class RSAES_OAEP_params(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('hashFunc', AlgorithmIdentifier().subtype( implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), namedtype.NamedType('maskGenFunc', AlgorithmIdentifier().subtype( implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))), namedtype.NamedType('pSourceFunc', AlgorithmIdentifier().subtype( implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))) )
def create_tsq(file_: str, hash_digest: str = 'sha512', nonce: bool = True): """ Create TimeStampReq byte string :param file_: File path :param hash_digest: Hash algorithm :param nonce: Random integer value :return: Byte string """ try: logging.info('Creating TimeStampReq object...') message_imprint = MessageImprint() hash_algorithm = AlgorithmIdentifier() if hash_digest in digest_algorithms: hash_algorithm['algorithm'] = digest_algorithms.get(hash_digest) else: logging.error( f'{hash_digest} is not listed in list of digest algorithms') raise Exception message_imprint['hashAlgorithm'] = hash_algorithm message_imprint['hashedMessage'] = compute_hash( file_, hashlib.new(hash_digest)) tsq = TimeStampReq() tsq['version'] = 1 tsq['messageImprint'] = message_imprint if nonce: tsq['nonce'] = unpack('<q', urandom(8))[0] logging.info('Creating TimeStampReq: Success') return encoder.encode(tsq) except Exception as e: logging.error('Creating TimeStampReq: Failure', exc_info=True) raise e
def encrypt(self, key_password): """ Encrypts the private key, so that it can be saved to a keystore. This will make it necessary to decrypt it again if it is going to be used later. Has no effect if the entry is already encrypted. :param str key_password: The password to encrypt the entry with. """ if not self.is_decrypted(): return encrypted_private_key = sun_crypto.jks_pkey_encrypt( self.pkey_pkcs8, key_password) a = AlgorithmIdentifier() a.setComponentByName('algorithm', sun_crypto.SUN_JKS_ALGO_ID) a.setComponentByName('parameters', '\x05\x00') epki = rfc5208.EncryptedPrivateKeyInfo() epki.setComponentByName('encryptionAlgorithm', a) epki.setComponentByName('encryptedData', encrypted_private_key) self._encrypted = encoder.encode(epki) self._pkey = None self._pkey_pkcs8 = None self._algorithm_oid = None
def new(cls, alias, certs, key, key_format='pkcs8'): """ Helper function to create a new PrivateKeyEntry. :param str alias: The alias for the Private Key Entry :param list certs: An list of certificates, as byte strings. The first one should be the one belonging to the private key, the others the chain (in correct order). :param str key: A byte string containing the private key in the format specified in the key_format parameter (default pkcs8). :param str key_format: The format of the provided private key. Valid options are pkcs8 or rsa_raw. Defaults to pkcs8. :returns: A loaded :class:`PrivateKeyEntry` instance, ready to be placed in a keystore. :raises UnsupportedKeyFormatException: If the key format is unsupported. """ timestamp = int(time.time()) * 1000 cert_chain = [] for cert in certs: cert_chain.append(('X.509', cert)) pke = cls( timestamp=timestamp, # Alias must be lower case or it will corrupt the keystore for Java Keytool and Keytool Explorer alias=alias.lower(), cert_chain=cert_chain) if key_format == 'pkcs8': private_key_info = decoder.decode( key, asn1Spec=rfc5208.PrivateKeyInfo())[0] pke._algorithm_oid = private_key_info['privateKeyAlgorithm'][ 'algorithm'].asTuple() pke.pkey = private_key_info['privateKey'].asOctets() pke.pkey_pkcs8 = key elif key_format == 'rsa_raw': pke._algorithm_oid = RSA_ENCRYPTION_OID # We must encode it to pkcs8 private_key_info = rfc5208.PrivateKeyInfo() private_key_info.setComponentByName('version', 'v1') a = AlgorithmIdentifier() a.setComponentByName('algorithm', pke._algorithm_oid) a.setComponentByName('parameters', '\x05\x00') private_key_info.setComponentByName('privateKeyAlgorithm', a) private_key_info.setComponentByName('privateKey', key) pke.pkey_pkcs8 = encoder.encode(private_key_info, ifNotEmpty=True) pke.pkey = key else: raise UnsupportedKeyFormatException( "Key Format '%s' is not supported" % key_format) return pke
class MessageImprint(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('hashAlgorithm', AlgorithmIdentifier()), namedtype.NamedType('hashedMessage', univ.OctetString()), ) @property def hash_algorithm(self): return self[0] @property def hashed_message(self): return self[1]
class MessageImprint(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('hashAlgorithm', AlgorithmIdentifier()), namedtype.NamedType('hashedMessage', univ.OctetString()) )