Skip to content

Gufo ACME Examples: Generating RSA Private Key

This guide will drive you through the process of the generation of private key using Gufo ACME library. Generation of the private key is a first step for obtaining a signed certificate for your domain.

get_private_key.py
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
import sys

from gufo.acme.clients.base import AcmeClient


def main(path: str) -> None:
    pk = AcmeClient.get_domain_private_key()
    with open(path, "wb") as fp:
        fp.write(pk)


if __name__ == "__main__":
    main(sys.argv[1])

The code is straightforward:

get_private_key.py
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
import sys

from gufo.acme.clients.base import AcmeClient


def main(path: str) -> None:
    pk = AcmeClient.get_domain_private_key()
    with open(path, "wb") as fp:
        fp.write(pk)


if __name__ == "__main__":
    main(sys.argv[1])

Import sys module to parse the CLI argument.

Warning

We use sys.argv only for demonstration purposes. Use argsparse or alternatives in real-world applications.

get_private_key.py
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
import sys

from gufo.acme.clients.base import AcmeClient


def main(path: str) -> None:
    pk = AcmeClient.get_domain_private_key()
    with open(path, "wb") as fp:
        fp.write(pk)


if __name__ == "__main__":
    main(sys.argv[1])

Then we import an AcmeClient itself.

get_private_key.py
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
import sys

from gufo.acme.clients.base import AcmeClient


def main(path: str) -> None:
    pk = AcmeClient.get_domain_private_key()
    with open(path, "wb") as fp:
        fp.write(pk)


if __name__ == "__main__":
    main(sys.argv[1])
We define the main function to wrap our code. It assepts a path parameter, containing a path to the file to store a private key.

get_private_key.py
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
import sys

from gufo.acme.clients.base import AcmeClient


def main(path: str) -> None:
    pk = AcmeClient.get_domain_private_key()
    with open(path, "wb") as fp:
        fp.write(pk)


if __name__ == "__main__":
    main(sys.argv[1])
AcmeClient.get_domain_private_key() function generates a private key in PEM format. It assepts an optional parameter which defines a RSA key length. The default is 4096, which is suitable for our applications. This function is the static method, so we don't need to instantiate an AcmeClient.

get_private_key.py
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
import sys

from gufo.acme.clients.base import AcmeClient


def main(path: str) -> None:
    pk = AcmeClient.get_domain_private_key()
    with open(path, "wb") as fp:
        fp.write(pk)


if __name__ == "__main__":
    main(sys.argv[1])
Open file for write, note the key has bytes type, so we need to use wb option to write a binary file. The write our private key.

get_private_key.py
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
import sys

from gufo.acme.clients.base import AcmeClient


def main(path: str) -> None:
    pk = AcmeClient.get_domain_private_key()
    with open(path, "wb") as fp:
        fp.write(pk)


if __name__ == "__main__":
    main(sys.argv[1])
If we're called from command line, get a first command argument as a path and call our main function.

Running

Run the example:

python3 examples/get_private_key.py /tmp/key.pem

Check the /tmp/key.pem file:

/tmp/key.pem
-----BEGIN RSA PRIVATE KEY-----
MIIJKgIBAAKCAgEA260eTqE2jOhIMW0b9AQn08KbGMbJJGPKfAhxBfa0MIQ7g8Tb
50tWbnK+NTdEAHZCfvfwpieVDgrwVNlPW5sL14xPltJ3zcQRydJTOFpV/WImtd6j
...
xgJwpjMz0pm+9Exoe8VwmUc/gOSatoOC9DRg+hAIG7FciNUVfEeXq8ImmcDypeSe
wjBT33F36F0O22Ij4EVyW+etjp5hbboaKjjoxq/EkMTwwnET6HzpkMOj7+x/VQ==
-----END RSA PRIVATE KEY-----

Conclusions

In this section we have mastered the process of the generation of the RSA public key using helper function. Let's proceed to next example and generate a Certificate Signed Request.