Verify that a private key matches a certificate using PyOpenSSL and PyCrypto:
[code language="python"]
import OpenSSL.crypto
from Crypto.Util import asn1
c=OpenSSL.crypto
# The certificate - an X509 object
cert=...
# The private key - a PKey object
priv=...
pub=cert.get_pubkey()
# Only works for RSA (I think)
if pub.type()!=c.TYPE_RSA or priv.type()!=c.TYPE_RSA:
raise Exception('Can only handle RSA keys')
# This seems to work with public as well
pub_asn1=c.dump_privatekey(c.FILETYPE_ASN1, pub)
priv_asn1=c.dump_privatekey(c.FILETYPE_ASN1, priv)
# Decode DER
pub_der=asn1.DerSequence()
pub_der.decode(pub_asn1)
priv_der=asn1.DerSequence()
priv_der.decode(priv_asn1)
# Get the modulus
pub_modulus=pub_der[1]
priv_modulus=priv_der[1]
if pub_modulus==priv_modulus:
print('Match')
else:
print('Oops')
[/code]
The idea is to get the modulus from the two DER structures and compare them. They should be the same.
Note: You can use the above under the MIT license. If it doesn’t fit your needs let me know. My intention is to make this usable by anyone for any kind of use with no obligation.
Friday, 12 April 2013
Thursday, 11 April 2013
Verifying an SSL certificate with python
This one took me a considerable amount of time and had to figure some parts from scratch.
Unfortunately there doesn't seem to exist an easy (out-of-the-box) way for checking whether a certificate is signed by another certificate in python.
After days of searching and despair, here is a solution without using M2Crypto:
[code language="python"]
import OpenSSL
from Crypto.Util import asn1
c=OpenSSL.crypto
# This is the certificate to validate
# an OpenSSL.crypto.X509 object
cert=...
# This is the CA certificate to use for validation
# again an OpenSSL.crypto.X509 object
cacert=...
# Get the signing algorithm
algo=cert.get_signature_algorithm()
# Get the ASN1 format of the certificate
cert_asn1=c.dump_certificate(c.FILETYPE_ASN1, cert)
# Decode the certificate
der=asn1.DerSequence()
der.decode(cert_asn1)
# The certificate has three parts:
# - certificate
# - signature algorithm
# - signature
# http://usefulfor.com/nothing/2009/06/10/x509-certificate-basics/
der_cert=der[0]
der_algo=der[1]
der_sig=der[2]
# The signature is a BIT STRING (Type 3)
# Decode that as well
der_sig_in=asn1.DerObject()
der_sig_in.decode(der_sig)
# Get the payload
sig0=der_sig_in.payload
# Do the following to see a validation error for tests
# der_cert=der_cert[:20]+'1'+der_cert[21:]
# First byte is the number of unused bits. This should be 0
# http://msdn.microsoft.com/en-us/library/windows/desktop/bb540792(v=vs.85).aspx
if sig0[0]!='\x00':
raise Exception('Number of unused bits is strange')
# Now get the signature itself
sig=sig0[1:]
# And verify the certificate
try:
c.verify(cacert, sig, der_cert, algo)
print "Certificate looks good"
except OpenSSL.crypto.Error, e:
print "Sorry. Nope."
[/code]
Note: You can use the above under the MIT license. If it doesn’t fit your needs let me know. My intention is to make this usable by anyone for any kind of use with no obligation.
Unfortunately there doesn't seem to exist an easy (out-of-the-box) way for checking whether a certificate is signed by another certificate in python.
After days of searching and despair, here is a solution without using M2Crypto:
[code language="python"]
import OpenSSL
from Crypto.Util import asn1
c=OpenSSL.crypto
# This is the certificate to validate
# an OpenSSL.crypto.X509 object
cert=...
# This is the CA certificate to use for validation
# again an OpenSSL.crypto.X509 object
cacert=...
# Get the signing algorithm
algo=cert.get_signature_algorithm()
# Get the ASN1 format of the certificate
cert_asn1=c.dump_certificate(c.FILETYPE_ASN1, cert)
# Decode the certificate
der=asn1.DerSequence()
der.decode(cert_asn1)
# The certificate has three parts:
# - certificate
# - signature algorithm
# - signature
# http://usefulfor.com/nothing/2009/06/10/x509-certificate-basics/
der_cert=der[0]
der_algo=der[1]
der_sig=der[2]
# The signature is a BIT STRING (Type 3)
# Decode that as well
der_sig_in=asn1.DerObject()
der_sig_in.decode(der_sig)
# Get the payload
sig0=der_sig_in.payload
# Do the following to see a validation error for tests
# der_cert=der_cert[:20]+'1'+der_cert[21:]
# First byte is the number of unused bits. This should be 0
# http://msdn.microsoft.com/en-us/library/windows/desktop/bb540792(v=vs.85).aspx
if sig0[0]!='\x00':
raise Exception('Number of unused bits is strange')
# Now get the signature itself
sig=sig0[1:]
# And verify the certificate
try:
c.verify(cacert, sig, der_cert, algo)
print "Certificate looks good"
except OpenSSL.crypto.Error, e:
print "Sorry. Nope."
[/code]
Note: You can use the above under the MIT license. If it doesn’t fit your needs let me know. My intention is to make this usable by anyone for any kind of use with no obligation.
X509v3 Authority Key Identifier pains (authorityKeyIdentifier)
"X509v3 Authority Key Identifier" or "authorityKeyIdentifier" is an X509v3 extension that's added to X509 certificates and identifies the CA that signed the Certificate. I suppose that this speeds up the certificate validation process by eliminating multiple checks.
Edit openssl.cnf and make sure that authorityKeyIdentifier does not include "issuer"
There's an issue when using the default OpenSSL configuration or when basing a config on that: the default OpenSSL configuration has the following:
In the section that lists options for user certificates (i.e. not the CA section). The above results in new certificates using the extension and include two identifiers for the signing CA:
For example:
And this is where the pain and the suffering happens: If you ever decide that you want to re-create the CA's certificate using the same private key then you won't be able to do so because all certificates that are already signed dictate the subject and the serial number of the old certificate as the CA certificate identifier. Thus your new CA certificate will not be able to verify the existing certificates.
Thus the only way to replace your certificate would be:
Recreating a certificate with the same details (like serial number) will make it impossible to have both certificates available and will most probably cause a mess.
The best approach is to completely remove the "issuer" from authorityKeyIdentifier from the configuration file. Then only the Key ID will be used to identify the CA which should be more than enough.
So use the following and live a happy life:
Short version
Edit openssl.cnf and make sure that authorityKeyIdentifier does not include "issuer"
Long version
There's an issue when using the default OpenSSL configuration or when basing a config on that: the default OpenSSL configuration has the following:
authorityKeyIdentifier=keyid,issuer
In the section that lists options for user certificates (i.e. not the CA section). The above results in new certificates using the extension and include two identifiers for the signing CA:
- The Key ID of the CA's cert (because if "keyid")
- The subject and the serial number of the CA's cert (because of issuer)
For example:
X509v3 Authority Key Identifier:
keyid:7E:E5:82:FF:FF:FF:15:96:9B:40:FF:C9:5E:51:FF:69:67:4D:BF:FF
DirName:/C=UK/O=V13/OU=V13/CN=V13 Certificate Authority
serial:8E:FF:A2:1B:74:DD:54:FF
And this is where the pain and the suffering happens: If you ever decide that you want to re-create the CA's certificate using the same private key then you won't be able to do so because all certificates that are already signed dictate the subject and the serial number of the old certificate as the CA certificate identifier. Thus your new CA certificate will not be able to verify the existing certificates.
Thus the only way to replace your certificate would be:
- To start from scratch recreating all certificates, or
- to create another CA certificate with the same subject and serial number (not tested)
Recreating a certificate with the same details (like serial number) will make it impossible to have both certificates available and will most probably cause a mess.
The best approach is to completely remove the "issuer" from authorityKeyIdentifier from the configuration file. Then only the Key ID will be used to identify the CA which should be more than enough.
So use the following and live a happy life:
authorityKeyIdentifier=keyid
Subscribe to:
Comments (Atom)