On Monday, January 12, 2015 at 12:49:36 PM UTC-5, John Dennis wrote: > On 01/12/2015 08:50 AM, robertdaniels2...@gmail.com wrote: > > I'm loading certs via python-nss, and need to serialize the format as > > x509 PEM output. I'm using a mix of python-nss and openssl. > > > > crypto.dump_certificate does not take a nss.Certificate parameter, so > > looking for what is the "best practices" path to achieve this. > > The soon to be released version 0.17.0 has support for serializing a > SecItem to PEM form. To use it you would get the binary DER data for the > cert via the der_data property and then serialize it to PEM like this: > > nss.SecItem(cert.der_data).to_base64(pem_type='CERTIFICATE') > > but ... 0.17.0 hasn't been released yet. So in the mean time you can > grab the binary DER data from the cert (e.g. cert.der_data) and pass it > into this Python function > > import base64 > def make_pem(der_data): > data = base64.b64encode(der_data) > pemcert = '\n'.join([data[x:x+64] for x in range(0, len(data), 64)]) > return '-----BEGIN CERTIFICATE-----\n' + \ > pemcert + \ > '\n-----END CERTIFICATE-----' > > > print make_pem(cert.der_data) > > > -- > John
Thanks - got it. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
