M2Crypto: AttributeError: 'CSR' object has no attribute 'pkey'

Hello python-guys

I am trying to build a python based certificate authority using
m2crypto. I am quite new to python and I am asking myself why my code
snippets below throw the following Traceback:

$ python csr.py

Traceback (most recent call last):
  File "csr.py", line 48, in <module>
    csr.create_cert_signing_request(pubkey, cert_name)
  File "csr.py", line 17, in create_cert_signing_request
  File "/usr/lib64/python2.6/site-packages/M2Crypto/X509.py", line 926,
in set_pubkey
    return m2.x509_req_set_pubkey( self.req, pkey.pkey )
AttributeError: 'CSR' object has no attribute 'pkey'

Bellow are my modules containing two classes CSR and Keypair. There
seems to be something wrong in the way I am calling
csr.create_cert_signing_request(), because if I directly add the key
generation part to the create_cert_singing_request function it works... 


This link states out, that the instance function set_pubkey takes an
EVP_KEY object as argument, and thats what I am passing to it, or not? 

I really would be happy if someone could give me a helping hand on this
and maybe could comment every style / ... mistake I made to accelerate
my learning experience. 


$ cat csr.py

from config import *
from keypair import *
from M2Crypto import X509, EVP

class CSR(object):
    def __init__(self):

    def create_cert_signing_request(keypair, cert_name,
        # create a certificate signing request object
        cert_request = X509.Request()

        # set certificate version to 3

        # which rsa public key should be used?

        # create an subject for the certificate request

        if cert_extension_stack != None:
            # add the extensions to the request

        # sign the request using the RSA key pair
        cert_request.sign(keypair, 'sha1')

        return cert_request

if __name__ == "__main__":
    csr = CSR()
    cert_name = X509.X509_Name()
    keyp = Keypair()

    pubkey = keyp.get_keypair()

    cert_name.C = "GB"
    cert_name.ST = "Greater Manchester"
    cert_name.L = "Salford"
    cert_name.O = "COMODO CA Limited"
    cert_name.CN = "COMODO Certification Authority"
    cert_name.OU = "Information Technology"
    cert_name.Email = "contact@comodo.com"

    csr.create_cert_signing_request(pubkey, cert_name)

$ cat keypair.py

from M2Crypto import X509, m2, RSA, EVP
from config import *

class Keypair(object):
    def __init__(self):
        self.config = Config()
        self.keypair = EVP.PKey()

    def create_keypair(self):
        # generate an RSA key pair
        # OpenSSL book page 232
        # second argument should be a constant RSA_F4 or RSA_3
        rsa_key_pair =
RSA.gen_key(int(self.config.get_attribute('CA','key_size')), m2.RSA_F4)

        # check if RSA key pair is usable
        # OpenSSL book page 232
        if rsa_key_pair.check_key() != 1:
            print 'error while generating key!'

        # EVP object which can hold either a DSA or an RSA object
        # OpenSSL book page 236
        evp_key_container = EVP.PKey()

        self.keypair = evp_key_container

    def save_keypair(self, filename):
        self.keypair.save_key(filename, None)

    def load_keypair(self, filename):
        self.keypair = EVP.load_key(filename)

    def get_keypair(self):
        return self.keypair

    def get_public_key(self):
        return self.keypair.pkey

    def print_keypair(self):
        print self.keypair.as_pem(None)

if __name__ == "__main__":
    key = Keypair()

    print key.get_keypair()
    print key.get_public_key()

8/1/2009 5:16:14 PM
comp.lang.python 77058 articles. 6 followers. Post Follow

1 Replies

Similar Articles

[PageSpeed] 33

Matthias G´┐Żntert wrote:
> class CSR(object):
>     def __init__(self):
>         pass
>     def create_cert_signing_request(keypair, cert_name,
> cert_extension_stack=None):

You missed self. Although this method does not seem to be using any
instance data so there isn't actually much reason to have a CSR object
unless you intend to expand it in ways that require it.

>         if cert_extension_stack != None:

A word of advice: always check equality/inequality to None with 'is',
because that way it is a straight pointer conversion which is faster and
won't cause any surprises. In other words, write the above as:

         if cert_extension_stack is not None:

  Heikki Toivonen - http://heikkitoivonen.net
8/1/2009 6:19:13 PM