Python code for PKI certificate. 공인인증서(공동인증서)를 다루는 파이썬 코드입니다.
- Load personal purpose of PKI a.k.a "NPKI" or "공동인증서 (formerly 공인인증서)"
- Encrypt, Decrypt, Sign, Verify (part of Public-key cryptography)
- Get Details (Valid date, Serial number, CN)
- PKCS#7 sign, envelop (WIP)
Load public key file and private key file.
import pypinksign
p = pypinksign.PinkSign()
p.load_pubkey(pubkey_path="/path/signCert.der")
p.load_prikey(prikey_path="/path/signPri.key", prikey_password=b"my-0wn-S3cret")
sign = p.sign(b'1')
verify = p.verify(sign, b'1') # True
Load specific certificate. (by CN)
import pypinksign
# choose_cert function automatically fetch path for certificates
# and load certificate which match CN and passpharase for Private Key
p = pypinksign.choose_cert(cn="홍길순", pw=b"i-am-h0ng")
sign = p.sign(b'1')
verify = p.verify(sign, b'1') # True
envelop = p.pkcs7_signed_msg(b'message') # PKCS7 signed with K-PKI
Load PFX(p12) certificate.
import pypinksign
# choose_cert function automatically fetch path for certificates
# and load certificate which match DN and passpharase for Private Key
p = pypinksign.PinkSign(p12_path="홍길순.pfx", prikey_password=b"i-am-h0ng")
sign = p.sign(b'1')
verify = p.verify(sign, b'1') # True
envelop = p.pkcs7_enveloped_msg(b'message') # Envelop with K-PKI - Temporary removed
- Python 3.7 or above
- PyASN1 for pyasn1
- cryptography for cryptography.hazmat
- OpenSSL 1.1.1 or above due to cryptography package
The easiest way to get PyPinkSign is pip
pip install pypinksign
The current development version can be found at http://github.com/bandoche/pypinksign/tarball/main
- Update dependency (
cryptography==42.0.8
) to resolves multiple vulnerabilities.
- Update dependency (
cryptography==38.0.3
) which resolves CVE-2022-3602 and CVE-2022-3786
- Upgrade dependency (
cryptography==36.0.1
) - Fix file handle leakage
- Fix import path issue (thanks to Gyong1211)
- Fix CRT related param error
- Remove PyOpenSSL dependency
- Remove old OpenSSL version dependency with pure SEED implementation.
- If SEED algorithm is not supported by local OpenSSL, use python version of SEED algorithm automatically.
- Fix seed_generator to generate bytes
- Test code fix
- Add PKCS7 sign message.
- Drop Python 2 support.
- Support Python 3.6 or above.
- Add type hinting.
- Add test code.
- Add PBKDF2 for support PBES2 private key. (by [yongminz])
- Add function to inject
r
(rand num) value to private key. - Update
pyasn1
to0.4.8
- Update
cryptography
to2.8
- Update
pyOpenSSL
to19.1.0
- Temporary remove enveloping function.
- Add support for PFX (PKCS 12).
- Add
PyOpenSSL
module for PFX support. - Remove
PBKDF1
module.
- Update
cryptography
dependency version to1.5
.
- You can load private key file from string.
- Update Docstring format.
- Bug fix.
- Add function for get serial number of cert.
- Remove README.rst in repository.
- Add README.rst for PyPI.
- First release.
- rootca.or.kr - Technical Specification for K-PKI System