Re: [Cryptography-dev] Extended Key Usage of keyCertSign

Wed, 11 Sep 2024 06:28:30 -0700 


On 9/11/24 08:04, Alex Gaynor wrote:

NameError means you do not have a local variable with this name, it
has nothing to do with cryptography.

This is a fairly elementary Python mistake. Our documents and
resources are generally oriented towards people who have an existing
familiarity with Python. I'd strongly encourage you to develop a
greater comfort with Python in general.

WIP.  Much better than 2 weeks ago.


I see that now.  I have the arg formatted wrong, so Python is trying to 
interpret it as a variable.



Reading for the 5th? time: 
https://cryptography.io/en/3.4.7/x509/reference.html#cryptography.x509.ExtendedKeyUsage



I finally see a key_cert_sign in KeyUsage, not ExtendedKeyUsage. Got 
that wrong.


That link provides:


 class cryptography.x509.KeyUsage(digital_signature, 
content_commitment, key_encipherment, data_encipherment, key_agreement, 
key_cert_sign, crl_sign, encipher_only, decipher_only)


and says:

 key_cert_sign
    Type:    bool

I tried:

builder = builder.add_extension(
    x509.KeyUsage(key_cert_sign=True), critical=True,
    )

and it errors


TypeError: KeyUsage.__init__() missing 8 required positional arguments: 
'digital_signature', 'content_commitment', 'key_encipherment', 
'data_encipherment', 'key_agreement', 'crl_sign', 'encipher_only', and 
'decipher_only'


So I am making headway, but still not there.





Alex

On Wed, Sep 11, 2024 at 7:59 AM Robert Moskowitz <r...@htt-consult.com> wrote:

I am working on adding keyCertSign to a CA cert using:

builder = builder.add_extension(
      x509.ExtendedKeyUsage(keyCertSign, path_length=None), critical=True,
      )

keyCertSign is what I have used in my openSSL config file.  But I get
the error:

      x509.ExtendedKeyUsage(keyCertSign, path_length=None), critical=True,
                            ^^^^^^^^^^^
NameError: name 'keyCertSign' is not defined

What is the proper arg for this EKU?

Thanks

_______________________________________________
Cryptography-dev mailing list
Cryptography-dev@python.org
https://mail.python.org/mailman/listinfo/cryptography-dev





_______________________________________________
Cryptography-dev mailing list
Cryptography-dev@python.org
https://mail.python.org/mailman/listinfo/cryptography-dev






















					Reply via email to