Skip to content
/ kmscertbuilder Public
forked from wbond/certbuilder

Python library for generating and signing X.509 certificates

License

MIT license
0 stars 15 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

fortygigserver/kmscertbuilder

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

113 Commits
docs
docs
 
 
kmscertbuilder
kmscertbuilder
 
 
requires
requires
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
changelog.md
changelog.md
 
 
readme.md
readme.md
 
 

Repository files navigation

kmscertbuilder

A Python library for creating and signing X.509 certificates.

Related Crypto Libraries

kmscertbuilder is a fork of certbuilder, and is a Python library for constructing X.509 certificates using KMS Keys. It provides a high-level interface with knowledge of RFC 5280 to produce, valid, correct certificates without terrible APIs or hunting through RFCs.

certbuilder is part of the modularcrypto family of Python packages:

Current Release

0.14.2 - changelog

Dependencies

Basic Usage

The example shows how to create a self-signed certificate using a KMS Key pair by passing in a dictionary of name information to the KMSCertificateBuilder(). This generated self-signed certificate (root CA) can be used with KMSCertificateSigner to sign end-entity certificate signing requests (CSRs).constructor:

git clone https://github.com/fortygigserver/kmscertbuilder
pip3 install -r ./kmscertbuilder/requires/requirements.txt
import sys
sys.path.append('./kmscertbuilder')

from asn1crypto import x509, pem, csr
from kmscertbuilder import KMSCertificateBuilder, KMSCertificateSigner, pem_armor_certificate


kms_arn = 'arn:aws:kms:eu-west-1:xxxxxxxxxxxx:key/1234abcd-12ab-34cd-56ef-1234567890ab'

# Embed the kms_arn value into the root certificate for reference in future
builder = KMSCertificateBuilder(
    {
        'country_name': 'IE',
        'state_or_province_name': 'Meath',
        'locality_name': 'East Meath',
        'organization_name': 'Palmep Tech',
        'common_name': 'Patrick',
        'pseudonym': kms_arn
    },
    kms_arn
)
builder.self_signed = True
builder.ca = True
root_kms_ca = builder.build(kms_arn)

with open('/path/to/my/env/root_kms_ca.crt', 'wb') as f:
    f.write(pem_armor_certificate(root_kms_ca))


# Read end-entity certificate and sign with root

with open('/path/to/my/env/ClusterCsr.csr', 'rb') as f:
    certification_request = csr.CertificationRequest.load(pem.unarmor(f.read())[2])


end_entity_certificate = KMSCertificateSigner(certification_request, root_kms_ca, kms_arn)

with open('/path/to/my/env/CustomerHsmCertificate.crt', 'wb') as f:
    f.write(pem_armor_certificate(end_entity_certificate))

License

kmscertbuilder is licensed under the terms of the MIT license. See the LICENSE file for the exact license text.

About

Python library for generating and signing X.509 certificates

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%