PyPinkSign

Python code for PKI certificate. 공인인증서(공동인증서)를 다루는 파이썬 코드입니다.

Status

Support method

• Load personal purpose of PKI a.k.a "NPKI" or "공인인증서"
• Encrypt, Decrypt, Sign, Verify (part of Public-key cryptography)
• Get Details (Valid date, Serial number, CN)
• PKCS#7 sign, envelop (WIP)

Usage example

Load public key file and private key file.

import pypinksign
p = pypinksign.PinkSign()
p.load_pubkey(pubkey_path="/path/signCert.der")
p.load_prikey(prikey_path="/path/signPri.key", prikey_password=b"my-0wn-S3cret")
sign = p.sign(b'1') 
verify = p.verify(sign, b'1')  # True

Load specific certificate. (by CN)

import pypinksign

# choose_cert function automatically fetch path for certificates
# and load certificate which match CN and passpharase for Private Key
p = pypinksign.choose_cert(cn="홍길순", pw=b"i-am-h0ng")
sign = p.sign(b'1') 
verify = p.verify(sign, b'1')  # True
envelop = p.pkcs7_signed_msg(b'message')  # PKCS7 signed with K-PKI

Load PFX(p12) certificate.

import pypinksign

# choose_cert function automatically fetch path for certificates
# and load certificate which match DN and passpharase for Private Key
p = pypinksign.PinkSign(p12_path="홍길순.pfx", prikey_password=b"i-am-h0ng")
sign = p.sign(b'1') 
verify = p.verify(sign, b'1')  # True
envelop = p.pkcs7_enveloped_msg(b'message')  # Envelop with K-PKI - Temporary removed

Requirement & Dependency

• Python 3.6 or above
• PyASN1 for pyasn1
• cryptography for cryptography.hazmat
• OpenSSL 1.1.1 or above due to cryptography package

Installation

The easiest way to get PyPinkSign is pip

pip install pypinksign

The current development version can be found at http://github.com/bandoche/pypinksign/tarball/main

History

Ver. 0.5.1 (2022-11-02)

• Update dependency (cryptography==38.0.3) which resolves CVE-2022-3602 and CVE-2022-3786

Ver. 0.5.0 (2022-01-18)

• Upgrade dependency (cryptography==36.0.1)
• Fix file handle leakage

Ver. 0.4.5 (2020-12-03)

• Fix import path issue (thanks to Gyong1211)

Ver. 0.4.4 (2020-12-03)

• Fix CRT related param error
• Remove PyOpenSSL dependency
• Remove old OpenSSL version dependency with pure SEED implementation.
  • If SEED algorithm is not supported by local OpenSSL, use python version of SEED algorithm automatically.

Ver. 0.4.3 (2020-02-26)

• Fix seed_generator to generate bytes

Ver. 0.4.2 (2020-02-26)

• Test code fix

Ver. 0.4.1 (2020-02-26)

• Add PKCS7 sign message.

Ver. 0.4 (2020-02-26)

• Drop Python 2 support.
• Support Python 3.6 or above.
• Add type hinting.
• Add test code.
• Add PBKDF2 for support PBES2 private key. (by [yongminz])
• Add function to inject r (rand num) value to private key.
• Update pyasn1 to 0.4.8
• Update cryptography to 2.8
• Update pyOpenSSL to 19.1.0
• Temporary remove enveloping function.

Ver. 0.3 (2017-03-14)

• Add support for PFX (PKCS 12).
• Add PyOpenSSL module for PFX support.
• Remove PBKDF1 module.

Ver. 0.2.3 (2016-09-19)

• Update cryptography dependency version to 1.5.

Ver. 0.2.2 (2016-07-25)

• You can load private key file from string.
• Update Docstring format.

Ver. 0.2.1 (2016-06-23)

• Bug fix.

Ver. 0.2 (2016-06-21)

• Add function for get serial number of cert.
• Remove README.rst in repository.

Ver. 0.1.1 (2015-06-07)

• Add README.rst for PyPI.

Ver. 0.1 (2015-06-07)

• First release.

Thanks to

• item4
• peio for PBKDF1 code.
• youngminz for PBES2 support.
• Gyong1211 for v0.4.5

See also

• rootca.or.kr - Technical Specification for K-PKI System