Skip to content

o6.crypto

Cryptographic utilities for OPC UA encryption.

Provides certificate generation, loading, and a CLI tool for creating self-signed certificates suitable for OPC UA client/server communication.

Usage as module: from o6.crypto import create_self_signed_certificate, load_certificate

key, cert = create_self_signed_certificate(
    app_uri="urn:my:app",
    common_name="MyApp@localhost",
)

Usage as CLI: python -m o6.crypto --app-uri urn🇲🇾app --common-name MyApp@localhost

o6.crypto

Cryptographic utilities for OPC UA encryption.

Provides certificate generation, loading, and a CLI tool for creating self-signed certificates suitable for OPC UA client/server communication.

Usage as module

from o6.crypto import create_self_signed_certificate, load_certificate

key, cert = create_self_signed_certificate( app_uri="urn🇲🇾app", common_name="MyApp@localhost", )

Usage as CLI

python -m o6.crypto --app-uri urn🇲🇾app --common-name MyApp@localhost

Functions

encryption_available 

encryption_available()

Return True if the underlying library was compiled with encryption.

create_self_signed_certificate 

create_self_signed_certificate(
    *,
    app_uri="urn:open62541.server.application",
    common_name="Open62541Server@localhost",
    organization="o6",
    country="DE",
    alt_names=None,
    expires_in_days=365,
    key_size=2048,
    fmt="DER"
)

Create a self-signed certificate and private key.

Parameters

app_uri : str Application URI embedded as SAN (default: urn:open62541.server.application). common_name : str CN field in the certificate subject. organization : str O field in the certificate subject. country : str C field in the certificate subject. alt_names : list of str, optional Additional Subject Alternative Names (e.g. ["DNS:myhost"]). DNS:localhost and URI:<app_uri> are always included. expires_in_days : int Certificate validity in days (default: 365). key_size : int RSA key size in bits (default: 2048). fmt : str Output format: "DER" or "PEM" (default: "DER").

Returns

tuple of (bytes, bytes) (private_key, certificate) as raw bytes.

Raises

RuntimeError If encryption support is not compiled in.

load_certificate 

load_certificate(path)

Load a certificate from a file.

Parameters

path : str or Path Path to a DER or PEM encoded certificate file.

Returns

bytes Raw certificate bytes.

load_private_key 

load_private_key(path)

Load a private key from a file.

Parameters

path : str or Path Path to a DER or PEM encoded private key file.

Returns

bytes Raw private key bytes.