diff options
author | Jonathan Weth <git@jonathanweth.de> | 2021-07-01 12:47:42 +0200 |
---|---|---|
committer | Jonathan Weth <git@jonathanweth.de> | 2021-07-01 12:58:35 +0200 |
commit | e490e8e996ffe86ab3af0741f00b2fb7e90aaa98 (patch) | |
tree | 004052f4bb7878851b29297ef2b29325c0811423 /createcert.py | |
parent | 807200788a336d309909cb92ec03da0d5627acb5 (diff) | |
download | RWA.Support.SessionService-crypt.tar.gz RWA.Support.SessionService-crypt.tar.bz2 RWA.Support.SessionService-crypt.zip |
Some tries on cryptographycrypt
Diffstat (limited to 'createcert.py')
-rw-r--r-- | createcert.py | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/createcert.py b/createcert.py new file mode 100644 index 0000000..43e7384 --- /dev/null +++ b/createcert.py @@ -0,0 +1,55 @@ +import datetime + +from cryptography import x509 +from cryptography.hazmat.primitives import serialization, hashes +from cryptography.hazmat.primitives.asymmetric import rsa +from cryptography.x509 import NameOID + +key = rsa.generate_private_key( + public_exponent=65537, + key_size=2048, +) +# Write our key to disk for safe keeping +with open("test.key", "wb") as f: + f.write(key.private_bytes( + encoding=serialization.Encoding.PEM, + format=serialization.PrivateFormat.TraditionalOpenSSL, + encryption_algorithm=serialization.NoEncryption() + )) + +subject = issuer = x509.Name([ + x509.NameAttribute(NameOID.COUNTRY_NAME, u"US"), + x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u"California"), + x509.NameAttribute(NameOID.LOCALITY_NAME, u"San Francisco"), + x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"My Company"), + x509.NameAttribute(NameOID.COMMON_NAME, u"mysite.com"), +]) +cert = x509.CertificateBuilder().subject_name( + subject +).issuer_name( + issuer +).public_key( + key.public_key() +).serial_number( + x509.random_serial_number() +).not_valid_before( + datetime.datetime.utcnow() +).not_valid_after( + # Our certificate will be valid for 10 days + datetime.datetime.utcnow() + datetime.timedelta(days=2) +).add_extension( + x509.SubjectAlternativeName([x509.DNSName(u"localhost")]), + critical=False, + # Sign our certificate with our private key +).sign(key, hashes.SHA256()) +# Write our certificate out to disk. +with open("test.crt", "wb") as f: + f.write(cert.public_bytes(serialization.Encoding.PEM)) + +with open("test.pem", "wb") as f: + f.write(key.private_bytes( + encoding=serialization.Encoding.PEM, + format=serialization.PrivateFormat.TraditionalOpenSSL, + encryption_algorithm=serialization.NoEncryption() + )) + f.write(cert.public_bytes(serialization.Encoding.PEM)) |