PKI Tools¶
PKI tools exposes a high level cryptography API and wrappers for e.g.:
- Loading certificates from PEM strings/files/cryptography object into a pydantic model including all x509 v3 extensions
- Checking revocation of certificates using OCSP with CRL fallback
- Creating Certs, CSR, CRL easy with pure pydantic objects to e.g. get a PEM file
Install¶
pip install pki-tools
Chat¶
Log level¶
pki-tools use loguru library for logging. Where the default log level
is DEBUG, if you want to change it you could e.g. use the LOGURU_LEVEL
environment variable.
Features¶
- Checking Revocation - checking revocation status of certificates using OCSP and/or CRL
Creating x509 objects¶
| Certificate | CertificateSigningRequest | Chain | OCSP |
|---|---|---|---|
| Create Self SignedCreate Cross Signed | Create and sign | Create from certificates | Create requestCreate response |
| DSA | EllipticCurve | ED448 | ED25519 | RSA |
|---|---|---|---|---|
| generate | generate | generate | generate | generate |
Loading x509 objects¶
| Certificate | CertificateSigningRequest | Chain | OCSP |
|---|---|---|---|
| from_pem_string | from_pem_string | from_pem_string | Request.from_pem_stringResponse.from_pem_string |
| from_file | from_file | from_file | Request.from_fileResponse.from_file |
| from_cryptography | from_cryptography | from_cryptography | Request.from_cryptographyResponse.from_cryptography |
| from_uri | N/A | from_uri | N/A |
| from_server | N/A | N/A | N/A |
Saving x509 objects¶
| Certificate | CertificateSigningRequest | Chain | OCSP |
|---|---|---|---|
| to_file | to_file | to_file | Request.to_fileResponse.to_file |
| DSA | EllipticCurve | ED448 | ED25519 | RSA |
|---|---|---|---|---|
| to_file | to_file | to_file | to_file | to_file |