Skip to main content

Community service for generating PKCS#10 CSRs

Project description

Swarmauri Logo

PyPI - Downloads Hits PyPI - Python Version PyPI - License PyPI - swarmauri_certs_csronly


swarmauri_certs_csronly

A community-provided certificate service that builds PKCS#10 Certificate Signing Requests (CSRs).

Features

  • CsrOnlyService focused exclusively on generating standards-compliant PKCS#10 CSRs (RFC 2986).
  • Supports RSA (2048/3072/4096), ECDSA (P-256), and Ed25519 private keys.
  • Adds subject alternative names, challenge passwords, and basic constraints when needed.
  • Designed to interoperate with other Swarmauri certificate services that handle issuance/verification.

Prerequisites

  • Python 3.10 or newer.
  • PEM-encoded private key material available locally or via a KeyRef provider.
  • Subject metadata (CN, O, OU, etc.) for the entity requesting a certificate.
  • Optional: SAN entries, basic constraints, and challenge passwords when integrating with stricter PKI workflows.

Installation

# pip
pip install swarmauri_certs_csronly

# poetry
poetry add swarmauri_certs_csronly

# uv (pyproject-based projects)
uv add swarmauri_certs_csronly

Usage

Generate a CSR for example.com with SAN entries using an existing private key:

import asyncio
from pathlib import Path

from swarmauri_certs_csronly import CsrOnlyService
from swarmauri_core.crypto.types import KeyRef


async def main() -> None:
    key_ref = KeyRef(material=Path("example-key.pem").read_bytes())

    service = CsrOnlyService()
    csr_pem = await service.create_csr(
        key=key_ref,
        subject={"CN": "example.com", "O": "Example Inc"},
        san={"dns": ["example.com", "www.example.com"]},
    )

    Path("example.csr").write_bytes(csr_pem)
    print("CSR written to example.csr")


if __name__ == "__main__":
    asyncio.run(main())

Advanced CSR Options

Fine-tune extensions and output encoding for specialized PKI workflows:

import asyncio
from pathlib import Path

from swarmauri_certs_csronly import CsrOnlyService
from swarmauri_core.crypto.types import KeyRef


async def build_der_csr() -> None:
    key_ref = KeyRef(material=Path("root-ca-key.pem").read_bytes())

    service = CsrOnlyService()
    csr_der = await service.create_csr(
        key=key_ref,
        subject={"CN": "Example Root CA"},
        extensions={"basic_constraints": {"ca": True, "path_len": 0}},
        challenge_password="p@ssw0rd",
        output_der=True,
    )

    Path("root-ca.csr.der").write_bytes(csr_der)
    print("DER CSR saved to root-ca.csr.der")


if __name__ == "__main__":
    asyncio.run(build_der_csr())

Best Practices

  • Generate new key pairs and CSRs ahead of certificate expiry to allow review and approval time.
  • Store private keys securely—KeyRef can reference hardware or cloud KMS-backed material rather than local files.
  • Keep SAN lists minimal and auditable to avoid issuing overly permissive certificates.
  • Pair this service with a signing backend (e.g., CFSSL, ACME, Azure Key Vault) to form a complete issuance pipeline.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

swarmauri_certs_csronly-0.8.2.dev6.tar.gz (8.6 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

swarmauri_certs_csronly-0.8.2.dev6-py3-none-any.whl (9.6 kB view details)

Uploaded Python 3

File details

Details for the file swarmauri_certs_csronly-0.8.2.dev6.tar.gz.

File metadata

  • Download URL: swarmauri_certs_csronly-0.8.2.dev6.tar.gz
  • Upload date:
  • Size: 8.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.10.2 {"installer":{"name":"uv","version":"0.10.2","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_certs_csronly-0.8.2.dev6.tar.gz
Algorithm Hash digest
SHA256 2f04d6ae8add23e441274863d9e0339a349dfcab4b1947c13e143efe5bc17d16
MD5 8f81837d6ddc4b461a0203d3c30ad5f5
BLAKE2b-256 c2c90bed4c56dc71456f86e1b16d16f320596d1664a74001e56f8adfdc69bee2

See more details on using hashes here.

File details

Details for the file swarmauri_certs_csronly-0.8.2.dev6-py3-none-any.whl.

File metadata

  • Download URL: swarmauri_certs_csronly-0.8.2.dev6-py3-none-any.whl
  • Upload date:
  • Size: 9.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.10.2 {"installer":{"name":"uv","version":"0.10.2","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_certs_csronly-0.8.2.dev6-py3-none-any.whl
Algorithm Hash digest
SHA256 bab1c69770df5446b9d54aa1a312e98ce07c23517273cca28fd47e9625307b3a
MD5 24f6d01b43016d9225b6c014a9d69af6
BLAKE2b-256 02d0cccf4968662059ed7839ad98a54e4b5e72b63067481afc039f55f39d7e6b

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page