Python code for PKI certificate. 공인인증서(공동인증서)를 다루는 파이썬 코드입니다.

• Load personal purpose of PKI a.k.a "NPKI" or "공인인증서"
• Encrypt, Decrypt, Sign, Verify (part of Public-key cryptography)
• Get Details (Valid date, Serial number, CN)
• PKCS#7 sign, envelop (WIP)

Load public key file and private key file.

import pypinksign
p = pypinksign.PinkSign()
p.load_pubkey(pubkey_path="/path/signCert.der")
p.load_prikey(prikey_path="/path/signPri.key", prikey_password=b"my-0wn-S3cret")
sign = p.sign(b'1') 
verify = p.verify(sign, b'1')  # True

Load specific certificate. (by CN)

import pypinksign

# choose_cert function automatically fetch path for certificates
# and load certificate which match CN and passpharase for Private Key
p = pypinksign.choose_cert(cn="홍길순", pw=b"i-am-h0ng")
sign = p.sign(b'1') 
verify = p.verify(sign, b'1')  # True
envelop = p.pkcs7_signed_msg(b'message')  # PKCS7 signed with K-PKI

Load PFX(p12) certificate.

import pypinksign

# choose_cert function automatically fetch path for certificates
# and load certificate which match DN and passpharase for Private Key
p = pypinksign.PinkSign(p12_path="홍길순.pfx", prikey_password=b"i-am-h0ng")
sign = p.sign(b'1') 
verify = p.verify(sign, b'1')  # True
envelop = p.pkcs7_enveloped_msg(b'message')  # Envelop with K-PKI - Temporary removed

• Python 3.6 or above
• PyASN1 for pyasn1
• cryptography for cryptography.hazmat
• OpenSSL 1.1.1 or above due to cryptography package

The easiest way to get PyPinkSign is pip

pip install pypinksign

The current development version can be found at http://github.com/bandoche/pypinksign/tarball/main

• Update dependency (cryptography==38.0.3) which resolves CVE-2022-3602 and CVE-2022-3786

• Upgrade dependency (cryptography==36.0.1)
• Fix file handle leakage

• Fix import path issue (thanks to Gyong1211)

• Fix CRT related param error
• Remove PyOpenSSL dependency
• Remove old OpenSSL version dependency with pure SEED implementation.
  • If SEED algorithm is not supported by local OpenSSL, use python version of SEED algorithm automatically.

• Fix seed_generator to generate bytes

• Test code fix

• Add PKCS7 sign message.

• Drop Python 2 support.
• Support Python 3.6 or above.
• Add type hinting.
• Add test code.
• Add PBKDF2 for support PBES2 private key. (by [yongminz])
• Add function to inject r (rand num) value to private key.
• Update pyasn1 to 0.4.8
• Update cryptography to 2.8
• Update pyOpenSSL to 19.1.0
• Temporary remove enveloping function.

• Add support for PFX (PKCS 12).
• Add PyOpenSSL module for PFX support.
• Remove PBKDF1 module.

• Update cryptography dependency version to 1.5.

• You can load private key file from string.
• Update Docstring format.

• Bug fix.

• Add function for get serial number of cert.
• Remove README.rst in repository.

• Add README.rst for PyPI.

• First release.

• item4
• peio for PBKDF1 code.
• youngminz for PBES2 support.
• Gyong1211 for v0.4.5

• rootca.or.kr - Technical Specification for K-PKI System