On 01/12/2015 08:50 AM, [email protected] wrote:
> I'm loading certs via python-nss, and need to serialize the format as
> x509 PEM output. I'm using a mix of python-nss and openssl.
>
> crypto.dump_certificate does not take a nss.Certificate parameter, so
> looking for what is the "best practices" path to achieve this.
The soon to be released version 0.17.0 has support for serializing a
SecItem to PEM form. To use it you would get the binary DER data for the
cert via the der_data property and then serialize it to PEM like this:
nss.SecItem(cert.der_data).to_base64(pem_type='CERTIFICATE')
but ... 0.17.0 hasn't been released yet. So in the mean time you can
grab the binary DER data from the cert (e.g. cert.der_data) and pass it
into this Python function
import base64
def make_pem(der_data):
data = base64.b64encode(der_data)
pemcert = '\n'.join([data[x:x+64] for x in range(0, len(data), 64)])
return '-----BEGIN CERTIFICATE-----\n' + \
pemcert + \
'\n-----END CERTIFICATE-----'
print make_pem(cert.der_data)
--
John
--
dev-tech-crypto mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-crypto
