From a1217325690dfb5141a5b7d23231ddf71bf4f9c3 Mon Sep 17 00:00:00 2001 From: elie Date: Tue, 10 Apr 2012 16:40:40 +0000 Subject: minor fixes and unification --- tools/crmfdump.py | 2 +- tools/pkcs10dump.py | 2 +- tools/pkcs1dump.py | 75 +++++++++++++++++++---------------------------------- tools/pkcs7dump.py | 2 +- tools/pkcs8dump.py | 12 ++++----- 5 files changed, 34 insertions(+), 59 deletions(-) (limited to 'tools') diff --git a/tools/crmfdump.py b/tools/crmfdump.py index b23edf4..f710cb3 100644 --- a/tools/crmfdump.py +++ b/tools/crmfdump.py @@ -6,7 +6,7 @@ import sys if len(sys.argv) != 1: print("""Usage: -$ cat crmf.pem | %s""" % (sys.argv[0],)) +$ cat crmf.pem | %s""" % sys.argv[0]) sys.exit(-1) certReq = rfc2511.CertReqMessages() diff --git a/tools/pkcs10dump.py b/tools/pkcs10dump.py index f206c1d..c6c6b92 100644 --- a/tools/pkcs10dump.py +++ b/tools/pkcs10dump.py @@ -6,7 +6,7 @@ import sys if len(sys.argv) != 1: print("""Usage: -$ cat certificateRequest.pem | %s""" % (sys.argv[0], sys.argv[0])) +$ cat certificateRequest.pem | %s""" % sys.argv[0] sys.exit(-1) certType = rfc2314.CertificationRequest() diff --git a/tools/pkcs1dump.py b/tools/pkcs1dump.py index c7a4189..030adef 100644 --- a/tools/pkcs1dump.py +++ b/tools/pkcs1dump.py @@ -1,62 +1,39 @@ # Read unencrypted PKCS#1/PKIX-compliant, PEM&DER encoded private keys on # stdin, print them pretty and encode back into original wire format. # Private keys can be generated with "openssl genrsa|gendsa" commands. -import sys, base64 -from pyasn1_modules import rfc2459, rfc2437 +from pyasn1_modules import rfc2459, rfc2437, pem from pyasn1.codec.der import encoder, decoder - -keyMagic = { - '-----BEGIN DSA PRIVATE KEY-----': - {'-----END DSA PRIVATE KEY-----': rfc2459.DSAPrivateKey() }, - '-----BEGIN RSA PRIVATE KEY-----': - {'-----END RSA PRIVATE KEY-----': rfc2437.RSAPrivateKey() } - } - -# Read PEM keys from stdin and print them out in plain text +import sys if len(sys.argv) != 1: print("""Usage: -$ openssl genrsa -out /tmp/myprivatekey.pem -$ cat /tmp/myprivatekey.pem | %s""" % sys.argv[0]) +$ cat rsakey.pem | %s""" % sys.argv[0]) sys.exit(-1) - -stSpam, stHam, stDump = 0, 1, 2 -state = stSpam -keyCnt = 0 + +cnt = 0 -for keyLine in sys.stdin.readlines(): - keyLine = keyLine.strip() - if state == stSpam: - if keyLine in keyMagic: - keyMagicTail = keyMagic[keyLine] - keyLines = [] - state = stHam - continue - if state == stHam: - if keyLine in keyMagicTail: - asn1Spec = keyMagicTail[keyLine] - state = stDump - else: - keyLines.append(keyLine.encode()) - if state == stDump: - substrate = ''.encode() - try: - for keyLine in keyLines: - substrate = substrate + base64.decodestring(keyLine) - except TypeError: - print('%s, possibly encrypted key' % (sys.exc_info()[1], )) - state = stSpam - continue +while 1: + idx, substrate = pem.readPemFromFile(sys.stdin, ('-----BEGIN RSA PRIVATE KEY-----', '-----END RSA PRIVATE KEY-----'), ('-----BEGIN DSA PRIVATE KEY-----', '-----END DSA PRIVATE KEY-----') ) + if not substrate: + break - key, rest = decoder.decode(substrate, asn1Spec=asn1Spec) + if idx == 0: + asn1Spec = rfc2437.RSAPrivateKey() + elif idx == 1: + asn1Spec = rfc2459.DSAPrivateKey() + else: + break - if rest: substrate = substrate[:-len(rest)] - - print(key.prettyPrint()) - - assert encoder.encode(key) == substrate, 'key re-code fails' + key, rest = decoder.decode(substrate, asn1Spec=asn1Spec) + + if rest: substrate = substrate[:-len(rest)] - keyCnt = keyCnt + 1 - state = stSpam + print(key.prettyPrint()) -print('*** %s private key(s) re/serialized' % keyCnt) + assert encoder.encode(key, defMode=False) == substrate or \ + encoder.encode(key, defMode=True) == substrate, \ + 'pkcs8 recode fails' + + cnt = cnt + 1 + +print('*** %s key(s) re/serialized' % cnt) diff --git a/tools/pkcs7dump.py b/tools/pkcs7dump.py index 95795ab..d2f1111 100644 --- a/tools/pkcs7dump.py +++ b/tools/pkcs7dump.py @@ -6,7 +6,7 @@ import sys if len(sys.argv) != 1: print("""Usage: -$ cat pkcs7Certificate.pem | %s""" % (sys.argv[0],)) +$ cat pkcs7Certificate.pem | %s""" % sys.argv[0]) sys.exit(-1) idx, substrate = pem.readPemFromFile( diff --git a/tools/pkcs8dump.py b/tools/pkcs8dump.py index ed13875..033612a 100644 --- a/tools/pkcs8dump.py +++ b/tools/pkcs8dump.py @@ -6,7 +6,7 @@ import sys if len(sys.argv) != 1: print("""Usage: -$ cat pkcs8key.pem | %s""" % (sys.argv[0], sys.argv[0])) +$ cat pkcs8key.pem | %s""" % sys.argv[0]) sys.exit(-1) cnt = 0 @@ -17,16 +17,14 @@ while 1: break if idx == 0: - key, rest = decoder.decode( - substrate, asn1Spec=rfc5208.PrivateKeyInfo() - ) + asn1Spec = rfc5208.PrivateKeyInfo() elif idx == 1: - key, rest = decoder.decode( - substrate, asn1Spec=rfc5208.EncryptedPrivateKeyInfo() - ) + asn1Spec = rfc5208.EncryptedPrivateKeyInfo() else: break + key, rest = decoder.decode(substrate, asn1Spec=asn1Spec) + if rest: substrate = substrate[:-len(rest)] print(key.prettyPrint()) -- cgit v1.2.3