pyOpenSSL

How to export a public key from a X509 Object

Asked by Stephan Rügamer

HI guys,

I'm sitting over pyOpenSSL and I wonder how I can dump the public key (which I retrieved from a certificate) into a string / file.
The returned object type is PKey, and the only method I found is to dump a private key....

I wonder if I could use the very same dump_privatekey method to export the public key.

Any hints are welcome :)

Kind regards,

\sh

Question information

Language:
English Edit question
Status:
Answered
For:
pyOpenSSL Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Launchpad Janitor (janitor) said : 		#1

This question was expired because it remained in the 'Open' state without activity for the last 15 days.

Revision history for this message
Stephan Rügamer (sruegamer) said : 		#2

This question wasn't answered...bad bad launchpad janitor

Revision history for this message
Dariusz Suchojad (dsuch) said : 		#3

Hi,

I don't think you can currently (Oct 31, 2010) do it using PyOpenSSL only however with a little help of M2Crypto you can have the public key in PEM as follows:

# PyOpenSSL
from OpenSSL import crypto

# M2Crypto
import M2Crypto

def get_pub_pem(cert):
    pem_cert = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
    m2cert = M2Crypto.X509.load_cert_string(pem_cert)

    return m2cert.get_pubkey().get_rsa().as_pem()

# .. somehow get a PyOpenSSL X509 'cert' object here..

print(get_pub_pem(cert))

Revision history for this message
spbike (bill-broadley) said : 		#4

Yes, that is an alternative if you have a cert. It still doesn't answer the original question though.

Once you:
  pkey=x509.get_pubkey()

There's no way I can find to display or dump the public key. Strangely there are functions for dumping the private key.

You could get similar functionality using a digest, but that's less secure than just using the public key.

I would find a dump_pubkey or maybe just making a pkey method blob() that returns a the key very useful.

After all while knowing if a CA trusts a certificate is useful, but knowing if that certificate changed is also very useful, especially in these days of 100s of CAs being trusted and at least 2 cases of them being compromised.

Can you help with this problem?

Provide an answer of your own, or ask Stephan Rügamer for more information if necessary.

To post a message you must log in.