Skip to content

certified.serial — PEM / DER / Base64 Serialization

Helpers for converting between certificate representations: PEM (ASCII armored), DER (binary), and URL-safe base64-DER.

The alt=True default uses -_ as base64 altchars, making the output safe for use in URLs and HTTP headers without percent-encoding.

High-level helpers

pem_to_cert

Source code in certified/serial.py 
24
25
def pem_to_cert(inp: str) -> x509.Certificate:
    return x509.load_pem_x509_certificate(inp.encode('ascii'))

cert_to_pem

Source code in certified/serial.py 
30
31
32
def cert_to_pem(cert: Union[x509.Certificate,
                            x509.CertificateSigningRequest]) -> str:
    return cert.public_bytes(Encoding.PEM).decode('ascii')

b64_to_cert

Source code in certified/serial.py 
11
12
13
def b64_to_cert(inp: str, alt: bool = True) -> x509.Certificate:
    y = b64_to_der(inp, alt)
    return x509.load_der_x509_certificate(y)

cert_to_b64

Source code in certified/serial.py 
19
20
21
22
def cert_to_b64(cert: Union[x509.Certificate,
                             x509.CertificateSigningRequest],
                alt: bool = True) -> str:
    return der_to_b64( cert.public_bytes(Encoding.DER) )

pem_to_csr

Source code in certified/serial.py 
27
28
def pem_to_csr(inp: str) -> x509.CertificateSigningRequest:
    return x509.load_pem_x509_csr(inp.encode('ascii'))

b64_to_csr

Source code in certified/serial.py 
15
16
17
def b64_to_csr(inp: str, alt: bool = True) -> x509.CertificateSigningRequest:
    y = b64_to_der(inp, alt)
    return x509.load_der_x509_csr(y)

serial_number

A canonical way to print a certificate's 160-bit serial number (as used by python/ssl)

Returns its 40-byte hex representation.

Source code in certified/serial.py 
47
48
49
50
51
52
53
54
55
def serial_number(cert: x509.Certificate) -> str:
    """A canonical way to print a certificate's 160-bit
    serial number (as used by python/ssl)

    Returns its 40-byte hex representation.
    """
    inp = cert.serial_number.to_bytes(20, 'big')
    #return base64.b64encode(inp, altchars=b'-_').decode('ascii')
    return inp.hex()

Low-level helpers

b64_to_der

Source code in certified/serial.py 
35
36
37
38
39
def b64_to_der(inp: str, alt: bool = True) -> bytes:
    if alt:
        return base64.b64decode(inp, altchars=b'-_', validate=True)
    x = urllib.parse.unquote(inp)
    return base64.b64decode(x, validate=True)

der_to_b64

Source code in certified/serial.py 
41
42
43
44
45
def der_to_b64(inp: bytes, alt: bool = True) -> str:
    if alt:
        return base64.b64encode(inp, altchars=b'-_').decode('ascii')
    x = base64.b64encode(inp)
    return urllib.parse.quote_plus(x)