Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to extract public key from a x509 certificate in python?

Tags:

Below shows the code example I followed, However I got error response as - "Unable to load certificate".

from cryptography.x509 import load_pem_x509_certificate
from cryptography.hazmat.backends import default_backend

cert_str = '-----BEGIN CERTIFICATE----- MIIDBTCCAe2gAwIBAgIQEsuEXXy6BbJCK3bMU6GZ/TANBgkqhkiG9w0BAQsFADAt... -----END CERTIFICATE-----';

cert_obj = load_pem_x509_certificate(str.encode(cert_str), default_backend())
public_key = cert_obj.public_key();

Error response

Traceback (most recent call last):
  File "C:\xampp1\htdocs\TestWorkPlace\TestPython\src\test1.py", line 10, in <module>
    cert_obj = load_pem_x509_certificate(str.encode(cert_str), default_backend())
  File "C:\Program Files (x86)\Python\lib\site-packages\cryptography\x509\base.py", line 43, in load_pem_x509_certificate
    return backend.load_pem_x509_certificate(data)
  File "C:\Program Files (x86)\Python\lib\site-packages\cryptography\hazmat\backends\multibackend.py", line 341, in load_pem_x509_certificate
    return b.load_pem_x509_certificate(data)
  File "C:\Program Files (x86)\Python\lib\site-packages\cryptography\hazmat\backends\openssl\backend.py", line 1175, in load_pem_x509_certificate
    raise ValueError("Unable to load certificate")
ValueError: Unable to load certificate

Please help me to sort this issue.

like image 680
mugzi Avatar asked Jan 27 '17 10:01

mugzi


1 Answers

Private keys are not contained within X509 certificates, only public keys. To extract the public key you've got the correct code, but your certificate will not load because it isn't in proper PEM format.

A PEM formatted certificate has the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- delimiters and base64 encoded data in between, but it also needs to be a maximum of 64 characters per line (originally defined in RFC 1421 but also present in RFC 7468).

Some software is more forgiving than the specification, but the underlying library for pyca/cryptography (OpenSSL or LibreSSL) requires that it be formatted in this fashion.

like image 66
Paul Kehrer Avatar answered Sep 25 '22 10:09

Paul Kehrer