Create RSA SHA-256 (DNSSEC valid) keys?

Question

I would like to create my own RSA/Sha256 Key Generator in Python for DNSSEC. I know that there is already a build-in keygen (dnssec-keygen) but I want to build it my own.

The keys which are accepted looks like this:

Private-key-format: v1.2

   Algorithm:       8 (RSASHA256)
   Modulus:         wVwaxrHF2CK64aYKRUibLiH30KpPuPBjel7E8ZydQW1HYWHfoGm
                    idzC2RnhwCC293hCzw+TFR2nqn8OVSY5t2Q==
   PublicExponent:  AQAB
   PrivateExponent: UR44xX6zB3eaeyvTRzmskHADrPCmPWnr8dxsNwiDGHzrMKLN+i/
                    HAam+97HxIKVWNDH2ba9Mf1SA8xu9dcHZAQ==
   Prime1:          4c8IvFu1AVXGWeFLLFh5vs7fbdzdC6U82fduE6KkSWk=
   Prime2:          2zZpBE8ZXVnL74QjG4zINlDfH+EOEtjJJ3RtaYDugvE=
   Exponent1:       G2xAPFfK0KGxGANDVNxd1K1c9wOmmJ51mGbzKFFNMFk=
   Exponent2:       GYxP1Pa7CAwtHm8SAGX594qZVofOMhgd6YFCNyeVpKE=
   Coefficient:     icQdNRjlZGPmuJm2TIadubcO8X7V4y07aVhX464tx8Q=

https://www.rfc-editor.org/rfc/rfc5702

My Python script can generate the RSA-parts, but I don't know how to mix it with SHA256:

#!/usr/bin/python

from Crypto.PublicKey import RSA
from Crypto.Hash import SHA256
import base64
import hashlib

key = RSA.generate(2048)

expo1 = ((key.d)%((key.p)-1))
expo2 = ((key.d)%((key.q)-1))

KEYVORLAGE = """Private-key-format: v1.2
Algorithm:       8 (RSASHA256)
Modulus: {0}
PublicExponent: {1}
PrivateExponent: {2} 
Prime1: {3}
Prime2: {4}
Exponent1: {5}
Exponent2: {6}
Coefficient: {7}"""

keystring = KEYVORLAGE.format(key.n,key.e,key.d,key.p,key.q,expo1,expo2,key.u)
print keystring

BTW: All my Key Parts generated by this script only has numbers and not random letters, like the valid key.

Answer 1

(Question was answered by OP, but in the question itself. Copy of text below.)

The answer is simple – by modifying the keystring:

keystring = KEYVORLAGE.format( 
    base64.standard_b64encode(str(key.n)), 
    base64.standard_b64encode(str(key.e)), 
    base64.standard_b64encode(str(key.d)), 
    base64.standard_b64encode(str(key.p)), 
    base64.standard_b64encode(str(key.q)), 
    base64.standard_b64encode(str(expo1)), 
    base64.standard_b64encode(str(expo2)), 
    base64.standard_b64encode(str(key.u)))

Answer 2

my suggestion:

#!/usr/bin/python

import ldns

dnskey = ldns.ldns_key.new_frm_algorithm(ldns.LDNS_RSASHA256, 2048)
print(str(dnskey))
Private-key-format: v1.2
Algorithm: 8 (RSASHA256)
Modulus: tZqeHDj2fvrGZrrZ+t+8lJmbKijaBjyeKg+8ccWl6XuEolbP/L+0UaV6TOEzWOIPuA/4bGEUYJF0/ITY3s/m2X1Zaf5Tcr7OwbIGg8JlBB+WrJ1pd0n48vg1ivdh27OvTehwNA+dx04V0NN1oCF0aGGv0XoIhVpLu8NgMjs3K0ZWtwUGFhRYpSKKkdZXf08GolpnnjMS/WMEEPDWEUAEv5T2ys9EhVNc3zm2eE+kNxtrF3ueldz8JPZHxJbm2H50mYPSvQsIXFxjdMPErYvs6Xixa/YtucCHwLmpYRxSESlnxZ5AhcusxiiyCyxsF63yd3MpoI5C1X//xEhr6OB2iw==
PublicExponent: AQAB
PrivateExponent: A2AGRDwCyMVcXphmaLUzygc4zQXJV4hU4C8+r1afCMHU6zd10hq1/TZ4GWmuDJ7W7/LMCSecu1a4t+C4LxvqDGy59rBVWLKXIR5v5I7+VZ9Iq5iZVzA2wj0+sYB7fxvNzELfovgPVJ7s5N6pNvqoMTBvlhMQiXnuImU1KnnTQqiZ+Iegcc4v6R+WoJVysjVxcGa4gdjD5yiZej+gPGHMCJqUur4utYDb01p0VOm15gAbBiRQDhnS1xXLbyKv8svLr/NI1jEpkDeuLU7LbZJLFVB52YSZgRTfqAlKUY9oB7KHY4wjA8SxxqRBQ1gcEsAogSSasOhjLTuy6EnQ3RN4kQ==
Prime1: 5Pwr5q3MJshI1Jpy+XSQeP2zCNe1lgiqqiUmRWkpe02qUWovoGLdSQjfsyiS1Al4uj/TddNWoXHerUMCZgJ+3Q5SvrieHpJwsAfQH72a06FeBjbbf0xod4Jrs14zUeB1a0aNB+v6bI5CGkbTIh2339LcfYyWG8dw6t8iANLMb1c=
Prime2: ywdwP3liUR1FYC0ttmPU6A215FS5pwIQ6e09pGlygjbv1JmZ3w0dGhkhVJL8iZ5KnrcCEzwI44vdfAtu3QDt1c+Bn0RSD8BpTlTJdBkyHfzzwDoN2w1sFe/rGfvSYyncHNkf0Mqj8pdQ9tpW46XXH2aP+zVfH5FyrX0rOHSW1e0=
Exponent1: QamSSTbjSOe8AsM7Xw8u8pMFiO6aUqivj9TRUawjSgluYqRJfft7qxrRUwW6fPUuWnI9CBePSwJlMVf60xe6G1elIK2+IdQqXkAPTVrIkBFA7hVDAhD+D+8lRS0pGDx+T0HO5Uuk5wYwLGrM1oahGJzVv2bWEKczWRadIJFSMEc=
Exponent2: fRUAGpr173NRIoey+gNXT//iZ+Gq3zFuqi/3Iiu02HRwHVLkcX7qxwFkf25vF3nmDxJAvQjnkQjCU4HXs2C3JlrJSQ4WYI3yUsf5tQUw0zjcEzmw/5utU3aUKVXzsBRB/6Pk7gVqLDL9Npgdn/K0LixJ2EJxcElzlV7gGc/6faE=
Coefficient: 11MhOHYowmSXQGZhv4cJk9ZYupHuGbzqj+qv10xOuFWbvPGnkKAmuxUJ5MeYhFS/rZQ+VjroDh0sAPe7ycX1lyyn2KWH8/92tVoy77pnJvWyxBxZCKWFK2p1rGOfxhCjyyzOlQ071uv0CeloK1lsvlE9tJgseCcP4QQr9Qec6gA=

e.g. for use under debian (buster) you need to install the package python3-ldns.