]> Cypherpunks.ru repositories - pygost.git/commitdiff
projects / pygost.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3cf0663)
Ability to reuse the key for reissuing
authorSergey Matveev <stargrave@stargrave.org>
Thu, 17 Mar 2022 09:38:53 +0000 (12:38 +0300)
committerSergey Matveev <stargrave@stargrave.org>
Thu, 17 Mar 2022 09:38:53 +0000 (12:38 +0300)
pygost/asn1schemas/cert-selfsigned-example.py patch | blob | history

diff --git a/pygost/asn1schemas/cert-selfsigned-example.py b/pygost/asn1schemas/cert-selfsigned-example.py
index 68876964476077b130fc449d2f3e345180884d83..ae1ee00281f1f5b53576ab1f065b6588832b4bea 100755 (executable)
--- a/pygost/asn1schemas/cert-selfsigned-example.py
+++ b/pygost/asn1schemas/cert-selfsigned-example.py
@@ -102,10 +102,19 @@ parser.add_argument(
     "--issue-with",
     help="Path to PEM with CA to issue the child",
 )
+parser.add_argument(
+    "--reuse-key",
+    help="Path to PEM with the key to reuse",
+)
 parser.add_argument(
     "--out-key",
     help="Path to PEM with the resulting key",
 )
+parser.add_argument(
+    "--only-key",
+    action="store_true",
+    help="Only generate the key",
+)
 parser.add_argument(
     "--out-cert",
     help="Path to PEM with the resulting certificate",
@@ -199,29 +208,41 @@ if args.issue_with is not None:
         if params["publicKeyParamSet"] == curve_oid
     ]))
 
+key_params = GostR34102012PublicKeyParameters((
+    ("publicKeyParamSet", ai["publicKeyParamSet"]),
+))
+
 
 def pem(obj):
     return fill(standard_b64encode(obj.encode()).decode("ascii"), 64)
 
 
-key_params = GostR34102012PublicKeyParameters((
-    ("publicKeyParamSet", ai["publicKeyParamSet"]),
-))
-
-prv_raw = urandom(ai["prv_len"])
-out = stdout if args.out_key is None else open(args.out_key, "w")
-print("-----BEGIN PRIVATE KEY-----", file=out)
-print(pem(PrivateKeyInfo((
-    ("version", Integer(0)),
-    ("privateKeyAlgorithm", PrivateKeyAlgorithmIdentifier((
-        ("algorithm", ai["key_algorithm"]),
-        ("parameters", Any(key_params)),
-    ))),
-    ("privateKey", PrivateKey(OctetString(prv_raw).encode())),
-))), file=out)
-print("-----END PRIVATE KEY-----", file=out)
+if args.reuse_key is not None:
+    with open(args.reuse_key, "rb") as fd:
+        lines = fd.read().decode("ascii").split("-----")
+    idx = lines.index("BEGIN PRIVATE KEY")
+    if idx == -1:
+        raise ValueError("PEM has no PRIVATE KEY")
+    prv_raw = standard_b64decode(lines[idx + 1])
+    pki = PrivateKeyInfo().decod(prv_raw)
+    prv = prv_unmarshal(bytes(OctetString().decod(bytes(pki["privateKey"]))))
+else:
+    prv_raw = urandom(ai["prv_len"])
+    out = stdout if args.out_key is None else open(args.out_key, "w")
+    print("-----BEGIN PRIVATE KEY-----", file=out)
+    print(pem(PrivateKeyInfo((
+        ("version", Integer(0)),
+        ("privateKeyAlgorithm", PrivateKeyAlgorithmIdentifier((
+            ("algorithm", ai["key_algorithm"]),
+            ("parameters", Any(key_params)),
+        ))),
+        ("privateKey", PrivateKey(OctetString(prv_raw).encode())),
+    ))), file=out)
+    print("-----END PRIVATE KEY-----", file=out)
+    if args.only_key:
+        exit()
+    prv = prv_unmarshal(prv_raw)
 
-prv = prv_unmarshal(prv_raw)
 curve = ai["curve"]
 pub_raw = pub_marshal(public_key(curve, prv))
 rdn = [RelativeDistinguishedName((
Pure Python GOST cryptographic functions library