Sure, you can parse an X.509 certificate and then do whatever you want with it: https://cryptography.io/en/latest/x509/reference/#cryptography.x509.load_pem_x509_certificate
There's no standard JSON serializatino for X.509, but you can use the individual attributes/methods from a certificate to serialize it however you like. Alex On Thu, Apr 20, 2017 at 8:28 AM, Paul King <p...@grumpypunk.com> wrote: > > Hi Alex, > > Thanks for the rapid response. > > I am trying to process a lot of certificates so that I can do some > research on them. I have them in PEM format and I would ideally like to > process them once to get them into JSON, and from there try other things. > So I am processing rather than manipulating/changing. > > One thing I have learnt is that ASN1 is horrible and there are so many > variant/corner cases! For this reason I want to try and use a well > maintained package so cryptography makes sense. > > I can always process a log with the command line “openssl” statement and I > want to achieve a similar programmatic solution with python. Does that make > sense? > > I could use the openssl command line and then process the text but that > doesn’t seem a good way to start! > > > On 20 Apr 2017, at 13:22, Alex Gaynor <alex.gay...@gmail.com> wrote: > > Hi Paul, > > If what you're trying to do is manipulate X.509 certificates and public > keys, I think you'll have an easier time using the pyca/cryptography APIs, > they're significantly richer and better tested -- and since pyOpenSSL > depends on pyca/cryptography you already have a copy :-) > > https://cryptography.io/en/latest/x509/ are our X.509 docs, and > https://cryptography.io/en/latest/hazmat/primitives/ > asymmetric/serialization/ are the docs for key serialization. Let us know > if you have any questions. > > Alex > > On Thu, Apr 20, 2017 at 8:14 AM, Paul King via Cryptography-dev < > cryptography-dev@python.org> wrote: > >> Hi >> >> I am using pyOpenSSL to process a PEM certificate. >> >> From the command line I can use ‘openssl x509 -inform pem -text -in >> 10.pem’ to process the certificate and can see: >> >> Signature Algorithm: ecdsa-with-SHA256 >> >> However, when I try this in python with pyOpenSSL on my Mac, I struggle. >> >> Can someone advise me on how to process this type in python with >> pyOpenSSL? >> >> Code: >> >> pub = cert.get_pubkey() >> pub_asn1 = OpenSSL.crypto.dump_publickey( >> OpenSSL.crypto.FILETYPE_ASN1, pub ) >> >> Similarly I want to do the same for the Subject Public Key: >> >> Subject Public Key Info: >> Public Key Algorithm: id-ecPublicKey >> Public-Key: (256 bit) >> pub: >> <-snip-> >> ASN1 OID: prime256v1 >> NIST CURVE: P-256 >> >> >> Does that make sense for what I am trying to do, and should I be able to >> do this with pyOpenSSL? >> >> >> Thanks >> Paul >> >> >> >> >> >> >> _______________________________________________ >> Cryptography-dev mailing list >> Cryptography-dev@python.org >> https://mail.python.org/mailman/listinfo/cryptography-dev >> > > > > -- > "I disapprove of what you say, but I will defend to the death your right > to say it." -- Evelyn Beatrice Hall (summarizing Voltaire) > "The people's good is the highest law." -- Cicero > GPG Key fingerprint: D1B3 ADC0 E023 8CA6 > > > -- "I disapprove of what you say, but I will defend to the death your right to say it." -- Evelyn Beatrice Hall (summarizing Voltaire) "The people's good is the highest law." -- Cicero GPG Key fingerprint: D1B3 ADC0 E023 8CA6
_______________________________________________ Cryptography-dev mailing list Cryptography-dev@python.org https://mail.python.org/mailman/listinfo/cryptography-dev
