miscscripts/spkihash at main · badkeys/miscscripts · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
#!/usr/bin/python3
#
# calculates spkisha256 hash from:
# * private and public keys (PKCS1/PKCS8)
# * X.509 certificates and certificate requests

import argparse
import hashlib
import sys

from cryptography import x509
from cryptography.hazmat.primitives import serialization

ap = argparse.ArgumentParser()
ap.add_argument("files", nargs="+")
ap.add_argument("-n", "--nofilename", action="store_true", help="Don't print filename")
ap.add_argument("-q", "--quiet", action="store_true", help="Suppress warnings")
ap.add_argument("-c", "--crtsh", action="store_true", help="Search URL for crt.sh")
args = ap.parse_args()

for fn in args.files:
    with open(fn, "rb") as f:
        d = f.read()
    try:
        if b"PRIVATE KEY-----" in d:
            key = serialization.load_pem_private_key(d, password=None)
            pubkey = key.public_key()
        elif b"PUBLIC KEY-----" in d:
            pubkey = serialization.load_pem_public_key(d)
        elif b"-----BEGIN CERTIFICATE-----" in d:
            crt = x509.load_pem_x509_certificate(d)
            pubkey = crt.public_key()
        elif b"-----BEGIN CERTIFICATE REQUEST-----" in d:
            csr = x509.load_pem_x509_csr(d)
            pubkey = csr.public_key()
        else:
            if not args.quiet:
                print(f"WARNING: no key in {fn}", file=sys.stderr)
            continue
    except ValueError:
        if not args.quiet:
            print(f"WARNING: unparsable key in {fn}", file=sys.stderr)
        continue

    derkey = pubkey.public_bytes(
        serialization.Encoding.DER,
        serialization.PublicFormat.SubjectPublicKeyInfo,
    )
    spki = hashlib.sha256(derkey).hexdigest()

    if args.nofilename:
        print(spki)
    elif args.crtsh:
        print(f"https://crt.sh/?spkisha256={spki}")
    else:
        print(f"{spki} {fn}")