def _importKeyDER(extern_key, passphrase, verify_x509_cert):
"""Import an RSA key (public or private half), encoded in DER form."""
try:
der = DerSequence().decode(extern_key)
# Try PKCS#1 first, for a private key
if len(der) == 9 and der.hasOnlyInts() and der[0] == 0:
# ASN.1 RSAPrivateKey element
del der[6:] # Remove d mod (p-1),
# d mod (q-1), and
# q^{-1} mod p
der.append(Integer(der[4]).inverse(der[5])) # Add p^{-1} mod q
del der[0] # Remove version
return construct(der[:])
# Keep on trying PKCS#1, but now for a public key
if len(der) == 2:
try:
# The DER object is an RSAPublicKey SEQUENCE with
# two elements
if der.hasOnlyInts():
return construct(der[:])
# The DER object is a SubjectPublicKeyInfo SEQUENCE
# with two elements: an 'algorithmIdentifier' and a
# 'subjectPublicKey'BIT STRING.
# 'algorithmIdentifier' takes the value given at the
# module level.
# 'subjectPublicKey' encapsulates the actual ASN.1
# RSAPublicKey element.
if der[0] == algorithmIdentifier:
bitmap = DerBitString().decode(der[1])
rsaPub = DerSequence().decode(bitmap.value)
if len(rsaPub) == 2 and rsaPub.hasOnlyInts():
return construct(rsaPub[:])
except (ValueError, EOFError):
pass
# Try to see if this is an X.509 DER certificate
# (Certificate ASN.1 type)
if len(der) == 3:
from Crypto.PublicKey import _extract_sp_info
try:
sp_info = _extract_sp_info(der)
if verify_x509_cert:
raise NotImplementedError("X.509 certificate validation is not supported")
return _importKeyDER(sp_info, passphrase, False)
except ValueError:
pass
# Try PKCS#8 (possibly encrypted)
k = PKCS8.unwrap(extern_key, passphrase)
if k[0] == oid:
return _importKeyDER(k[1], passphrase, False)
except (ValueError, EOFError):
pass
raise ValueError("RSA key format is not supported")
def _importKeyDER(key_data, passphrase, params):
"""Import a DSA key (public or private half), encoded in DER form."""
try:
#
# Dss-Parms ::= SEQUENCE {
# p OCTET STRING,
# q OCTET STRING,
# g OCTET STRING
# }
#
# Try a simple private key first
if params:
x = DerInteger().decode(key_data).value
p, q, g = list(DerSequence().decode(params)) # Dss-Parms
tup = (pow(g, x, p), g, p, q, x)
return construct(tup)
der = DerSequence().decode(key_data)
# Try OpenSSL format for private keys
if len(der) == 6 and der.hasOnlyInts() and der[0] == 0:
tup = [der[comp] for comp in (4, 3, 1, 2, 5)]
return construct(tup)
# Try SubjectPublicKeyInfo
if len(der) == 2:
try:
algo = DerSequence().decode(der[0])
algo_oid = DerObjectId().decode(algo[0]).value
params = DerSequence().decode(algo[1]) # Dss-Parms
if algo_oid == oid and len(params) == 3 and\
params.hasOnlyInts():
bitmap = DerBitString().decode(der[1])
pub_key = DerInteger().decode(bitmap.value)
tup = [pub_key.value]
tup += [params[comp] for comp in (2, 0, 1)]
return construct(tup)
except (ValueError, EOFError):
pass
# Try to see if this is an X.509 DER certificate
# (Certificate ASN.1 type)
if len(der) == 3:
from Crypto.PublicKey import _extract_sp_info
try:
sp_info = _extract_sp_info(der)
return _importKeyDER(sp_info, passphrase, None)
except ValueError:
pass
# Try unencrypted PKCS#8
p8_pair = PKCS8.unwrap(key_data, passphrase)
if p8_pair[0] == oid:
return _importKeyDER(p8_pair[1], passphrase, p8_pair[2])
except (ValueError, EOFError):
pass
raise ValueError("DSA key format is not supported")