4 # Copyright (C) Martin Sjogren and AB Strakt 2001, All rights reserved
6 # $Id: certgen.py,v 1.2 2004/07/22 12:01:25 martin Exp $
9 Certificate generation module.
12 from OpenSSL import crypto
14 TYPE_RSA = crypto.TYPE_RSA
15 TYPE_DSA = crypto.TYPE_DSA
17 def createKeyPair(type, bits):
19 Create a public/private key pair.
21 Arguments: type - Key type, must be one of TYPE_RSA and TYPE_DSA
22 bits - Number of bits to use in the key
23 Returns: The public/private key pair in a PKey object
26 pkey.generate_key(type, bits)
29 def createCertRequest(pkey, digest="md5", **name):
31 Create a certificate request.
33 Arguments: pkey - The key to associate with the request
34 digest - Digestion method to use for signing, default is md5
35 **name - The name of the subject of the request, possible
38 ST - State or province name
41 OU - Organizational unit name
43 emailAddress - E-mail address
44 Returns: The certificate request in an X509Req object
46 req = crypto.X509Req()
47 subj = req.get_subject()
49 for (key,value) in name.items():
50 setattr(subj, key, value)
53 req.sign(pkey, digest)
56 def createCertificate(req, (issuerCert, issuerKey), serial, (notBefore, notAfter), digest="md5"):
58 Generate a certificate given a certificate request.
60 Arguments: req - Certificate reqeust to use
61 issuerCert - The certificate of the issuer
62 issuerKey - The private key of the issuer
63 serial - Serial number for the certificate
64 notBefore - Timestamp (relative to now) when the certificate
66 notAfter - Timestamp (relative to now) when the certificate
68 digest - Digest method to use for signing, default is md5
69 Returns: The signed certificate in an X509 object
72 cert.set_serial_number(serial)
73 cert.gmtime_adj_notBefore(notBefore)
74 cert.gmtime_adj_notAfter(notAfter)
75 cert.set_issuer(issuerCert.get_subject())
76 cert.set_subject(req.get_subject())
77 cert.set_pubkey(req.get_pubkey())
78 cert.sign(issuerKey, digest)