Skip to content

Latest commit

 

History

History
144 lines (106 loc) · 4.42 KB

README.md

File metadata and controls

144 lines (106 loc) · 4.42 KB

PyPinkSign

Python code for PKI certificate. 공인인증서(공동인증서)를 다루는 파이썬 코드입니다.

Status

Build codecov

Support method

  • Load personal purpose of PKI a.k.a "NPKI" or "공동인증서 (formerly 공인인증서)"
  • Encrypt, Decrypt, Sign, Verify (part of Public-key cryptography)
  • Get Details (Valid date, Serial number, CN)
  • PKCS#7 sign, envelop (WIP)

Usage example

Load public key file and private key file.

import pypinksign
p = pypinksign.PinkSign()
p.load_pubkey(pubkey_path="/path/signCert.der")
p.load_prikey(prikey_path="/path/signPri.key", prikey_password=b"my-0wn-S3cret")
sign = p.sign(b'1') 
verify = p.verify(sign, b'1')  # True

Load specific certificate. (by CN)

import pypinksign

# choose_cert function automatically fetch path for certificates
# and load certificate which match CN and passpharase for Private Key
p = pypinksign.choose_cert(cn="홍길순", pw=b"i-am-h0ng")
sign = p.sign(b'1') 
verify = p.verify(sign, b'1')  # True
envelop = p.pkcs7_signed_msg(b'message')  # PKCS7 signed with K-PKI

Load PFX(p12) certificate.

import pypinksign

# choose_cert function automatically fetch path for certificates
# and load certificate which match DN and passpharase for Private Key
p = pypinksign.PinkSign(p12_path="홍길순.pfx", prikey_password=b"i-am-h0ng")
sign = p.sign(b'1') 
verify = p.verify(sign, b'1')  # True
envelop = p.pkcs7_enveloped_msg(b'message')  # Envelop with K-PKI - Temporary removed

Requirement & Dependency

  • Python 3.7 or above
  • PyASN1 for pyasn1
  • cryptography for cryptography.hazmat
  • OpenSSL 1.1.1 or above due to cryptography package

Installation

The easiest way to get PyPinkSign is pip

pip install pypinksign

The current development version can be found at http://github.com/bandoche/pypinksign/tarball/main

History

Ver. 0.5.2 (2024-12-21)

  • Update dependency (cryptography==42.0.8) to resolves multiple vulnerabilities.

Ver. 0.5.1 (2022-11-02)

  • Update dependency (cryptography==38.0.3) which resolves CVE-2022-3602 and CVE-2022-3786

Ver. 0.5.0 (2022-01-18)

  • Upgrade dependency (cryptography==36.0.1)
  • Fix file handle leakage

Ver. 0.4.5 (2020-12-03)

  • Fix import path issue (thanks to Gyong1211)

Ver. 0.4.4 (2020-12-03)

  • Fix CRT related param error
  • Remove PyOpenSSL dependency
  • Remove old OpenSSL version dependency with pure SEED implementation.
    • If SEED algorithm is not supported by local OpenSSL, use python version of SEED algorithm automatically.

Ver. 0.4.3 (2020-02-26)

  • Fix seed_generator to generate bytes

Ver. 0.4.2 (2020-02-26)

  • Test code fix

Ver. 0.4.1 (2020-02-26)

  • Add PKCS7 sign message.

Ver. 0.4 (2020-02-26)

  • Drop Python 2 support.
  • Support Python 3.6 or above.
  • Add type hinting.
  • Add test code.
  • Add PBKDF2 for support PBES2 private key. (by [yongminz])
  • Add function to inject r (rand num) value to private key.
  • Update pyasn1 to 0.4.8
  • Update cryptography to 2.8
  • Update pyOpenSSL to 19.1.0
  • Temporary remove enveloping function.

Ver. 0.3 (2017-03-14)

  • Add support for PFX (PKCS 12).
  • Add PyOpenSSL module for PFX support.
  • Remove PBKDF1 module.

Ver. 0.2.3 (2016-09-19)

  • Update cryptography dependency version to 1.5.

Ver. 0.2.2 (2016-07-25)

  • You can load private key file from string.
  • Update Docstring format.

Ver. 0.2.1 (2016-06-23)

  • Bug fix.

Ver. 0.2 (2016-06-21)

  • Add function for get serial number of cert.
  • Remove README.rst in repository.

Ver. 0.1.1 (2015-06-07)

  • Add README.rst for PyPI.

Ver. 0.1 (2015-06-07)

  • First release.

Thanks to

See also