我们从Python开源项目中,提取了以下50个代码示例,用于说明如何使用cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey()。
def public_pem(self): """ Returns the public key PEM. This is a base64 format with delimiters. This function returns None if the public pem information could not be acquired. """ if not isinstance(self.public_key, RSAPublicKey): if not isinstance(self.private_key, RSAPrivateKey): return None self.public_key = self.private_key.public_key() return self.public_key.public_bytes( encoding=serialization.Encoding.PEM, format=serialization.PublicFormat.SubjectPublicKeyInfo, )
def fields_to_partial_json(self): # pylint: disable=protected-access if isinstance(self.key._wrapped, rsa.RSAPublicKey): numbers = self.key.public_numbers() params = { 'n': numbers.n, 'e': numbers.e, } else: # rsa.RSAPrivateKey private = self.key.private_numbers() public = self.key.public_key().public_numbers() params = { 'n': public.n, 'e': public.e, 'd': private.d, 'p': private.p, 'q': private.q, 'dp': private.dmp1, 'dq': private.dmq1, 'qi': private.iqmp, } return dict((key, self._encode_param(value)) for key, value in six.iteritems(params))
def from_cryptography_key(cls, crypto_key): """ Construct based on a ``cryptography`` *crypto_key*. :param crypto_key: A ``cryptography`` key. :type crypto_key: One of ``cryptography``'s `key interfaces`_. :rtype: PKey .. versionadded:: 16.1.0 """ pkey = cls() if not isinstance(crypto_key, (rsa.RSAPublicKey, rsa.RSAPrivateKey, dsa.DSAPublicKey, dsa.DSAPrivateKey)): raise TypeError("Unsupported key type") pkey._pkey = crypto_key._evp_pkey if isinstance(crypto_key, (rsa.RSAPublicKey, dsa.DSAPublicKey)): pkey._only_public = True pkey._initialized = True return pkey
def display_item_info(item, filename, print_filename=False): if print_filename is True: print("#######[ {} ]#######".format(filename)) if (isinstance(item, rsa.RSAPrivateKey) or isinstance(item, dsa.DSAPrivateKey) or isinstance(item, ec.EllipticCurvePrivateKey)): display_private_key(item) elif (isinstance(item, rsa.RSAPublicKey) or isinstance(item, dsa.DSAPublicKey) or isinstance(item, ec.EllipticCurvePublicKey)): display_public_key(item) elif isinstance(item, OpenSSL.crypto.PKCS12): display_pkcs12(item) elif isinstance(item, OpenSSL.crypto.PKCS7): display_pkcs7(item) elif isinstance(item, Certificate): display_x509_cert(item)
def decode_pem_key(key_pem): """Convert plaintext PEM key into the format usable for JWT generation Args: key_pam (str): key data in PEM format, presented as plain string Returns: Parsed PEM data """ private_key = serialization.load_pem_private_key( data=key_pem.encode('ascii'), password=None, backend=default_backend()) msg = 'Unexpected private key type' assert isinstance(private_key, rsa.RSAPrivateKey), msg assert private_key.key_size >= 2048, 'RSA key size too small' return private_key
def rsa_key_fingerprint(key): """ Return the SHA256 fingerprint of an RSA public or private key in url safe BASE64 """ fp = hashes.Hash(algorithm=hashes.SHA256(), backend=default_backend()) if isinstance(key, rsa.RSAPrivateKey): fp.update(key.private_bytes( encoding=serialization.Encoding.DER, format=serialization.PrivateFormat.PKCS8, encryption_algorithm=serialization.NoEncryption() )) elif isinstance(key, rsa.RSAPublicKey): fp.update(key.public_bytes( encoding=serialization.Encoding.DER, format=serialization.PublicFormat.PKCS1 )) return urlsafe_b64encode(fp.finalize()).decode()
def dump_pem(key_or_crt): if isinstance(key_or_crt, rsa.RSAPrivateKey): return key_or_crt.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.PKCS8, encryption_algorithm=serialization.NoEncryption() ) elif isinstance(key_or_crt, rsa.RSAPublicKey): return key_or_crt.public_bytes( encoding=serialization.Encoding.DER, format=serialization.PublicFormat.PKCS1 ) else: return key_or_crt.public_bytes( encoding=serialization.Encoding.PEM )
def __save(self, private_key, file_name): if not isinstance(private_key, RSAPrivateKey): raise TypeError("private_key must be an instance of RSAPrivateKey, " "actual: {}".format(type(private_key).__name__)) pem = private_key.private_bytes( serialization.Encoding.PEM, serialization.PrivateFormat.PKCS8, serialization.BestAvailableEncryption(self.__key_store_passphrase)) file_path = os.path.join(self.key_store_path, file_name) if not os.path.isdir(self.key_store_path): os.makedirs(self.key_store_path) if os.path.isfile(file_path): msg = "Save failed: A key with name [{}] already exists".format( file_name) raise IOError(msg) with open(file_path, 'w') as f: f.write(pem.decode(encoding='utf8'))
def decrypt_with_private_key(secret_key, private_encryption_key): """ Decrypts the given secret key with the private key. :param bytes secret_key: the secret key to decrypt :param private_encryption_key: the private encryption key :type private_encryption_key: :class:`~rsa.RSAPrivateKey` :return: the decrypted key :rtype: bytes """ return private_encryption_key.decrypt( secret_key, padding.OAEP( mgf=padding.MGF1(algorithm=hashes.SHA256()), algorithm=hashes.SHA256(), label=None))
def verify_ssh_sig(self, data, msg): if msg.get_text() != 'ssh-rsa': return False key = self.key if isinstance(key, rsa.RSAPrivateKey): key = key.public_key() verifier = key.verifier( signature=msg.get_binary(), padding=padding.PKCS1v15(), algorithm=hashes.SHA1(), ) verifier.update(data) try: verifier.verify() except InvalidSignature: return False else: return True
def type(self): """ Return the type of the object we wrap. Currently this can only be 'RSA', 'DSA', or 'EC'. @rtype: L{str} @raises RuntimeError: If the object type is unknown. """ if isinstance( self._keyObject, (rsa.RSAPublicKey, rsa.RSAPrivateKey)): return 'RSA' elif isinstance( self._keyObject, (dsa.DSAPublicKey, dsa.DSAPrivateKey)): return 'DSA' elif isinstance( self._keyObject, (ec.EllipticCurvePublicKey, ec.EllipticCurvePrivateKey)): return 'EC' else: raise RuntimeError( 'unknown type of object: %r' % (self._keyObject,))
def pkey_from_cryptography_key(crypto_key): ''' Modified version of `OpenSSL.crypto.PKey.from_cryptography_key()` of PyOpenSSL which also accepts EC Keys (cf. https://github.com/pyca/pyopenssl/pull/636). ''' pkey = PKey() if not isinstance(crypto_key, (rsa.RSAPublicKey, rsa.RSAPrivateKey, dsa.DSAPublicKey, dsa.DSAPrivateKey, ec.EllipticCurvePublicKey, ec.EllipticCurvePrivateKey)): raise TypeError("Unsupported key type") pkey._pkey = crypto_key._evp_pkey if isinstance(crypto_key, (rsa.RSAPublicKey, dsa.DSAPublicKey, ec.EllipticCurvePublicKey)): pkey._only_public = True pkey._initialized = True return pkey
def genkeys(self, key_size=KeySize.NORMAL, password=None): """ Generates a Private and Public Key set and returns them in a tuple (private, public) """ self.private_key = rsa.generate_private_key( # The public exponent of the new key. Usually one of the small # Fermat primes 3, 5, 17, 257, 65537. If in doubt you should use # 65537. See http://www.daemonology.net/blog/2009-06-11-\ # cryptographic-right-answers.html public_exponent=65537, key_size=key_size, backend=default_backend() ) # Generate our Public Key self.public_key = self.private_key.public_key() # Store our password; this will be used when we save our content # via it's searialized value later on self.password = password # Returns a (RSAPrivateKey, RSAPublicKey) return (self.private_key, self.public_key)
def private_pem(self, password=None): """ Returns the private key PEM. This is a base64 format with delimiters. This function returns None if the private pem information could not be acquired. """ if not isinstance(self.private_key, RSAPrivateKey): return None if password is None: password = self.password if password: return self.private_key.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.PKCS8, encryption_algorithm=serialization .BestAvailableEncryption(password) ) return self.private_key.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.TraditionalOpenSSL, encryption_algorithm=serialization.NoEncryption(), )
def calculate_max_pss_salt_length(key, hash_algorithm): if not isinstance(key, (rsa.RSAPrivateKey, rsa.RSAPublicKey)): raise TypeError("key must be an RSA public or private key") # bit length - 1 per RFC 3447 emlen = int(math.ceil((key.key_size - 1) / 8.0)) salt_length = emlen - hash_algorithm.digest_size - 2 assert salt_length >= 0 return salt_length
def test_convert_private_pkey_to_cryptography_key(self): """ PKey.to_cryptography_key creates a proper cryptography private key. """ pkey = load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM) key = pkey.to_cryptography_key() assert isinstance(key, rsa.RSAPrivateKey) assert pkey.bits() == key.key_size
def display_private_key(privkey): if isinstance(privkey, rsa.RSAPrivateKey): display_rsa_private_key(privkey) elif isinstance(privkey, dsa.DSAPrivateKey): display_dsa_private_key(privkey) elif isinstance(privkey, ec.EllipticCurvePrivateKey): display_ec_private_key(privkey) else: raise ValueError("Unknown private key type")
def get_private_key_label(pkey): if isinstance(pkey, rsa.RSAPrivateKey): return "RSA Private Key" elif isinstance(pkey, dsa.DSAPrivateKey): return "DSA Private Key" elif isinstance(pkey, ec.EllipticCurvePrivateKey): return "Elliptic Curve Private Key" return None
def validate_privkey(value): if isinstance(value, RSAPrivateKey) and value.key_size >= 4096: return True raise TypeError('Invalid private key')
def test_generate_rsa_key_success(self): ''' generate_rsa_key should return a RSAPrivateKey object with size 4096 ''' privkey=crypto.generate_rsa_key() self.assertTrue(isinstance(privkey, rsa.RSAPrivateKey)) self.assertEqual(privkey.key_size, 4096)
def store_keys(self, identity_id, private_signing_key, private_encryption_key): """ Stores the signing and encryption key pairs under a given identity id. :param str identity_id: the identity id of the key owner :param private_signing_key: the private signing key object :type private_signing_key: :class:`RSAPrivateKey` :param private_encryption_key: the private cryptographic key object :type private_encryption_key: :class:`RSAPrivateKey` """
def __load(self, file_name): # type: (str) -> RSAPrivateKey file_path = os.path.join(self.key_store_path, file_name) with(open(file_path, 'r')) as f: return serialization.load_pem_private_key( f.read().encode('utf-8'), password=self.__key_store_passphrase, backend=default_backend())
def generate_private_key(): """ Generates a :class:`~rsa.RSAPrivateKey` object. The public key object can be extracted by calling public_key() method on the generated key object. :return: the generated private key object :rtype: :class:`~rsa.RSAPrivateKey` """ return rsa.generate_private_key(public_exponent=65537, key_size=4096, backend=default_backend())
def key2bytes(): def convert(key): if isinstance(key, rsa.RSAPrivateKey): return key.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.PKCS8, encryption_algorithm=serialization.NoEncryption()) elif isinstance(key, rsa.RSAPublicKey): der = key.public_bytes( encoding=serialization.Encoding.DER, format=serialization.PublicFormat.SubjectPublicKeyInfo) return base64.b64encode(der).decode(encoding='utf-8') return convert
def public_numbers(self): if isinstance(self.key, rsa.RSAPrivateKey): return self.key.private_numbers().public_numbers else: return self.key.public_numbers()
def can_sign(self): return isinstance(self.key, rsa.RSAPrivateKey)
def _decode_key(self, data): try: key = serialization.load_der_private_key( data, password=None, backend=default_backend() ) except ValueError as e: raise SSHException(str(e)) assert isinstance(key, rsa.RSAPrivateKey) self.key = key
def gen_certificate(key: rsa.RSAPrivateKey, common_name: str, *, issuer: Optional[str]=None, sign_key: Optional[rsa.RSAPrivateKey]=None) -> x509.Certificate: now = datetime.datetime.utcnow() return x509.CertificateBuilder().subject_name( x509.Name([ x509.NameAttribute(NameOID.COMMON_NAME, common_name), ]) ).issuer_name( x509.Name([ x509.NameAttribute( NameOID.COMMON_NAME, issuer or common_name ) ]) ).not_valid_before( now ).not_valid_after( now + datetime.timedelta(seconds=86400) ).serial_number( x509.random_serial_number() ).public_key( key.public_key() ).add_extension( x509.BasicConstraints(ca=True, path_length=0), critical=True ).sign( private_key=sign_key or key, algorithm=hashes.SHA256(), backend=BACKEND )
def verify(self, msg, sig, key=None): if key is None: key = self.key try: if isinstance(key, rsa.RSAPrivateKey): key = key.public_key() key.verify(sig, msg, PKCS1v15(), self.digest) return True except InvalidSignature: return False
def test_rsa_key(self): """ Passing ``u'rsa'`` results in an RSA private key. """ key1 = generate_private_key(u'rsa') self.assertThat(key1, IsInstance(rsa.RSAPrivateKey)) key2 = generate_private_key(u'rsa') self.assertThat(key2, IsInstance(rsa.RSAPrivateKey)) self.assertThat( key1.public_key().public_numbers(), Not(Equals(key2.public_key().public_numbers())))
def __init__(self, key): if isinstance(key, RSAPrivateKey): self.signer = key.sign self.verifier = key.public_key().verify elif isinstance(key, RSAPublicKey): self.signer = None self.verifier = key.verify
def serializePrivateKey(private_key): assert(isinstance(private_key, RSAPrivateKey)) pem = private_key.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.TraditionalOpenSSL, encryption_algorithm=serialization.NoEncryption() ) return pem
def key_to_pubkey(key): if isinstance(key, bytes): return key elif isinstance(key, ec.EllipticCurvePrivateKey): return key.public_key() elif isinstance(key, rsa.RSAPrivateKey): return key.public_key() else: raise ValueError('RFC 7518 non-compliant key: ' + str(type(key)))
