Python handles the Java-generated certificate process

Source: Internet
Author: User
Tags base64 decrypt pkcs12

Python handles the Java generated certificate process, as well as the public key private key encryption, plus signature verification, AES plus decryption (here is the RSA X509 EVP in the M2crypto library)

Java generated JKS certificate Python cannot be directly used to convert to PEM format using the following commands (need to first install Keytool (online many examples))
Keytool-importkeystore-srckeystore Xxxx.jks-destkeystore xxxx.p12-srcstoretype Jks-deststoretype pkcs12
The previous command simply generates a P12 file and then generates a PEM file from the P12 file (for the P12 format you can check the certificate format online)
OpenSSL pkcs12-in xxxx.p12-out Xxxx.pem (generates an encrypted PEM file)

OpenSSL pkcs12-nodes-in xxxx.p12-out Xxxx.pem (generates a non-encrypted PEM file)

This is the completion of the certificate format conversion

First say the public key plus decryption (here is the RSA source address https://gitlab.com/m2crypto/m2crypto/blob/master/M2Crypto/RSA.py)

Get key pair I'm using Rsa.load_key (file, Callback=util.passphrase_callback)
File is the address of the PEM certificate file, callback is the callback function that writes a PEM certificate password return function
For example Def Pass ():
Return ' 111111 '
Public Key Cryptography Rsa.public_encrypt (self, data, padding) data is pading (personal understanding is a complement format) to be encrypted
Public key decryption Rsa.public_decrypt (self, data, padding) data is a pading to decrypt (personal understanding is a complement format)
Private key Encryption Rsa.private_encrypt (self, data, padding) data is an encrypted pading (personal understanding is a complement format)
Private key decryption Rsa.private_decrypt (self, data, padding) data is pading to be decrypted (personal understanding is a complement format)
Supplemental If public key cryptography is obtained separately from a string similar to ' xxxx '
Available KKK = x509.load_cert_der_string (data) if data is Base64 encrypted, it needs to be decrypted before calling Kkk.get_pubkey () to get the public key object
Can be encrypted
AES Plus decryption directly on the code
Encryption:
def aes_build_cipher (Key, IV, OP):
Return EVP. Cipher (alg= ' AES_128_CBC ', Key=key, Iv=iv, Op=op)

def aes_encrypt (Key, MSG, IV): # key, IV--bytes, MSG--text
If IV is None:
Raise ValueError ("IV must be defined!")

def encrypt (data):
cipher = Aes_build_cipher (key, IV, data)
v = cipher.update (data)
v = v + cipher.final ()
del cipher
v = base64.b64encode (v)
Return V

Decrypt:
def aes_decrypt (Key,msg, Iv=none):
# Return The decryption function
Print IV
def decrypt (data):
data = Base64.b64decode (data)
cipher = Aes_build_cipher (Key, IV, 1)
v = cipher.update (data)
v = v + cipher.final ()
del cipher
Return V
Return Decrypt (msg)

Add sign check here is the EVP module (source address https://gitlab.com/m2crypto/m2crypto/blob/master/M2Crypto/EVP.py)

Add sign (private key)
Key = Evp.load_key (File,callback = passwd)
Key.reset_context (md= ' SHA1 ')
Key.sign_init ()
Key.sign_update (data)
Sign = Base64.b64encode (Key.sign_final ())
Return sign

Unlock
#datas是加签数据
#rsa_key是公钥对象
VERIFYEVP = EVP. PKey ()
Verifyevp.assign_rsa (Rsa_key)
Verifyevp.verify_init ()
Verifyevp.verify_update (DAT) #验证内容
Verift = verifyevp.verify_final (datas)
#json. Dumps (Dats,sort_keys = True, separators= (', ', ': ')). Decode (' Unicode-escape '). Encode (' UTF8 ') This method is to format the data (go to space Row order)

The above is only my personal opinion, if there are mistakes I hope you point out

Python handles the Java-generated certificate process

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.