我们从Python开源项目中,提取了以下8个代码示例,用于说明如何使用cryptography.hazmat.primitives.serialization.load_ssh_public_key()。
def generate_fingerprint(public_key): try: pub_bytes = public_key.encode('utf-8') # Test that the given public_key string is a proper ssh key. The # returned object is unused since pyca/cryptography does not have a # fingerprint method. serialization.load_ssh_public_key( pub_bytes, backends.default_backend()) pub_data = base64.b64decode(public_key.split(' ')[1]) digest = hashes.Hash(hashes.MD5(), backends.default_backend()) digest.update(pub_data) md5hash = digest.finalize() raw_fp = binascii.hexlify(md5hash) if six.PY3: raw_fp = raw_fp.decode('ascii') return ':'.join(a + b for a, b in zip(raw_fp[::2], raw_fp[1::2])) except Exception: raise exception.InvalidKeypair( reason=_('failed to generate fingerprint'))
def load_public_key(pubkey_file): ''' Loads the public key stored in the file indicated by the pubkey_file parameter and returns it The `pubkey_file` parameter indicates the absolute path to the file storing the public key. The key returned is a RSAPublicKey instance. ''' with open(pubkey_file, "rb") as key_file: pubkey = serialization.load_ssh_public_key( key_file.read(), backend=default_backend() ) return pubkey
def test_generate_key_pair_2048_bits(self): (private_key, public_key, fingerprint) = crypto.generate_key_pair() pub_bytes = public_key.encode('utf-8') pkey = serialization.load_ssh_public_key( pub_bytes, backends.default_backend()) self.assertEqual(2048, pkey.key_size)
def test_generate_key_pair_1024_bits(self): bits = 1024 (private_key, public_key, fingerprint) = crypto.generate_key_pair(bits) pub_bytes = public_key.encode('utf-8') pkey = serialization.load_ssh_public_key( pub_bytes, backends.default_backend()) self.assertEqual(bits, pkey.key_size)
def ssh_encrypt_text(ssh_public_key, text): """Encrypt text with an ssh public key. If text is a Unicode string, encode it to UTF-8. """ if isinstance(text, six.text_type): text = text.encode('utf-8') try: pub_bytes = ssh_public_key.encode('utf-8') pub_key = serialization.load_ssh_public_key( pub_bytes, backends.default_backend()) return pub_key.encrypt(text, padding.PKCS1v15()) except Exception as exc: raise exception.EncryptionFailure(reason=six.text_type(exc))
def __init__(self, ssh_public_key): """ Extracts the useful RSA Public Key information from an SSH Public Key file. :param ssh_public_key: SSH Public Key file contents. (i.e. 'ssh-rsa AAAAB3NzaC1yc2E..'). """ super(RSAPublicKey, self).__init__() self.type = SSHPublicKeyType.RSA split_ssh_public_key = ssh_public_key.split(' ') split_key_len = len(split_ssh_public_key) # is there a key comment at the end? if split_key_len > 2: self.key_comment = ' '.join(split_ssh_public_key[2:]) else: self.key_comment = '' public_key = serialization.load_ssh_public_key(ssh_public_key, default_backend()) ca_pub_numbers = public_key.public_numbers() if not isinstance(ca_pub_numbers, RSAPublicNumbers): raise TypeError("Public Key is not the correct type or format") self.key_size = public_key.key_size self.e = ca_pub_numbers.e self.n = ca_pub_numbers.n key_bytes = base64.b64decode(split_ssh_public_key[1]) fingerprint = hashlib.md5(key_bytes).hexdigest() self.fingerprint = 'RSA ' + ':'.join( fingerprint[i:i + 2] for i in range(0, len(fingerprint), 2))
def load_private_key(secret, pass_phrase): """Loads a private key that may use a pass_phrase. Tries to correct or diagnose common errors: - provided pass_phrase but didn't need one - provided a public key """ if isinstance(secret, six.text_type): secret = secret.encode("ascii") if isinstance(pass_phrase, six.text_type): pass_phrase = pass_phrase.encode("ascii") backend = default_backend() try: # 0) Try with pass_phrase return serialization.load_pem_private_key(secret, pass_phrase, backend=backend) except TypeError: # 1) Either: # - key has pass_phrase and one wasn't provided # - key doesn't have pass_phrase and one was provided. # # Can't fix the first, but we *can* fix the second. # This can happen if the DEFAULT profile has a pass_phrase but # another profile uses a key file without a pass_phrase. if pass_phrase is None: # 1.1) private key needed a pass_phrase and we don't have one raise MissingPrivateKeyPassphrase("The provided key requires a passphrase.") else: # 1.2) try again without pass_phrase; could be an artifact from DEFAULT return serialization.load_pem_private_key(secret, None, backend=backend) except ValueError: # 2) Try to determine what kind of failure this is. # Most likely, this is either a bad password or a public key. # If loading it as a public key fails, it's almost certainly a bad password. for loader in [ serialization.load_der_public_key, serialization.load_pem_public_key, serialization.load_ssh_public_key ]: try: loader(secret, backend=backend) except (ValueError, UnsupportedAlgorithm): # 2.1) Not a public key; try the next format pass else: # 2.2) This is a public key raise InvalidPrivateKey("Authentication requires a private key, but a public key was provided.") # 2.3) Password is probably wrong. raise InvalidPrivateKey("The provided key is not a private key, or the provided passphrase is incorrect.")
