pure python jks file parser
Project description
pyjks
=====
A pure python Java KeyStore file parser, including private key decryption.
Usage example (transforming an encrypted jks file into an OpenSSL context):
```python
import OpenSSL
import jks
_ASN1 = OpenSSL.crypto.FILETYPE_ASN1
def jksfile2context(jks_file, passphrase):
keystore = jks.KeyStore.load(jks_file, passphrase)
pkey = OpenSSL.crypto.load_privatekey(_ASN1, keystore.private_key.pkey)
trusted_certs = [OpenSSL.crypto.load_certificate(_ASN1, cert.cert)
for cert in keystore.certs]
public_cert = OpenSSL.crypto.load_certificate(
_ASN1, keystore.private_keys[0].cert_chain[0][1])
ctx = OpenSSL.SSL.Context(OpenSSL.SSL.TLSv1_METHOD)
ctx.use_privatekey(pkey)
ctx.use_certificate(public_cert)
#want to know ASAP if there is a problem with the protected
ctx.check_privatekey()
cert_store = ctx.get_cert_store()
for cert in trusted_certs:
cert_store.add_cert(cert)
return ctx
```
The best way to utilize a certificate stored in a jks file up to this point has been
to use the java keytool command to transform to pkcs12, and then openssl to transform to pem.
This is better:
1- no security concerns in passwords going into command line arguments, or unencrypted files being left around
2- no dependency on a JVM
=====
A pure python Java KeyStore file parser, including private key decryption.
Usage example (transforming an encrypted jks file into an OpenSSL context):
```python
import OpenSSL
import jks
_ASN1 = OpenSSL.crypto.FILETYPE_ASN1
def jksfile2context(jks_file, passphrase):
keystore = jks.KeyStore.load(jks_file, passphrase)
pkey = OpenSSL.crypto.load_privatekey(_ASN1, keystore.private_key.pkey)
trusted_certs = [OpenSSL.crypto.load_certificate(_ASN1, cert.cert)
for cert in keystore.certs]
public_cert = OpenSSL.crypto.load_certificate(
_ASN1, keystore.private_keys[0].cert_chain[0][1])
ctx = OpenSSL.SSL.Context(OpenSSL.SSL.TLSv1_METHOD)
ctx.use_privatekey(pkey)
ctx.use_certificate(public_cert)
#want to know ASAP if there is a problem with the protected
ctx.check_privatekey()
cert_store = ctx.get_cert_store()
for cert in trusted_certs:
cert_store.add_cert(cert)
return ctx
```
The best way to utilize a certificate stored in a jks file up to this point has been
to use the java keytool command to transform to pkcs12, and then openssl to transform to pem.
This is better:
1- no security concerns in passwords going into command line arguments, or unencrypted files being left around
2- no dependency on a JVM
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
pyjks-0.1.zip
(3.2 kB
view details)
File details
Details for the file pyjks-0.1.zip.
File metadata
- Download URL: pyjks-0.1.zip
- Upload date:
- Size: 3.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 0a01e6e2aa1ad065e29930a4c232ddbc1510a5e0907d78a0873a6569b8afbbb1 |
|
| MD5 | a2154725f816a24778763990c310ce1e |
|
| BLAKE2b-256 | d200130cd1c723574dd74b6b46a6e1d4cb2874402fb7b030b35a2f81f266e469 |
