summaryrefslogtreecommitdiffstats
path: root/src/ukify
diff options
context:
space:
mode:
Diffstat (limited to 'src/ukify')
-rwxr-xr-xsrc/ukify/ukify.py30
1 files changed, 16 insertions, 14 deletions
diff --git a/src/ukify/ukify.py b/src/ukify/ukify.py
index 432dc87988..99a0d72650 100755
--- a/src/ukify/ukify.py
+++ b/src/ukify/ukify.py
@@ -858,7 +858,8 @@ def generate_key_cert_pair(
) -> tuple[bytes]:
from cryptography import x509
- import cryptography.hazmat.primitives as hp
+ from cryptography.hazmat.primitives import serialization, hashes
+ from cryptography.hazmat.primitives.asymmetric import rsa
# We use a keylength of 2048 bits. That is what Microsoft documents as
# supported/expected:
@@ -866,7 +867,7 @@ def generate_key_cert_pair(
now = datetime.datetime.utcnow()
- key = hp.asymmetric.rsa.generate_private_key(
+ key = rsa.generate_private_key(
public_exponent=65537,
key_size=keylength,
)
@@ -888,36 +889,37 @@ def generate_key_cert_pair(
critical=True,
).sign(
private_key=key,
- algorithm=hp.hashes.SHA256(),
+ algorithm=hashes.SHA256(),
)
cert_pem = cert.public_bytes(
- encoding=hp.serialization.Encoding.PEM,
+ encoding=serialization.Encoding.PEM,
)
key_pem = key.private_bytes(
- encoding=hp.serialization.Encoding.PEM,
- format=hp.serialization.PrivateFormat.TraditionalOpenSSL,
- encryption_algorithm=hp.serialization.NoEncryption(),
+ encoding=serialization.Encoding.PEM,
+ format=serialization.PrivateFormat.TraditionalOpenSSL,
+ encryption_algorithm=serialization.NoEncryption(),
)
return key_pem, cert_pem
def generate_priv_pub_key_pair(keylength : int = 2048) -> tuple[bytes]:
- import cryptography.hazmat.primitives as hp
+ from cryptography.hazmat.primitives import serialization
+ from cryptography.hazmat.primitives.asymmetric import rsa
- key = hp.asymmetric.rsa.generate_private_key(
+ key = rsa.generate_private_key(
public_exponent=65537,
key_size=keylength,
)
priv_key_pem = key.private_bytes(
- encoding=hp.serialization.Encoding.PEM,
- format=hp.serialization.PrivateFormat.TraditionalOpenSSL,
- encryption_algorithm=hp.serialization.NoEncryption(),
+ encoding=serialization.Encoding.PEM,
+ format=serialization.PrivateFormat.TraditionalOpenSSL,
+ encryption_algorithm=serialization.NoEncryption(),
)
pub_key_pem = key.public_key().public_bytes(
- encoding=hp.serialization.Encoding.PEM,
- format=hp.serialization.PublicFormat.SubjectPublicKeyInfo,
+ encoding=serialization.Encoding.PEM,
+ format=serialization.PublicFormat.SubjectPublicKeyInfo,
)
return priv_key_pem, pub_key_pem