3

I'm unable to make sense of them using the RFCs. Can anyone help?

When I use this function, http://www.pyopenssl.org/en/stable/api/crypto.html#x509req-objects , am I creating a PKCS#10 format CSR?

Abhijeet Rastogi
  • 171
  • 1
  • 1
  • 5

1 Answers1

2

PKCS#10 is a specification defining what and how attributes should be contained in a Certificate Signing Request in order for it to be compliant. It is used as the default specification for most certificate signing authorities. This specification dictates the use of ASN.1.

ASN.1, also known as Abstract Syntax Notation One, is a standard that defines rules and structures for data representation. In this case, it is used to specify how the attributes you put into a PKCS#10 request should be formatted.

OpenSSL X509Req objects are classes that you can define attributes against in order to build a Certificate Signing Request. You build and add attributes to the request object. By using code similar to the following, you can then dump the class into an ASN.1 format.

req = crypto.X509Req()
output = crypto.dump_certificate_request(crypto.FILETYPE_ASN1, req)

If you create such an object, include the attributes and data required by the PKCS#10 specification and then dump it into the ASN.1 format, you have created a PKCS#10 compliant certificate signing request.

Dave Satch
  • 306
  • 2
  • 6