From 634f485782a4b38db5b0ae2dbf9ec99dae4de7ec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sosth=C3=A8ne=20Gu=C3=A9don?= Date: Wed, 17 Apr 2024 12:04:05 +0200 Subject: [PATCH] Add smime capabilities --- pynitrokey/cli/nk3/piv.py | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/pynitrokey/cli/nk3/piv.py b/pynitrokey/cli/nk3/piv.py index 952b6514..03398034 100644 --- a/pynitrokey/cli/nk3/piv.py +++ b/pynitrokey/cli/nk3/piv.py @@ -5,6 +5,7 @@ import click import cryptography from asn1crypto import x509 +from asn1crypto.core import ParsableOctetString from asn1crypto.csr import CertificationRequest, CertificationRequestInfo from asn1crypto.keys import PublicKeyInfo from click_aliases import ClickAliasedGroup @@ -404,6 +405,37 @@ def generate_key( for subject in subject_name ] + # SEQUENCE + # SEQUENCE + # OBJECT :aes-256-cbc + # SEQUENCE + # OBJECT :id-aes256-wrap + # SEQUENCE + # OBJECT :aes-192-cbc + # SEQUENCE + # OBJECT :id-aes192-wrap + # SEQUENCE + # OBJECT :aes-128-cbc + # SEQUENCE + # OBJECT :id-aes128-wrap + # SEQUENCE + # OBJECT :des-ede3-cbc + # SEQUENCE + # OBJECT :des-cbc + # SEQUENCE + # OBJECT :rc2-cbc + # INTEGER :80 + # SEQUENCE + # OBJECT :rc4 + # INTEGER :0200 + smime_extension = ParsableOctetString( + value=bytes( + bytearray.fromhex( + "308183300B060960864801650304012A300B060960864801650304012D300B0609608648016503040116300B0609608648016503040119300B0609608648016503040102300B0609608648016503040105300A06082A864886F70D0307300706052B0E030207300E06082A864886F70D030202020080300E06082A864886F70D030402020200" + ) + ) + ) + extensions = [ { "extn_id": "basic_constraints", @@ -422,6 +454,11 @@ def generate_key( ["client_auth", "microsoft_smart_card_logon"] ), }, + { + "extn_id": "1.2.840.113549.1.9.15", + "critical": False, + "extn_value": smime_extension, + }, ] if subject_alt_name_upn is not None: