def _cipher(self):
'''
Obtain a usable cipher object based on the text representation of the key
loaded from the file. Allows defering the possible passphrase prompting
until the key (and resulting cipher) is actually used. Downside is that if
there is a more fundamental format issue with the key data, we encounter
it here.
'''
if not PKCS1_OAEP:
raise PKCSError('PKCS1_OAEP cipher unavailable in this version of PyCrypto')
if self.cipher_object:
return self.cipher_object
if not self.keydata:
raise PKCSError('No RSA Key available: %s' % self.keyfile)
self.cipher_object = PKCS1_OAEP(self)
return self.cipher_object
def __init__(self, keyfile='~/.ssh/id_rsa', default_passphrase=None):
self.keyfile = os.path.expanduser(keyfile)
self.default_passphrase = default_passphrase
try:
with open(self.keyfile, 'rb') as f:
self.keydata = f.read()
# Peek to see if it looks like a pubkey or private key
if self.keydata.startswith(b'ssh-rsa '):
self.cipher_object = PKCS1_OAEP(self)
elif b'BEGIN RSA PRIVATE KEY' in self.keydata:
# Defer loading the key, in case a passphrase is required
# Handle that when/if the key is needed to instantiate the cipher
self.cipher_object = None
else:
raise PKCSError('Key format not recognized', keyfile)
except IOError:
self.cipher_object = None
self.keydata = None
self.unsupported = not PKCS1_OAEP
