如何从python中的x509证书中提取公钥？

Question

Below shows the code example I followed, However I got error response as - "Unable to load certificate".

from cryptography.x509 import load_pem_x509_certificate
from cryptography.hazmat.backends import default_backend

cert_str = '-----BEGIN CERTIFICATE----- MIIDBTCCAe2gAwIBAgIQEsuEXXy6BbJCK3bMU6GZ/TANBgkqhkiG9w0BAQsFADAt... -----END CERTIFICATE-----';

cert_obj = load_pem_x509_certificate(str.encode(cert_str), default_backend())
public_key = cert_obj.public_key();

Error response

Traceback (most recent call last):
  File "C:\xampp1\htdocs\TestWorkPlace\TestPython\src\test1.py", line 10, in <module>
    cert_obj = load_pem_x509_certificate(str.encode(cert_str), default_backend())
  File "C:\Program Files (x86)\Python\lib\site-packages\cryptography\x509\base.py", line 43, in load_pem_x509_certificate
    return backend.load_pem_x509_certificate(data)
  File "C:\Program Files (x86)\Python\lib\site-packages\cryptography\hazmat\backends\multibackend.py", line 341, in load_pem_x509_certificate
    return b.load_pem_x509_certificate(data)
  File "C:\Program Files (x86)\Python\lib\site-packages\cryptography\hazmat\backends\openssl\backend.py", line 1175, in load_pem_x509_certificate
    raise ValueError("Unable to load certificate")
ValueError: Unable to load certificate

Please help me to sort this issue.

Answer 1

Private keys are not contained within X509 certificates, only public keys. To extract the public key you've got the correct code, but your certificate will not load because it isn't in proper PEM format.

A PEM formatted certificate has the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- delimiters and base64 encoded data in between, but it also needs to be a maximum of 64 characters per line (originally defined in RFC 1421 but also present in RFC 7468 ).

Some software is more forgiving than the specification, but the underlying library for pyca/cryptography (OpenSSL or LibreSSL) requires that it be formatted in this fashion.