[Cryptography-dev] x509 Certificate Fingerprint Format
Gilbert Mendoza
gmendoza at gmail.com
Mon Feb 11 19:06:55 EST 2019
Greets!
I'm working with x509 certificates in Python, and I'm trying to see if
there's a more elegant approach to producing a fingerprint string that is
formatted similar to the OpenSSL fingerprint output.
openssl x509 -noout -fingerprint -sha1 -inform pem -in certificate.pem
SHA1 Fingerprint=76:E1:81:9F:AD:F0:6A:55:EF:4B:12:6A:2E:F7:43:C2:BA:E8:A1:51
Reading the documentation on the X.509 Certificate Object class [1], I
learned how to return the fingerprint value as a bytes object, which I then
converted to a hex string object, and then manipulated the string to look
like a colon separated fingerprint.
[1]
https://cryptography.io/en/latest/x509/reference/#x-509-certificate-object
cert = x509.load_pem_x509_certificate(pem_block, default_backend())
hash_bytes = cert.fingerprint(hashes.SHA1())
print(hash_bytes)
b'v\xe1\x81\x9f\xad\xf0jU\xefK\x12j.\xf7C\xc2\xba\xe8\xa1Q'
hash_hex = bytearray(cert.fingerprint(hashes.SHA1())).hex()
print(hash_hex)
76e1819fadf06a55ef4b126a2ef743c2bae8a151
hash = ":".join(hash_hex[i:i+2] for i in range(0,len(hash_hex),2)).upper()
print(hash)
76:E1:81:9F:AD:F0:6A:55:EF:4B:12:6A:2E:F7:43:C2:BA:E8:A1:51
So is there an easier way to get the fingerprint in this format, or am I
already there?
Many thanks in advance!
Gilbert
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/cryptography-dev/attachments/20190211/9e4cc396/attachment.html>
More information about the Cryptography-dev
mailing list