Verify that a private key matches a certificate using PyOpenSSL and PyCrypto:
import OpenSSL.crypto from Crypto.Util import asn1 c=OpenSSL.crypto # The certificate - an X509 object cert=... # The private key - a PKey object priv=... pub=cert.get_pubkey() # Only works for RSA (I think) if pub.type()!=c.TYPE_RSA or priv.type()!=c.TYPE_RSA: raise Exception('Can only handle RSA keys') # This seems to work with public as well pub_asn1=c.dump_privatekey(c.FILETYPE_ASN1, pub) priv_asn1=c.dump_privatekey(c.FILETYPE_ASN1, priv) # Decode DER pub_der=asn1.DerSequence() pub_der.decode(pub_asn1) priv_der=asn1.DerSequence() priv_der.decode(priv_asn1) # Get the modulus pub_modulus=pub_der[1] priv_modulus=priv_der[1] if pub_modulus==priv_modulus: print('Match') else: print('Oops')
The idea is to get the modulus from the two DER structures and compare them. They should be the same.
Note: You can use the above under the MIT license. If it doesn’t fit your needs let me know. My intention is to make this usable by anyone for any kind of use with no obligation.
Thank You!
You saved my day!
LikeLike
How about?:
pkey_obj = crypto.load_privatekey(crypto.FILETYPE_PEM, private_key_text)
cert_obj = crypto.load_certificate(crypto.FILETYPE_PEM, certificate_text)
ctx = OpenSSL.SSL.Context(OpenSSL.SSL.TLSv1_METHOD)
ctx.use_privatekey(pkey_obj)
ctx.use_certificate(cert_obj)
try:
ctx.check_privatekey()
print "Key matches certificate"
except OpenSSL.SSL.Error:
print "Incorrect key"
LikeLike