urllib3自定义SSL密钥加密

Question

In Python's urllib3 under Client Certificates there is an option for key_password .

Currently, I have the key info in plaintext and I want to encrypt it before storing it on the disk.

Here is the implementation:

http = urllib3.PoolManager(
...     cert_file='/path/to/your/client_cert.pem',
...     cert_reqs='CERT_REQUIRED',
...     key_file='/path/to/your/client.key',
...     key_password='keyfile_password')

However, I have not been able to find any documentation around what kind of encryption is supported for the key.

Answer 1

Okay. I figured it out.

I used AES symmetric encryption to encrypt the key.

Here is the command:

# openssl rsa -aes256 -in <key-file-in-plaintext> -out <key-file-encrypted>
> openssl rsa -aes256 -in key.pem -out key.pem.encrypted

This will ask you to enter a passphrase and it'll create an RSA key for you.

You can use this passphrase and pass it to the key_password named parameter.

Disclaimer: key_password is only supported in 1.25 and above versions of urllib3