cert(cert)
return ctx

```

The best way to utilize a certificate stored in a jks file up to this point has been
to use the java keytool command to transform to pkcs12, and then openssl to transform to pem.

This is better:

1- no security concerns in passwords going into command line arguments, or unencrypted files being left around

2- no dependency on a JVM

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for pyjks, version 0.2
Filename, size File type Python version Upload date Hashes
Filename, size pyjks-0.2.zip (3.2 kB) File type Source Python version None Upload date Hashes View

Supported by

Pingdom Pingdom Monitoring Google Google Object Storage and Download Analytics Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page