Repository files navigation

Python code for PKI certificate. 공인인증서(공동인증서)를 다루는 파이썬 코드입니다.

• Load personal purpose of PKI a.k.a "NPKI" or "공동인증서 (formerly 공인인증서)"
• Encrypt, Decrypt, Sign, Verify (part of Public-key cryptography)
• Get Details (Valid date, Serial number, CN)
• PKCS#7 sign

Load public key file and private key file.

importpypinksignp=pypinksign.PinkSign()p.load_pubkey(pubkey_path="/path/signCert.der")p.load_prikey(prikey_path="/path/signPri.key",prikey_password=b"my-0wn-S3cret")sign=p.sign(b'1')verify=p.verify(sign,b'1')# True

Load specific certificate. (by CN)

importpypinksign# choose_cert function automatically fetch path for certificates# and load certificate which match CN and passpharase for Private Keyp=pypinksign.choose_cert(cn="홍길순",pw=b"i-am-h0ng")sign=p.sign(b'1')verify=p.verify(sign,b'1')# Trueenvelop=p.pkcs7_signed_msg(b'message')# PKCS7 signed with K-PKI

Load PFX(p12) certificate.

importpypinksign# choose_cert function automatically fetch path for certificates# and load certificate which match DN and passpharase for Private Keyp=pypinksign.PinkSign(p12_path="홍길순.pfx",prikey_password=b"i-am-h0ng")sign=p.sign(b'1')verify=p.verify(sign,b'1')# Trueenvelop=p.pkcs7_enveloped_msg(b'message')# Envelop with K-PKI - Temporary removed

• Python 3.8 or above
• PyASN1 for pyasn1
• cryptography for cryptography.hazmat
• OpenSSL 1.1.1 or above due to cryptography package

The easiest way to get PyPinkSign is pip

pip install pypinksign

The current development version can be found athttp://github.com/bandoche/pypinksign/tarball/main

• Update dependency (cryptography==44.0.1) to resolves multiple vulnerabilities.
• Update dependency (pyasn1==0.6.1) to support recent python versions.
• Update cryptography deprecations (move SEED algo, use not_valid_before/after_utc) (thanks tokerokim)
• Drop Python 3.7 support

• Update dependency (cryptography==42.0.8) to resolves multiple vulnerabilities.

• Update dependency (cryptography==38.0.3) which resolves CVE-2022-3602 and CVE-2022-3786

• Upgrade dependency (cryptography==36.0.1)
• Fix file handle leakage

• Fix import path issue (thanks toGyong1211)

• Fix CRT related param error
• Remove PyOpenSSL dependency
• Remove old OpenSSL version dependency with pure SEED implementation.
  • If SEED algorithm is not supported by local OpenSSL, use python version of SEED algorithm automatically.

• Fix seed_generator to generate bytes

• Test code fix

• Add PKCS7 sign message.

• Drop Python 2 support.
• Support Python 3.6 or above.
• Add type hinting.
• Add test code.
• Add PBKDF2 for support PBES2 private key. (by [yongminz])
• Add function to injectr (rand num) value to private key.
• Updatepyasn1 to0.4.8
• Updatecryptography to2.8
• UpdatepyOpenSSL to19.1.0
• Temporary remove enveloping function.

• Add support for PFX (PKCS 12).
• AddPyOpenSSL module for PFX support.
• RemovePBKDF1 module.

• Updatecryptography dependency version to1.5.

• You can load private key file from string.
• Update Docstring format.

• Bug fix.

• Add function for get serial number of cert.
• Remove README.rst in repository.

• Add README.rst for PyPI.

• First release.

• item4
• peio forPBKDF1 code.
• youngminz for PBES2 support.
• Gyong1211 for v0.4.5
• kerokim for v0.5.3

• rootca.or.kr - Technical Specification for K-PKI System