Skip to main content

Community service for generating PKCS#10 CSRs

Project description

Swarmauri Logo

PyPI - Downloads Hits PyPI - Python Version PyPI - License PyPI - swarmauri_certs_csronly


swarmauri_certs_csronly

A community-provided certificate service that builds PKCS#10 Certificate Signing Requests (CSRs).

Features

  • CsrOnlyService focused exclusively on generating standards-compliant PKCS#10 CSRs (RFC 2986).
  • Supports RSA (2048/3072/4096), ECDSA (P-256), and Ed25519 private keys.
  • Adds subject alternative names, challenge passwords, and basic constraints when needed.
  • Designed to interoperate with other Swarmauri certificate services that handle issuance/verification.

Prerequisites

  • Python 3.10 or newer.
  • PEM-encoded private key material available locally or via a KeyRef provider.
  • Subject metadata (CN, O, OU, etc.) for the entity requesting a certificate.
  • Optional: SAN entries, basic constraints, and challenge passwords when integrating with stricter PKI workflows.

Installation

# pip
pip install swarmauri_certs_csronly

# poetry
poetry add swarmauri_certs_csronly

# uv (pyproject-based projects)
uv add swarmauri_certs_csronly

Usage

Generate a CSR for example.com with SAN entries using an existing private key:

import asyncio
from pathlib import Path

from swarmauri_certs_csronly import CsrOnlyService
from swarmauri_core.crypto.types import KeyRef


async def main() -> None:
    key_ref = KeyRef(material=Path("example-key.pem").read_bytes())

    service = CsrOnlyService()
    csr_pem = await service.create_csr(
        key=key_ref,
        subject={"CN": "example.com", "O": "Example Inc"},
        san={"dns": ["example.com", "www.example.com"]},
    )

    Path("example.csr").write_bytes(csr_pem)
    print("CSR written to example.csr")


if __name__ == "__main__":
    asyncio.run(main())

Advanced CSR Options

Fine-tune extensions and output encoding for specialized PKI workflows:

import asyncio
from pathlib import Path

from swarmauri_certs_csronly import CsrOnlyService
from swarmauri_core.crypto.types import KeyRef


async def build_der_csr() -> None:
    key_ref = KeyRef(material=Path("root-ca-key.pem").read_bytes())

    service = CsrOnlyService()
    csr_der = await service.create_csr(
        key=key_ref,
        subject={"CN": "Example Root CA"},
        extensions={"basic_constraints": {"ca": True, "path_len": 0}},
        challenge_password="p@ssw0rd",
        output_der=True,
    )

    Path("root-ca.csr.der").write_bytes(csr_der)
    print("DER CSR saved to root-ca.csr.der")


if __name__ == "__main__":
    asyncio.run(build_der_csr())

Best Practices

  • Generate new key pairs and CSRs ahead of certificate expiry to allow review and approval time.
  • Store private keys securely—KeyRef can reference hardware or cloud KMS-backed material rather than local files.
  • Keep SAN lists minimal and auditable to avoid issuing overly permissive certificates.
  • Pair this service with a signing backend (e.g., CFSSL, ACME, Azure Key Vault) to form a complete issuance pipeline.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

swarmauri_certs_csronly-0.8.3.dev22.tar.gz (8.6 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

swarmauri_certs_csronly-0.8.3.dev22-py3-none-any.whl (9.6 kB view details)

Uploaded Python 3

File details

Details for the file swarmauri_certs_csronly-0.8.3.dev22.tar.gz.

File metadata

  • Download URL: swarmauri_certs_csronly-0.8.3.dev22.tar.gz
  • Upload date:
  • Size: 8.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.10.12 {"installer":{"name":"uv","version":"0.10.12","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_certs_csronly-0.8.3.dev22.tar.gz
Algorithm Hash digest
SHA256 2fb899ca232658d3dfa0656c8005fa368089d52a2891e8b5f2ffce4c507814c4
MD5 c677463b5c12243be36aa918aa857a43
BLAKE2b-256 5c455048dfc42a691c5326e49a356f8d1e63c356b860bf9a282382cc4a15d058

See more details on using hashes here.

File details

Details for the file swarmauri_certs_csronly-0.8.3.dev22-py3-none-any.whl.

File metadata

  • Download URL: swarmauri_certs_csronly-0.8.3.dev22-py3-none-any.whl
  • Upload date:
  • Size: 9.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.10.12 {"installer":{"name":"uv","version":"0.10.12","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_certs_csronly-0.8.3.dev22-py3-none-any.whl
Algorithm Hash digest
SHA256 82dea72d1db3d75c6d633a0849b60f023b59cadb282105e7cbf58c1509737a50
MD5 0c2bf9f7e9347072688cf285dd286c3c
BLAKE2b-256 d5fad5c8eea1fa3073b1bb1f7bee3eaa956394572e115ebc6a53c92f14c3069d

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page