1

I need to generate a pair of private and public keys in Python. I used to generate them on the site mkjwk, but I want to automate this process. enter image description here

I need to generate keys in a format like the ones highlighted in yellow in the picture. I tried to use the cryptography library to solve this problem. I managed to generate a private key in the required format, but I don’t know how to generate a public key.

key = rsa.generate_private_key(
    public_exponent=65537,
    key_size=2048,
)
private_key = key.private_bytes(
    encoding=serialization.Encoding.PEM,
    format=serialization.PrivateFormat.TraditionalOpenSSL,
    encryption_algorithm=serialization.NoEncryption(),
)

I would be very grateful for any help with this. This does not have to be done with the cryptography library, if there is a better way.

Helen
  • 463
  • 2
  • 9
  • 23
  • 3
    Your posted code currently generates a PKCS#1 private key (PEM encoded). However, the private key highlighted in yellow in the screenshot is a PKCS#8 key (PEM encoded). For the code to return the private key in this format, `serialization.PrivateFormat.PKCS8` must be used instead of `serialization.PrivateFormat.TraditionalOpenSSL`, see [here](https://cryptography.io/en/latest/hazmat/primitives/asymmetric/serialization.html#cryptography.hazmat.primitives.serialization.PrivateFormat). – Topaco Mar 15 '21 at 08:11
  • 2
    The website "https://jwt.io/" offers an overview about libraries for JWT (your public key in JWK encoding so I assume it is in use for any JWT/JWE/JWS workflow. – Michael Fehr Mar 15 '21 at 08:14
  • 3
    The corresponding export of the public key (X.509/SPKI, PEM) is described in the [documentation](https://cryptography.io/en/latest/hazmat/primitives/asymmetric/rsa.html#key-serialization) of the Cryptography library. However, the public key highlighted in yellow in the screenshot has the JWK format. This format is not supported by _Cryptography_ afaIk. For this you have to use another library which directly generates keys in this format or supports the conversion JWK <-> PEM, e.g. [JWCrypto](https://jwcrypto.readthedocs.io/en/latest/jwk.html). – Topaco Mar 15 '21 at 08:15

1 Answers1

0

I guess using pyopenssl should do it for you https://www.pyopenssl.org/en/stable/api/crypto.html#OpenSSL.crypto.PKey.generate_key

from OpenSSL import crypto

pk = crypto.PKey()
pk.generate_key(crypto.TYPE_RSA, 2048)

print(f"Private key : {crypto.dump_privatekey(crypto.FILETYPE_PEM, pk)}\n")
print(f"Public key : {crypto.dump_publickey(crypto.FILETYPE_PEM, pk)}\n")


Private key : b'-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDngpyqg5dMlaLL\nNv6WruNAmeA9bZWmr62b0GEOqccjaq6aWscPUYAdzV/xoqAQ8JV6v8OS2O54mi7h\naE0ma4MXpajq8GAf8l/EJoHM1/2mo7r/XDVsxyUgBpd0P/8ds4KiN++x4wr4/Kof\nGHd6+aEwVbRb20ha/IjS6500eDSr1Ld1QMoSWHZ9AJSNgRFc2bm+y/7O/Qf/Oel5\nUSuWKHWBvoyqX5d643ltUDwc3a3H/A0bTwHYYM3W7FbeievNjxs9yM2dUMhPHOS+\n4ATlD1rvsVF686z/MiTicIDe0Sd0Svsk6w2y2QZeYql96EPRcwTAHTlBvpIzJpJx\nJlL2554RAgMBAAECggEBAMvP0NzMvIZPteHxqHA/xxE4ZpGtx/HW96AU811VWltz\nsANzp4t01LVn+O9hnElNhEtsR2EgWdES6/LFQCZywBYxYWRz+iwl1Ol6fQs5m7T4\nr8fgBaieKbDoHK3bKV2ci4UEeaDBoQdSaPK3N3isC5vh18aGZkyzxkDp7JwktzoN\nfinMTmuZPuczl2leqnoY6Dlkkj8hElMLqzAK3TAq5eVh+k0mGklF3LwdLBiG9JTa\nPh1IFYv3OqKvBla+HATyY/596otd3mn7I7EJMekWickNsroxO/wCi7SUvtizyB+d\nAY83u7vY5vJM9kNGU3X6/ac+eK/S65Hp7kRyqhhCV4ECgYEA+ekBijL5jTyTh/a2\nlfh0LKnynXYzyhwM4ZRIEjHGHjkkDSUbDiD9K+8DFrz3btc5rBImRVYABh4uBXJC\ntL42r5A4woxwblD4UZ09OJ+nuuE1ahtjWMTxRnIzKCfsfDCxETxBusMcyCxDggm0\nSAvBkLjGgqimN7nR0QqcRFuEU2MCgYEA7SbSqkFy4m8y+7TLPvA8ynrhR6GJ+xCe\nxOWBcbqs7W6e5q1OTPBnV0gXA1gBcu0AfAz3GZAYDeO44fBOFtDOzALjNOkVRM1U\nFEjESyAGbGAp2tfzMc7rN6UOZ7SJ78HNu7WTjTSmFK+wyxdcEIS93GDOjKYbNqwR\nBw056aRrdPsCgYBhpnI7lf98+JaNIhHmN9btPNrYPD+wUZWW72HZ+ij31kwH9t/D\nfZBvgk0qrVvhq6eVXOInZZtMyK4i4qq+BTVJFImZO1cTRABDo7UwUvIvS6CbfWgs\nX4gHhsgGgNMfE8ecfHcSivrMHL+kKDaRkEZqTkkC9PM+AxXBIOw+qaPjEQKBgC+O\nN3R4x2bs0ZZz/MXUOvyHg6FvnVHBVXU6aKi7vG2oXyj229rF4pM4G5VKEpBPQmed\n2fdAU/KFFdAI9j/RA4cZlSJJE0DGw/OFXAeMln0pE3uVDmmQis6PxMG7DGYNwQnB\nMaOBSUSgrp0rRATz+Xa12vWNYaum+YsmddSKahn9AoGBAKKZ1kBir/KQdWv4XcSD\nVni4KTbBj9W6bDHYASPL7NQnBnrwbkEqZu5U4gHTCpJ6KHMLn0pJv9W3PMjBIlDd\n3va9+Ex6KM0+Xuh21I2HAxzqGFW7b60rGnKx8CKqhzggOpyK9FpaxE3u51b+s6sE\nZac7zriIze30/udoDzckVqJM\n-----END PRIVATE KEY-----\n'
Public key : b'-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA54KcqoOXTJWiyzb+lq7j\nQJngPW2Vpq+tm9BhDqnHI2qumlrHD1GAHc1f8aKgEPCVer/DktjueJou4WhNJmuD\nF6Wo6vBgH/JfxCaBzNf9pqO6/1w1bMclIAaXdD//HbOCojfvseMK+PyqHxh3evmh\nMFW0W9tIWvyI0uudNHg0q9S3dUDKElh2fQCUjYERXNm5vsv+zv0H/znpeVErlih1\ngb6Mql+XeuN5bVA8HN2tx/wNG08B2GDN1uxW3onrzY8bPcjNnVDITxzkvuAE5Q9a\n77FRevOs/zIk4nCA3tEndEr7JOsNstkGXmKpfehD0XMEwB05Qb6SMyaScSZS9uee\nEQIDAQAB\n-----END PUBLIC KEY-----\n'
Pr1614
  • 61
  • 1
  • 6