def sign(self, buffer, hash_id):
sig_alg = hash_.rsa_pkcs1v15_signature_algorithm_for_hash_id(hash_id)
signer = self.key.signer(
padding.PKCS1v15(),
sig_alg.hasher()
)
while True:
d = buffer.read(1024).encode('utf-8')
if not d:
break
signer.update(d)
return signer.finalize(), sig_alg.header_param()
def validate_challenge(self, challenge_gotten):
#Desencriptar o challenge com a publica do outro e ser for == self.challenge ta top
try:
if self.user_key is not None:
self.user_key.verify(base64.b64decode(challenge_gotten),
self.challenge.encode(),
padding.PKCS1v15(), hashes.SHA1())
# else:
# self.password_solve()
return True
except cryptography.exceptions.InvalidSignature:
logger.info("Challenge was not answered correctly CC")
return False
def verify(self, buffer, alg, signature):
sig_alg = hash_.rsa_signature_algorithm_by_name(alg)
verifier = self.key.verifier(
signature,
padding.PKCS1v15(),
sig_alg.hasher()
)
while True:
d = buffer.read(1024).encode()
if not d:
break
verifier.update(d)
try:
verifier.verify()
except Exception as e:
raise e
return True
def verify_rsa_cert():
# Read the CA's certificate.
filename = raw_input('Type the PEM file containing the CA certificate: ')
with open(filename, 'rb') as f:
ca_cert_text = f.read()
ca_cert = x509.load_pem_x509_certificate(ca_cert_text,
backend=default_backend())
# Check the CA's certificate validity.
now = datetime.datetime.now()
if now < ca_cert.not_valid_before or now > ca_cert.not_valid_after:
print 'ERROR. Invalid CA certificate.'
sys.exit(1)
# Display the CA's name.
ca_name = ca_cert.subject.get_attributes_for_oid(
NameOID.COMMON_NAME)[0].value
print 'CA name:', ca_name
ca_pubkey = ca_cert.public_key()
# Read the signer's certificate.
filename = raw_input(
'Type the PEM file containing the file signer certificate: ')
with open(filename, 'rb') as f:
sgn_cert_text = f.read()
sgn_cert = x509.load_pem_x509_certificate(sgn_cert_text,
backend=default_backend())
# Check the signer's certificate validity.
sgn_cert_issuer_name = sgn_cert.issuer.get_attributes_for_oid(
NameOID.COMMON_NAME)[0].value
if sgn_cert_issuer_name != ca_name:
print 'ERROR. Unknown CA: ', sgn_cert_issuer_name
sys.exit(1)
if now < sgn_cert.not_valid_before or now > sgn_cert.not_valid_after:
print 'ERROR. Invalid file signer certificate.'
sys.exit(1)
ca_pubkey.verify(sgn_cert.signature, sgn_cert.tbs_certificate_bytes,
padding.PKCS1v15(), hashes.SHA256())
# If passing here, the signer's certificate is ok.
sgn_name = sgn_cert.subject.get_attributes_for_oid(
NameOID.COMMON_NAME)[0].value
print 'Certificate ok'
print 'File signer common name:', sgn_name
# Extract the signer's public key.
pubkey = sgn_cert.public_key()
# Read the file to verify.
filename = raw_input('Type the file to verify: ')
with open(filename, 'rb') as f:
plaintext = f.read()
# Read the signature.
filename = raw_input('Type the signature file: ')
with open(filename, 'rb') as f:
signature = f.read()
# Verify the file.
pubkey.verify(
signature, plaintext,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH), hashes.SHA256())
# If passing here, the verification is ok.
print 'Signature ok'
def __init__(self, key):
self._key = key
self._padding = padding.PKCS1v15()
self._hash_algo = hashes.SHA256()
print(f'decrypted_msg: {decrypted_msg}')
#
# RSA
#
# Generate key pair
private_key = rsa.generate_private_key(public_exponent=65537,
key_size=2048,
backend=default_backend())
private_bytes = private_key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.PKCS8,
encryption_algorithm=serialization.NoEncryption())
public_key = private_key.public_key()
public_bytes = public_key.public_bytes(encoding=serialization.Encoding.PEM,
format=serialization.PublicFormat.PKCS1)
# save files
with open('private.pem', 'wb') as private_key_file:
private_key_file.write(private_bytes)
with open('public.pem', 'wb') as public_key_file:
public_key_file.write(public_bytes)
# load from file
with open("private.pem", "rb") as key_file:
private_key_new = serialization.load_pem_private_key(
key_file.read(), password=None, backend=default_backend())
# encrypt
encrypt_bytes = public_key.encrypt(msg.encode(), padding.PKCS1v15())
# decrypt
decrypt_bytes = private_key_new.decrypt(encrypt_bytes, padding.PKCS1v15())
print(f'{encrypt_bytes.hex()}\n{decrypt_bytes.decode()}')