Skip to main content

CSR-only Swarmauri certificate service for PKCS#10 request generation with SANs, challenge passwords, and PEM or DER output.

Project description

Swarmauri Logo

PyPI - Downloads Hits PyPI - Python Version PyPI - License PyPI - swarmauri_certs_csronly Discord

Swarmauri CSR Only Certificate Service

swarmauri_certs_csronly provides CsrOnlyService, a focused Swarmauri certificate service for creating PKCS#10 certificate signing requests. It builds CSRs from PEM private key material in KeyRef, applies X.509 subject fields, optional subject alternative names, optional challenge passwords, and basic constraints, then returns PEM or DER CSR bytes.

Why Swarmauri CSR Only Certificate Service?

Use this package when certificate issuance is handled by another CA, but Swarmauri code still needs a standards-aligned CSR generator. It is useful for ACME, CFSSL, Azure, local CA, and enterprise PKI workflows where key generation and request construction are separated from certificate signing.

FAQ

Q: Does this package issue certificates?

A: No. CsrOnlyService does not create self-signed certificates, sign certificates, verify certificates, or parse certificates. Those methods intentionally raise NotImplementedError.

Q: What key types does it support?

A: supports() advertises RSA-2048, RSA-3072, RSA-4096, EC-P256, and Ed25519. Runtime signing uses cryptography private keys loaded from PEM bytes.

Q: Which CSR features are implemented?

A: CSR creation supports common subject fields, DNS/IP/URI/email SAN entries, PKCS#9 challenge password attributes, basic constraints, and DER or PEM output.

Q: Which standards does it align with?

A: The implementation targets PKCS#10 CSR generation from RFC 2986 and X.509 naming and extension semantics from RFC 5280.

Features

  • CsrOnlyService class registered under the swarmauri.certs entry point.
  • PKCS#10 CSR creation from PEM private keys stored in KeyRef.material.
  • Subject support for CN, C, ST, L, O, OU, and emailAddress.
  • Subject alternative name support for DNS names, IP addresses, URIs, and email addresses.
  • Optional challenge password attribute support.
  • Optional basic constraints extension support.
  • PEM output by default with DER output available through output_der=True.
  • Python 3.10, 3.11, 3.12, 3.13, and 3.14 support.

Prerequisites

  • PEM-encoded private key material available locally or through a KeyRef provider.
  • Subject metadata for the certificate request.
  • Optional SAN entries, basic constraints, and challenge passwords when required by the target CA.

Installation

Install with uv:

uv add swarmauri_certs_csronly

Install with pip:

pip install swarmauri_certs_csronly

Usage

Generate a CSR for example.com with DNS SAN entries:

import asyncio
from pathlib import Path

from swarmauri_certs_csronly import CsrOnlyService
from swarmauri_core.crypto.types import KeyRef


async def main() -> None:
    service = CsrOnlyService()
    key_ref = KeyRef(material=Path("example-key.pem").read_bytes())

    csr = await service.create_csr(
        key=key_ref,
        subject={"CN": "example.com", "O": "Example Inc"},
        san={"dns": ["example.com", "www.example.com"]},
    )
    Path("example.csr").write_bytes(csr)


asyncio.run(main())

Create a DER-encoded CSR with a challenge password and basic constraints:

import asyncio
from pathlib import Path

from swarmauri_certs_csronly import CsrOnlyService
from swarmauri_core.crypto.types import KeyRef


async def main() -> None:
    service = CsrOnlyService()
    key_ref = KeyRef(material=Path("root-ca-key.pem").read_bytes())

    csr = await service.create_csr(
        key=key_ref,
        subject={"CN": "Example Root CA"},
        extensions={"basic_constraints": {"ca": True, "path_len": 0}},
        challenge_password="change-me",
        output_der=True,
    )
    Path("root-ca.csr.der").write_bytes(csr)


asyncio.run(main())

Related Packages

Certificate service packages:

Foundational packages:

Best Practices

  • Generate new key pairs and CSRs ahead of certificate expiry to allow review and approval time.
  • Store private keys securely; KeyRef can reference hardware or cloud KMS backed material rather than local files.
  • Keep SAN lists minimal and auditable to avoid overly broad certificate requests.
  • Pair this service with a signing backend such as CFSSL, ACME, Azure, or a local CA package to form a complete issuance pipeline.

License

Apache-2.0

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

swarmauri_certs_csronly-0.11.0.dev1.tar.gz (9.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

swarmauri_certs_csronly-0.11.0.dev1-py3-none-any.whl (10.5 kB view details)

Uploaded Python 3

File details

Details for the file swarmauri_certs_csronly-0.11.0.dev1.tar.gz.

File metadata

  • Download URL: swarmauri_certs_csronly-0.11.0.dev1.tar.gz
  • Upload date:
  • Size: 9.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.11.26 {"installer":{"name":"uv","version":"0.11.26","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_certs_csronly-0.11.0.dev1.tar.gz
Algorithm Hash digest
SHA256 75fbb4546964c2b5a58f86295bfc176bdc202fe24f532ffe5643d72871c0cf19
MD5 a500d6c43d842cb37025bd2f9a60b314
BLAKE2b-256 1328c103ca70c57b89b79bb052f6a12d025f33bcc6808f536de25e3e7f132ee4

See more details on using hashes here.

File details

Details for the file swarmauri_certs_csronly-0.11.0.dev1-py3-none-any.whl.

File metadata

  • Download URL: swarmauri_certs_csronly-0.11.0.dev1-py3-none-any.whl
  • Upload date:
  • Size: 10.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.11.26 {"installer":{"name":"uv","version":"0.11.26","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_certs_csronly-0.11.0.dev1-py3-none-any.whl
Algorithm Hash digest
SHA256 6b2f13ec791a14596133f11905cea6accaf4962ffafbed6ca686758aac62a339
MD5 80125733a3232ba785ad1e4321cee4d4
BLAKE2b-256 81bdb3d0456038766ba06fdcad2f86ae3db79bfb0e0ef161824cb2a505477dfa

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page