search

turiya / keyczar

Automatically exported from code.google.com/p/keyczar
0 stars 0 forks source link

PKCS8 #90

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
It would be useful to develop the classes/methods to work with PKCS8 password 
protected private key in DER format in order to work with the public/private 
keys issued by the mexican IRS to sign electronic invoices in order to develop 
a python module for this.

Original issue reported on code.google.com by andreus...@gmail.com on 21 Mar 2012 at 4:50

GoogleCodeExporter commented 9 years ago 
The C++ keyczart tool can import and export PKCS8 key files, and the Java 
KeyczarTool can export them.  It would be nice to have all of this 
functionality in all supported languages, but perhaps you can use the other 
tools to handle import/export, and then use Keyczar Python for your 
encryption/decryption needs.

Original comment by swillden@google.com on 21 Mar 2012 at 1:07

GoogleCodeExporter commented 9 years ago 
Java KeyczarTool can import PKCS8 files.  Still need the functionality in 
Python.

Original comment by swillden@google.com on 5 Apr 2012 at 3:35

GoogleCodeExporter commented 9 years ago

Original comment by jtu...@gmail.com on 2 Mar 2013 at 9:31

GoogleCodeExporter commented 9 years ago 
In util.py you can parse PKCS8 and X509 files to import and export public keys 
(util.ParseX509, util.ExportRsaX509, util.ExportDsaX509, util.ParsePkcs8, 
util.ExportRsaPkcs8, util.ExportDsaPkcs8). This doesn't actually import them 
into keyczar but returns a dictionary of parameters that make up the key. The 
necessary fields for the parameters are all there, but the names are slightly 
different then the names keyczar uses, so they need to be changed to match the 
expected parameter and then keyczar would be able to read these keys. This may 
be a good temporary solution until keyczartool is fixed. 

The import and export methods on keyczartool would need to be rewritten to 
support private keys as well.

Original comment by dlundb...@google.com on 5 Sep 2013 at 3:40

GoogleCodeExporter commented 9 years ago 
Also it looks like pycrypto just added PKCS8 support a couple months ago.
https://github.com/dlitz/pycrypto/commit/90d6d3dbcfb02fc441edafe6fafe6e6800009e3
5

I don't know how long we usually wait to update dependencies, but it makes 
sense to wait until its been in the library for a bit. It might make sense to 
wait until we can use this code to build this feature, especially for encrypted 
keys.

Original comment by dlundb...@google.com on 5 Sep 2013 at 4:49