Python code for PKI certificate. 공인인증서(공동인증서)를 다루는 파이썬 코드입니다.

Build codecov

• Load personal purpose of PKI a.k.a "NPKI" or "공동인증서 (formerly 공인인증서)"
• Encrypt, Decrypt, Sign, Verify (part of Public-key cryptography)
• Get Details (Valid date, Serial number, CN)
• PKCS#7 sign

Load public key file and private key file.

import pypinksign
p = pypinksign.PinkSign()
p.load_pubkey(pubkey_path="/path/signCert.der")
p.load_prikey(prikey_path="/path/signPri.key", prikey_password=b"my-0wn-S3cret")
sign = p.sign(b'1') 
verify = p.verify(sign, b'1') # True

Load specific certificate. (by CN)

import pypinksign
# choose_cert function automatically fetch path for certificates
# and load certificate which match CN and passpharase for Private Key
p = pypinksign.choose_cert(cn="홍길순", pw=b"i-am-h0ng")
sign = p.sign(b'1') 
verify = p.verify(sign, b'1') # True
envelop = p.pkcs7_signed_msg(b'message') # PKCS7 signed with K-PKI

Load PFX(p12) certificate.

import pypinksign
# choose_cert function automatically fetch path for certificates
# and load certificate which match DN and passpharase for Private Key
p = pypinksign.PinkSign(p12_path="홍길순.pfx", prikey_password=b"i-am-h0ng")
sign = p.sign(b'1') 
verify = p.verify(sign, b'1') # True
envelop = p.pkcs7_enveloped_msg(b'message') # Envelop with K-PKI - Temporary removed

• Python 3.8 or above
• PyASN1 for pyasn1
• cryptography for cryptography.hazmat
• OpenSSL 1.1.1 or above due to cryptography package

The easiest way to get PyPinkSign is pip

pip install pypinksign

The current development version can be found at http://github.com/bandoche/pypinksign/tarball/main

• Update dependency (cryptography>=46.0.3) to include latest security patches and compatibility updates.
• Require OpenSSL 3.0.0 or newer.
• Add Python 3.14 support.

• Update dependency (cryptography==44.0.1) to resolves multiple vulnerabilities.
• Update dependency (pyasn1==0.6.1) to support recent python versions.
• Update cryptography deprecations. (move SEED algo, use not_valid_before/after_utc) (thanks to kerokim)
• Drop Python 3.7 support.

• Update dependency (cryptography==42.0.8) to resolves multiple vulnerabilities.

• Update dependency (cryptography==38.0.3) which resolves CVE-2022-3602 and CVE-2022-3786.

• Upgrade dependency. (cryptography==36.0.1)
• Fix file handle leakage.

• Fix import path issue. (thanks to Gyong1211)

• Fix CRT related param error.
• Remove PyOpenSSL dependency.
• Remove old OpenSSL version dependency with pure SEED implementation.
  • If SEED algorithm is not supported by local OpenSSL, use python version of SEED algorithm automatically.

• Fix seed_generator to generate bytes.

• Test code fix.

• Add PKCS7 sign message.

• Drop Python 2 support.
• Support Python 3.6 or above.
• Add type hinting.
• Add test code.
• Add PBKDF2 for support PBES2 private key. (by [yongminz])
• Add function to inject r (rand num) value to private key.
• Update pyasn1 to 0.4.8.
• Update cryptography to 2.8.
• Update pyOpenSSL to 19.1.0.
• Temporary remove enveloping function.

• Add support for PFX (PKCS 12).
• Add PyOpenSSL module for PFX support.
• Remove PBKDF1 module.

• Update cryptography dependency version to 1.5.

• You can load private key file from string.
• Update Docstring format.

• Bug fix.

• Add function for get serial number of cert.
• Remove README.rst in repository.

• Add README.rst for PyPI.

• First release.

• item4
• peio for PBKDF1 code.
• youngminz for PBES2 support.
• Gyong1211 for v0.4.5
• kerokim for v0.5.3

• rootca.or.kr - Technical Specification for K-PKI System