Greets! I'm working with x509 certificates in Python, and I'm trying to see if there's a more elegant approach to producing a fingerprint string that is formatted similar to the OpenSSL fingerprint output.
openssl x509 -noout -fingerprint -sha1 -inform pem -in certificate.pem SHA1 Fingerprint=76:E1:81:9F:AD:F0:6A:55:EF:4B:12:6A:2E:F7:43:C2:BA:E8:A1:51 Reading the documentation on the X.509 Certificate Object class [1], I learned how to return the fingerprint value as a bytes object, which I then converted to a hex string object, and then manipulated the string to look like a colon separated fingerprint. [1] https://cryptography.io/en/latest/x509/reference/#x-509-certificate-object cert = x509.load_pem_x509_certificate(pem_block, default_backend()) hash_bytes = cert.fingerprint(hashes.SHA1()) print(hash_bytes) b'v\xe1\x81\x9f\xad\xf0jU\xefK\x12j.\xf7C\xc2\xba\xe8\xa1Q' hash_hex = bytearray(cert.fingerprint(hashes.SHA1())).hex() print(hash_hex) 76e1819fadf06a55ef4b126a2ef743c2bae8a151 hash = ":".join(hash_hex[i:i+2] for i in range(0,len(hash_hex),2)).upper() print(hash) 76:E1:81:9F:AD:F0:6A:55:EF:4B:12:6A:2E:F7:43:C2:BA:E8:A1:51 So is there an easier way to get the fingerprint in this format, or am I already there? Many thanks in advance! Gilbert
_______________________________________________ Cryptography-dev mailing list Cryptography-dev@python.org https://mail.python.org/mailman/listinfo/cryptography-dev
