serialize_key_and_certificates exits the main thread with -1073741819 (0xC0000005) when called with a private key not belonging to the certificate.
Versions:
- Python:
3.10.11
- Pip:
24.0
- cryptography:
42.0.3
- OS:
Windows 11
cryptography was installed via pip pip install cryptography
min steps to reproduce:
def min_example():
from cryptography import x509
from cryptography.x509.oid import NameOID
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives._serialization import PrivateFormat
from cryptography.hazmat.primitives.serialization import pkcs12
from datetime import datetime, timedelta
private_key = rsa.generate_private_key(
public_exponent=65537,
key_size=2048
)
name = x509.Name([
x509.NameAttribute(NameOID.COMMON_NAME, "COMMON_NAME")
])
basic_contraints = x509.BasicConstraints(ca=True, path_length=0)
now = datetime.utcnow()
cert = (
x509.CertificateBuilder()
.subject_name(name)
.issuer_name(name)
.public_key(private_key.public_key())
.serial_number(1000)
.not_valid_before(now)
.not_valid_after(now + timedelta(days=10*365))
.add_extension(basic_contraints, False)
.sign(private_key, hashes.SHA256(), default_backend())
)
false_private_key = rsa.generate_private_key(
public_exponent=65537,
key_size=2048
)
encryption = (
PrivateFormat.PKCS12.encryption_builder().
kdf_rounds(50000).
key_cert_algorithm(pkcs12.PBES.PBESv1SHA1And3KeyTripleDESCBC).
hmac_hash(hashes.SHA1()).
build("test12345678".encode())
)
### program exits with: -1073741819 (0xC0000005). This "Access Violation Error" uncatchable with try except
p12 = pkcs12.serialize_key_and_certificates(
name="common_name".encode(), key=false_private_key, cert=cert, cas=None, encryption_algorithm=encryption
)I am working with a user maintained database of certs and cannot know if the certs and private keys have been stored correctly. I would like to have a descriptive exception that is catchable by python.
For now I'm building the cert first with the python OpenSSL lib which returns me the wrong kind of .pfx but throws catchable errors and if no error occurs I build the .pfx file with the cryptography lib. A sub optimal process but it works for now.
serialize_key_and_certificatesexits the main thread with-1073741819 (0xC0000005)when called with a private key not belonging to the certificate.Versions:
3.10.1124.042.0.3Windows 11cryptography was installed via pip
pip install cryptographymin steps to reproduce:
I am working with a user maintained database of certs and cannot know if the certs and private keys have been stored correctly. I would like to have a descriptive exception that is catchable by python.
For now I'm building the cert first with the python
OpenSSLlib which returns me the wrong kind of.pfxbut throws catchable errors and if no error occurs I build the.pfxfile with thecryptographylib. A sub optimal process but it works for now.