44 lines
1.1 KiB
Python
44 lines
1.1 KiB
Python
#!/usr/bin/env python3
|
|
# dlitz 2026
|
|
|
|
from cryptography import x509
|
|
from cryptography.hazmat.primitives import hashes
|
|
from cryptography.hazmat.primitives.serialization import (
|
|
Encoding,
|
|
load_pem_private_key,
|
|
load_pem_public_key,
|
|
PrivateFormat,
|
|
)
|
|
from cryptography.hazmat.primitives.serialization import (
|
|
pkcs12,
|
|
BestAvailableEncryption,
|
|
KeySerializationEncryption,
|
|
)
|
|
|
|
from pathlib import Path
|
|
|
|
privkey_obj = load_pem_private_key(Path("x-private.pem").read_bytes(), password=None)
|
|
cert_obj = x509.load_pem_x509_certificate(Path("x-cert.pem").read_bytes())
|
|
chain_objs = x509.load_pem_x509_certificates(Path("threecerts.pem").read_bytes())
|
|
|
|
|
|
def pkcs12_pbes(password: bytes) -> KeySerializationEncryption:
|
|
return (
|
|
PrivateFormat.PKCS12.encryption_builder()
|
|
.kdf_rounds(50000)
|
|
.key_cert_algorithm(pkcs12.PBES.PBESv2SHA256AndAES256CBC)
|
|
.hmac_hash(hashes.SHA256())
|
|
.build(password)
|
|
)
|
|
|
|
|
|
p12 = pkcs12.serialize_key_and_certificates(
|
|
name=b"friendly-name",
|
|
key=privkey_obj,
|
|
cert=cert_obj,
|
|
cas=chain_objs,
|
|
encryption_algorithm=pkcs12_pbes(b"secret"),
|
|
)
|
|
|
|
Path("out.p12").write_bytes(p12)
|