Changeset 73


Ignore:
Timestamp:
11/12/14 15:19:33 (10 years ago)
Author:
tim
Message:

added PKCS12 capabilities to clonecertchain

Location:
trunk/bin
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/bin/bletchley-clonecertchain

    r72 r73  
    11#!/usr/bin/env python3
    2 
     2#-*- mode: Python;-*-
     3#
    34# Requires Python 3+
     5
    46
    57'''
     
    188190    description="An experimental script which attempts to clone an SSL server's"
    189191    " entire certificate chain, ideally altering only the keys and signatures"
    190     " along the way.  The script prints results to stdout, starting with a PEM"
     192    " along the way.  The script prints results to stdout, starting with a PKCS7 (PEM)"
    191193    " key (the fake server private key) followed by the newly forged certificate"
    192194    " chain, also in PEM format.  (The new intermediate and root private keys are"
    193     " not currently printed, but will likely be somehow availble in a future"
     195    " not currently printed, but will likely be somehow available in a future"
    194196    " version.)")
    195197
    196198parser.add_argument('host', nargs=1, default=None,
    197199                    help='IP address or host name of server')
    198 parser.add_argument('port', nargs='?', default=443,
     200parser.add_argument('port', nargs='?', type=int, default=443,
    199201                    help='TCP port number of SSL service (default: 443)')
     202parser.add_argument(
     203    '--p12', dest='p12_filename', type=str, required=False, default=None,
     204    help='If specified, a PKCS12 file will be written with the generated certificates'
     205    ' and server key (in addition to normal PKCS7 output).  NOTE: the file specified'
     206    ' will be overwritten without prompting if it already exists.')
     207parser.add_argument(
     208    '--p12password', dest='p12_password', type=str, required=False, default='bletchley',
     209    help='If specified along with the --p12 argument, the PKCS12 file will use this password'
     210    ' to encrypt the server private key.  (Otherwise, the password "bletchley" is used).')
    200211options = parser.parse_args()
    201212
     
    214225for c in fake_chain:
    215226    print(OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, c).decode('utf-8'))
     227
     228if options.p12_filename:
     229    p12_file = open(options.p12_filename, 'w+b')
     230
     231    p12 = OpenSSL.crypto.PKCS12()
     232    p12.set_ca_certificates(fake_chain[1:])
     233    p12.set_privatekey(fake_key)
     234    p12.set_certificate(fake_chain[0])
     235
     236    p12_file.write(p12.export(passphrase=options.p12_password.encode('utf-8')))
     237    p12_file.close()
  • trunk/bin/bletchley-decode

    r40 r73  
    11#!/usr/bin/env python3
    2 
     2#-*- mode: Python;-*-
     3#
    34# Requires Python 3+
    45
  • trunk/bin/bletchley-http2py

    r71 r73  
    11#!/usr/bin/env python3
    2 
     2#-*- mode: Python;-*-
     3#
    34# Requires Python 3+
    45
Note: See TracChangeset for help on using the changeset viewer.