--pyOpenssl has the lowest hurdle. --If you want to create a CA station, you can.
-(Oreore) Different from the CA station --In terms of OpenSSL, I want to do what I can do with the "openssl ts" command system built into the mainstream from around version 1.1.0.
I researched various things, but I can only find specific articles on the following sites. Setting to create Timestamping Authority certificate signing request If you look at the information on this site, the entire configuration file openssl.cfg is posted, so let's check if it can be executed at the command level based on it.
――It seems to work basically, but there were various parts that got stuck.
--The information in the configuration file is a little old overall. SHA-2 is not included in the encryption method settings, etc.
--Since an openssl error appears at the time of execution, resolve the error one by one based on it.
--The final verification "openssl ts -verify" gives an error that the certificate cannot be found.
--At the end of the command, "openssl ts -verify ... -CAfile
--I checked pyOpenssl, but I can't find such a function. --It doesn't seem to be in cryptography.hazmat, which pyOpenssl depends on. --For example, the TS_REQ_new () function included in the OpenSSL main_ts function is not available. --In the first place, pyOpenssl depends on cryptography, and cryptography looks like openssl version 1.0.2.
$ openssl ts -query ・ ・ ・
$ openssl ts -reply ・ ・ ・
Recommended Posts