def SignKeys(self, client_public_key, server_public_key):
signature = self.private_key.sign(
(client_public_key + server_public_key),
padding.PSS(
mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH), hashes.SHA256())
return signature
def verify_rsa():
# Read the public key.
filename = raw_input('Type the PEM file containing the RSA public key: ')
with open(filename, 'rb') as f:
pubkey_text = f.read()
pubkey = serialization.load_pem_public_key(pubkey_text,
backend=default_backend())
# Read the file to verify.
filename = raw_input('Type the file to verify: ')
with open(filename, 'rb') as f:
plaintext = f.read()
# Read the signature.
filename = raw_input('Type the signature file: ')
with open(filename, 'rb') as f:
signature = f.read()
# Verify the file.
pubkey.verify(
signature, plaintext,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH), hashes.SHA256())
# If passing here, the verification is ok.
print 'Signature ok'
def myRSADecrypt(RSACipher, C, IV, t, path, pTK, sig):
from cryptography.hazmat.primitives.asymmetric import padding
with open(pTK, "rb") as key_file:
prk = serialization.load_pem_private_key(key_file.read(),
password=None,
backend=default_backend())
pub = prk.public_key()
pub.verify(
sig, RSACipher,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH), hashes.SHA256())
newK = prk.decrypt(
RSACipher,
padding.OAEP(mgf=padding.MGF1(algorithm=hashes.SHA256()),
algorithm=hashes.SHA256(),
label=None))
key = newK[0:32]
hKey = newK[32:]
pt = myfileDecryptHMAC(C, IV, t, key, hKey, path)
return pt
def generate_sign(private_key):
from cryptography.hazmat.primitives.asymmetric import padding
sign = private_key.sign(
b'key', padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=128), hashes.SHA256())
return sign
def myRSAEncrypt(path, pTK, pTK2):
from cryptography.hazmat.primitives.asymmetric import padding
C, IV, t, key, hKey, fExt = myfileEncryptHMAC(path)
newK = key + hKey
with open(pTK, "rb") as key_file:
pk = serialization.load_pem_public_key(key_file.read(),
backend=default_backend())
with open(pTK2, "rb") as key_file:
prk = serialization.load_pem_private_key(key_file.read(),
password=None,
backend=default_backend())
RSACipher = pk.encrypt(
newK,
padding.OAEP(mgf=padding.MGF1(algorithm=hashes.SHA256()),
algorithm=hashes.SHA256(),
label=None))
sig = prk.sign(
RSACipher,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH), hashes.SHA256())
return RSACipher, C, IV, t, fExt, sig
def sign_private(self, message, hash_using=hashes.SHA256()):
# if self.priv_key.public_key().public_bytes(Encoding.PEM, PublicFormat.SubjectPublicKeyInfo) == self.certificate.public_key().public_bytes(Encoding.PEM, PublicFormat.SubjectPublicKeyInfo):
# logger.info("SAO IGUAIS")
signature = self.priv_key.sign(
message.encode(),
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH), hash_using)
logger.info("Signing with private: %s" % (signature))
return signature
def pk_sign(message: bytes, private_key: rsa.RSAPrivateKey) -> bytes:
"""
Sign a message using RSASSA-PSS.
"""
signer = private_key.signer(
padding.PSS(padding.MGF1(hashes.SHA256()), padding.PSS.MAX_LENGTH),
hashes.SHA256())
signer.update(message)
return signer.finalize()
def gen_pubKey(privateKey):
""" RSA PUBLIC KEY """
chosen_hash = hashes.SHA256()
hasher = hashes.Hash(chosen_hash, default_backend())
hasher.update(b"data & ")
hasher.update(b"more data")
digest = hasher.finalize()
sig = privateKey.sign(
digest,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
utils.Prehashed(chosen_hash))
publicKey = privateKey.public_key()
publicKey.verify(
sig, digest,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
utils.Prehashed(chosen_hash))
return publicKey
def pk_verify(message: bytes, public_key: rsa.RSAPublicKey,
signature: bytes) -> bool:
"""
Verify a message signature created with RSASSA-PSS.
"""
verifier = public_key.verifier(
signature,
padding.PSS(padding.MGF1(hashes.SHA256()), padding.PSS.MAX_LENGTH),
hashes.SHA256())
verifier.update(message)
try:
verifier.verify()
return True
except exceptions.InvalidSignature:
return False
def verifySignature(self, signatureClient, client_public_key,
server_public_key):
key_file = open("key_client.pem", "rb")
pp = key_file.read()
key_file.close()
rsa_client_public_key = serialization.load_pem_public_key(
pp[1874:], backend=default_backend())
try:
rsa_client_public_key.verify(
signatureClient, (client_public_key + server_public_key),
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
except InvalidSignature as InvalidSignature:
print("Assinatura inválida")
exit
def verifySignature(self, signatureClient, client_public_key,
server_public_key, unknown_cert):
try:
uc = crypto.load_certificate(crypto.FILETYPE_PEM, unknown_cert)
store = crypto.X509Store()
store.add_cert(self.trusted_cert)
store_ctx = crypto.X509StoreContext(store, uc)
store_ctx.verify_certificate()
public_key_cert = x509.load_pem_x509_certificate(
unknown_cert, default_backend()).public_key()
public_key_cert.verify(
signatureClient, (client_public_key + server_public_key),
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
except Exception as e:
print(e)
exit
def sign_rsa_cert():
# Read the private key.
filename = raw_input('Type the PEM file containing the RSA private key: ')
with open(filename, 'rb') as f:
prvkey_text = f.read()
prvkey = serialization.load_pem_private_key(prvkey_text,
password=None,
backend=default_backend())
# Read the file to sign.
filename = raw_input('Type the file to sign: ')
with open(filename, 'rb') as f:
plaintext = f.read()
# Sign the file.
signature = prvkey.sign(
plaintext,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH), hashes.SHA256())
# Write the signature in the output file.
with open(filename + '.sgn', 'wb') as f:
f.write(signature)
print('Signature file: ' + filename + '.sgn')
def verify_rsa_cert():
# Read the CA's certificate.
filename = raw_input('Type the PEM file containing the CA certificate: ')
with open(filename, 'rb') as f:
ca_cert_text = f.read()
ca_cert = x509.load_pem_x509_certificate(ca_cert_text,
backend=default_backend())
# Check the CA's certificate validity.
now = datetime.datetime.now()
if now < ca_cert.not_valid_before or now > ca_cert.not_valid_after:
print 'ERROR. Invalid CA certificate.'
sys.exit(1)
# Display the CA's name.
ca_name = ca_cert.subject.get_attributes_for_oid(
NameOID.COMMON_NAME)[0].value
print 'CA name:', ca_name
ca_pubkey = ca_cert.public_key()
# Read the signer's certificate.
filename = raw_input(
'Type the PEM file containing the file signer certificate: ')
with open(filename, 'rb') as f:
sgn_cert_text = f.read()
sgn_cert = x509.load_pem_x509_certificate(sgn_cert_text,
backend=default_backend())
# Check the signer's certificate validity.
sgn_cert_issuer_name = sgn_cert.issuer.get_attributes_for_oid(
NameOID.COMMON_NAME)[0].value
if sgn_cert_issuer_name != ca_name:
print 'ERROR. Unknown CA: ', sgn_cert_issuer_name
sys.exit(1)
if now < sgn_cert.not_valid_before or now > sgn_cert.not_valid_after:
print 'ERROR. Invalid file signer certificate.'
sys.exit(1)
ca_pubkey.verify(sgn_cert.signature, sgn_cert.tbs_certificate_bytes,
padding.PKCS1v15(), hashes.SHA256())
# If passing here, the signer's certificate is ok.
sgn_name = sgn_cert.subject.get_attributes_for_oid(
NameOID.COMMON_NAME)[0].value
print 'Certificate ok'
print 'File signer common name:', sgn_name
# Extract the signer's public key.
pubkey = sgn_cert.public_key()
# Read the file to verify.
filename = raw_input('Type the file to verify: ')
with open(filename, 'rb') as f:
plaintext = f.read()
# Read the signature.
filename = raw_input('Type the signature file: ')
with open(filename, 'rb') as f:
signature = f.read()
# Verify the file.
pubkey.verify(
signature, plaintext,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH), hashes.SHA256())
# If passing here, the verification is ok.
print 'Signature ok'
plaintext = private_key.decrypt(ciphertext,
padding.OAEP(mgf=padding.MGF1(algorithm=hashes.SHA256()),
algorithm=hashes.SHA256(),
label=None))
print plaintext
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import padding
signer = private_key.signer(padding.PSS(mgf=padding.MGF1(hashes.SHA256()), salt_length=padding.PSS.MAX_LENGTH), hashes.SHA256())
message = "A message of arbitrary length"
signer.update(message)
signature = signer.finalize()
public_key = private_key.public_key()
verifier = public_key.verifier(signature, padding.PSS(mgf=padding.MGF1(hashes.SHA256()), salt_length=padding.PSS.MAX_LENGTH), hashes.SHA256())
verifier.update(message)
verifier.verify()
####################################################################
def createDigitalSignature(privateKey, message):
signature = privateKey.sign(
message,
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH), hashes.SHA256())
return signature
