def setUp(self): self.pem_priv_key = """-----BEGIN PRIVATE KEY----- MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQDDLrmt4lKRpm6P 2blptwJsa1EBuxuuAayLjwNqKGvm5c1CAUEa/NtEpUMM8WYKRDwxzakUIGI/BdP3 NOEMphcs5+OekgJLhzoSdtAIrXPy8JIidENZE6FzCJ2b6fHU5O4hoNvv1Bx5yoZr HVaWJIZMRRocJJ0Nf9oMaU8IE6m6OdBzQHEwcnL2/a8Q3VxstHufzjILmaZD9WL+ 6AESlQMKZPNQ+Xd7d4nvnVkY4ZV46tA+KvADGuotgovQwG+uiyQoGRrQUms21vHF zIvd3G9OCiyCTCHSyfsE3g7tks33NZ8O8gF8xa9OmU9TQPwwAyUr6JQXz0CW77o7 Cr9LpHuNAgMBAAECggEBAJRbMbtfqc8XqDYjEfGur2Lld19Pb0yl7RbvD3NjYhDR X2DqPyhaRfg5fWubGSp4jyBz6C5qJwMsVN80DFNm83qoj7T52lC6aoOaV6og3V8t SIZzxLUyXKdpRxM5kR13HSHmeQYkPbi9HcrRM/1PqdzTMXNuyQl3wq9oZDAJchsf fmoh080htkaxhEb1bMXa2Lj7j2OIkHOsQeIu6BdbxIKRPIT+zrcklE6ocW8fTWAS Qi3IZ1FYLL+fs6TTxjx0VkC8QLaxWxY0pqTiwS7ndZiZKc3l3ARuvRk8buP+X3Jg BD86FQ18OXZC9boMbDbzv2cOLtdkq5pS3lJE4F9gjYECgYEA69ukU2pNWot2OPwK PuPwAXWNrvnvFzQgIc0qOiCmgKJU6wqunlop4Bx5XmetHExVyJVBEhaHoDr0F3Rs gt8IclKDsWGXoVcgfu3llMimiZ05hOf/XtcGTCZwZenMQ30cFh4ZRuUu7WCZ9tqO 28P8jCXB3IcaRpRnNvVvmCr5NXECgYEA09nUzRW993SlohceRW2C9fT9HZ4BaPWO 5wVlnoo5mlUfAyzl+AGT/WlKmrn/1gAHIznQJ8ZIABQvPaBXhvkANXZP5Ie0lObw jA7qFuKt7yV4GGlDnU1MOLh+acABMQBGSx8BJDaomH7glTiPEPTZjoP6wfAsd1uv Knjt7jH2ad0CgYEAx9ghknRd+rx0fbBBVix4riPW20324ihOmZVnlD0aF6B0Z3tz ncUz+irmQ7GBIpsjjIO60QK6BHAvZrhFQVaNp6B26ZORkSlr5WDZyImDYtMPa6fP 36I+OcPQNOo3I3Acnjj+ne2PJ59Ula92oIudr3pGmv72qpsQIacw2TSAWGECgYEA sdNAN+HPMn68ZaGoLDjvW8uIB6tQnay5hhvWn8yA65YV0RGH+7Q/Z9BQ6i3EnPor A5uMqUZbu4011jHYJpiuXzHvf/GVWAO92KLQReOCgqHd/Aen1MtEdrwOiG+90Ebd ukLNL3ud61tc4oS2OlJ8p48LFm2mtY3FLA6UEYPoxhUCgYEAtsfWIGnBh7XC+HwI 2higSgN92VpJHSPOyOi0aG/u5AEQ+fsCUIi3KakxzvmiGMAEvWItkKyz2Gu8smtn 2HVsGxI5UW7aLw9s3qe8kyMSfUk6pGamVhJUQmDr77+5zEzykPBxwGwDwdeR43CR xVgf/Neb/avXgIgi6drj8dp1fWA= -----END PRIVATE KEY----- """ rsa_priv_key = RSA.importKey(self.pem_priv_key) self.priv_key = PKCS1_v1_5.new(rsa_priv_key) self.pub_key = PKCS1_v1_5.new(rsa_priv_key.publickey()) unittest.TestCase.setUp(self)
def main(argv): encrypt = argv[0] keyfile = argv[1] service = argv[2] username = argv[3] if isinstance(encrypt, str): if encrypt.lower().startswith('t'): encrypt = True else: encrypt = False if encrypt: password = argv[4] key = RSA.generate(1024) cipher = PKCS1_v1_5.new(key) keyring.set_password(service, username, key.exportKey()) with open(keyfile, 'wb') as outf: outf.write(cipher.encrypt(password)) else: key = RSA.importKey(keyring.get_password(service, username)) cipher = PKCS1_v1_5.new(key) with open(keyfile, 'rb') as inf: return cipher.decrypt(inf.read(), None)
def importKey(objId): public = open(objId + '.pub.pem', 'rb') private = open(objId + '.pri.pem', 'rb') pub = RSA.importKey(public.read()) pri = RSA.importKey(private.read()) pubN = PKCS1_v1_5.new(pub) priN = PKCS1_v1_5.new(pri) secret = pubN.encrypt('410015216'.encode()) mess = priN.decrypt(secret, None) print(mess)
def decrypt(messageFile): #Read private key from file f = open("rsa_priv.pem", 'r') private = RSA.importKey(f.read()) f.close() #Read the message from the file f = open(messageFile, 'r') msg = f.read() f.close() #Decrypt the message from the sender print PKCS1_v1_5.new(private).decrypt(msg.decode("string-escape"), 0)
def serverkeyexgprocess(csession, ssession, p): pubkey = str(p[Raw])[:64] csession.crypto.server.rsa.pubkey = pubkey ssession.crypto.server.rsa.pubkey = pubkey prikey = getD(pubkey) n = int(pubkey.encode('hex'), 16) e = long(65537) d = int(getD(pubkey).encode('hex'), 16) csession.crypto.server.rsa.privkey = prikey ssession.crypto.server.rsa.privkey = prikey key = RSA.construct((n, e, d)) csession.crypto.server.rsa.cipher = PKCS1_v1_5.new(key) ssession.crypto.server.rsa.cipher = PKCS1_v1_5.new(key) return p
def encrypt(self, data): cipher = PKCS1_v1_5.new(self.key) try: return ''.join(reversed(cipher.encrypt(data))) # Because MICROSOFT except ValueError: log.msg("Message too large to encrypt") return None
def decrypt(self, data): cipher = PKCS1_v1_5.new(self.key) try: return cipher.decrypt(''.join(reversed(data)), None) # For now except ValueError: log.msg("Message too large to decrypt") return None
def rsa_base64_encrypt(data,key): ''' 1. rsa encrypt 2. base64 encrypt ''' cipher = PKCS1_v1_5.new(key) return base64.b64encode(cipher.encrypt(data))
def encrypt_for_master(data): # Encrypt the file so it can only be read by the bot master h=SHA.new(data) key = RSA.importKey(open(os.path.join("pastebot.net", "master_rsa.pub")).read()) cipher = PKCS1_v1_5.new(key) ciphertext = cipher.encrypt(data+h.digest()) return ciphertext
def encrypt_using_bot_public(data): public_key = RSA.importKey(open("../PublicKeyDir.Keys/botpubkey.pem", 'rb').read()) h = SHA256.new(data) cipher = PKCS1_v1_5.new(public_key) ciphertext = cipher.encrypt(data + h.digest()) return ciphertext
def process(self,p): if p.haslayer(TLSHandshake): if p.haslayer(TLSClientHello): if not self.params.handshake.client: self.params.handshake.client=p[TLSClientHello] if not self.crypto.session.randombytes.client: self.crypto.session.randombytes.client=struct.pack("!I",p[TLSClientHello].gmt_unix_time)+p[TLSClientHello].random_bytes if p.haslayer(TLSServerHello): if not self.params.handshake.server: self.params.handshake.server=p[TLSServerHello] if not self.crypto.session.randombytes.server: self.crypto.session.randombytes.server=struct.pack("!I",p[TLSServerHello].gmt_unix_time)+p[TLSServerHello].random_bytes if not self.params.negotiated.ciphersuite: self.params.negotiated.version=p[TLSServerHello].version self.params.negotiated.ciphersuite=p[TLSServerHello].cipher_suite self.params.negotiated.compression=p[TLSServerHello].compression_method self.parseCipherSuite() #kex,enc,mac = describe_ciphersuite(self.params.negotiated.ciphersuite) #self.params.negotiated.key_exchange=kex #self.params.negotiated.encryption=enc #self.params.negotiated.mac=mac if p.haslayer(TLSCertificateList): if self.params.negotiated.key_exchange and "RSA" in self.params.negotiated.key_exchange: cert = p[TLSCertificateList].certificates[0].data self.crypto.server.rsa.pubkey = PKCS1_v1_5.new(x509_extract_pubkey_from_der(cert)) if p.haslayer(TLSClientKeyExchange) and self.crypto.server.rsa.privkey: self.crypto.session.encrypted_premaster_secret = str(p[TLSClientKeyExchange].load) self.crypto.session.premaster_secret = self.crypto.server.rsa.cipher.decrypt(self.crypto.session.encrypted_premaster_secret,None) #print 'PMS',self.crypto.session.premaster_secret.encode('hex') self.keysFromPreMasterSecret() # one for encryption and one for decryption to not mess up internal states self.crypto.client.enc = self.ciphersuite_factory(self.crypto.session.key.client.encryption,self.crypto.session.key.client.iv) self.crypto.client.dec = self.ciphersuite_factory(self.crypto.session.key.client.encryption,self.crypto.session.key.client.iv) self.crypto.server.enc = self.ciphersuite_factory(self.crypto.session.key.server.encryption,self.crypto.session.key.server.iv) self.crypto.server.dec = self.ciphersuite_factory(self.crypto.session.key.server.encryption,self.crypto.session.key.server.iv)
def encrypt_request_data(data_dict, key, modulus): """ Encrypts request data using the ArcGIS Server REST Admin API Public Key from an ArcGIS Server instance. According to Esri's documentation, the public key should be retrieved every time a request is sent, as it may change. This is also backed by Esri's own software, which follows this practice and doesn't cache the key. As such, each request to this function should ensure it is providing an up-to-date key/modulus pair. :param data_dict: The data to be encrypted. The data will not be modified, instead a new dictionary with the encrypted data will be returned. :type data_dict: Dict :param key: The ArcGIS Server REST Admin API RSA public key :type key: int :param modulus: The ArcGIS Server REST Admin API RSA modulus :type modulus: long :returns: A new copy of the dictionary with all values encrypted using the public key and the RSA PKCS v1.5 algorithm. :rtype: Dict """ # get crypto module, then encode try: from rsa import PublicKey, encrypt rpk = PublicKey(modulus, key) new_data = {key: encrypt(value, rpk).encode('hex') for key, value in data_dict.iteritems()} except ImportError: from Crypto.PublicKey import RSA from Crypto.Cipher import PKCS1_OAEP, PKCS1_v1_5 cipher = PKCS1_v1_5.new(RSA.construct((modulus, key))) new_data = {key: cipher.encrypt(value).encode('hex') for key, value in data_dict.iteritems()} return new_data
def encrypt_prepend(self, prepend, query_str_len): buf = [] # 2 AES keys generated at run time, 16 bytes each aes_encrypt_key = "".join([chr(random.getrandbits(8)) for i in range(16)]) aes_decrypt_key = "".join([chr(random.getrandbits(8)) for i in range(16)]) buf.append(aes_encrypt_key) buf.append(aes_decrypt_key) # query str len size_field = struct.pack("I", query_str_len) buf.append(size_field) buf.append(prepend) rsa_key = RSA.importKey(self.rsa_key_pem) rsa = PKCS1_v1_5.new(rsa_key) enc_prepend = rsa.encrypt("".join(buf)) keys = { "enc": aes_encrypt_key, "dec": aes_decrypt_key } return enc_prepend, keys
def RSA_encrypt(public_key, message): if not globals().get('RSA'): return '' rsakey = RSA.importKey(public_key) rsakey = PKCS1_v1_5.new(rsakey) encrypted = rsakey.encrypt(message.encode('utf-8')) return base64.encodestring(encrypted).decode('utf-8').replace('\n', '')
def main(): argument_spec = ec2_argument_spec() argument_spec.update(dict( instance_id = dict(required=True), key_file = dict(required=True), ) ) module = AnsibleModule(argument_spec=argument_spec) if not HAS_BOTO: module.fail_json(msg='Boto required for this module.') instance_id = module.params.get('instance_id') key_file = expanduser(module.params.get('key_file')) ec2 = ec2_connect(module) data = ec2.get_password_data(instance_id) decoded = b64decode(data) f = open(key_file, 'r') key = RSA.importKey(f.read()) cipher = PKCS1_v1_5.new(key) sentinel = 'password decryption failed!!!' try: decrypted = cipher.decrypt(decoded, sentinel) except ValueError as e: decrypted = None if decrypted == None: module.exit_json(win_password='', changed=False) else: module.exit_json(win_password=decrypted, changed=True)
def encrypt_for_master(data): # Encrypt the file so it can only be read by the bot master # Generate key pairs key = RSA.generate(2048) # Export public key to file export_pukey = key.publickey().exportKey('PEM') publickey_file = open(os.path.join("pastebot.net", "publickey"), "wb") publickey_file.write(export_pukey) publickey_file.close() # Create RSA object from public key publickey_file = open(os.path.join("pastebot.net", "publickey"), "rb").read() public_key = RSA.importKey(publickey_file) # Hash message hashed_m = SHA256.new(data) # Encrypt message using public key cipher = PKCS1_cipher.new(public_key) ciphertext = cipher.encrypt(data+hashed_m.digest()) # Export private key to be prefixed to ciphertext export_prkey = key.exportKey('PEM') # Sign message using private key prkey = RSA.importKey(export_prkey) signer = PKCS1_v1_5.new(prkey) signature = signer.sign(hashed_m) # Return private key and ciphertext, as well as signature separately return export_prkey + b"\n" + ciphertext, signature
def key_decryption(bytes_key): private_rsa_key = RSA.importKey(open('c:/cygwin64/certs/fred.pri.key').read()) dsize = SHA.digest_size sentinel = Random.new().read(AES.block_size) cipher = PKCS1_v1_5.new(private_rsa_key) raw_aes_key = cipher.decrypt(bytes_key, sentinel) return raw_aes_key
def sign_file(f): # TODO: For Part 2, you'll use public key crypto here # The existing scheme just ensures the updates start with the line 'Caesar' # This is naive -- replace it with something better! # Generate key pairs key = RSA.generate(2048) # Export public key to file export_pukey = key.publickey().exportKey('PEM') publickey_file = open(os.path.join("pastebot.net", "publickey"), "wb") publickey_file.write(export_pukey) publickey_file.close() # Create RSA object from public key publickey_file = open(os.path.join("pastebot.net", "publickey"), "rb").read() public_key = RSA.importKey(publickey_file) # Hash message hashed_m = SHA256.new(f) # Encrypt message using public key cipher = PKCS1_cipher.new(public_key) ciphertext = cipher.encrypt(f+hashed_m.digest()) # Export private key to be prefixed to ciphertext export_prkey = key.exportKey('PEM') # Sign message using private key prkey = RSA.importKey(export_prkey) signer = PKCS1_v1_5.new(prkey) signature = signer.sign(hashed_m) # Return private key and ciphertext, as well as signature separately return export_prkey + b"\n" + ciphertext, signature
def create_encrypted_outer_aes_key_bundle(self, recipient_rsa): """ The Outer AES Key Bundle is encrypted with the receipient's public key, so only the receipient can decrypt the header. """ cipher = PKCS1_v1_5.new(recipient_rsa) return cipher.encrypt(self.create_outer_aes_key_bundle().encode("utf-8"))
def encrypt_using_master_public(data): public_key_encryption_file = "./PublicKeyDir.Keys/pubkeys.pem" h = SHA256.new(data) key = RSA.importKey(open(public_key_encryption_file, 'rb').read()) cipher = PKCS1_v1_5.new(key) ciphertext = cipher.encrypt(data + h.digest()) return ciphertext
def travis_encrypt_binstar_token(repo, string_to_encrypt): # Copyright 2014 Matt Martz <*****@*****.**> # All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. from Crypto.PublicKey import RSA from Crypto.Cipher import PKCS1_v1_5 import base64 keyurl = "https://api.travis-ci.org/repos/{0}/key".format(repo) r = requests.get(keyurl, headers=travis_headers()) r.raise_for_status() public_key = r.json()["key"] key = RSA.importKey(public_key) cipher = PKCS1_v1_5.new(key) return base64.b64encode(cipher.encrypt(string_to_encrypt.encode())).decode("utf-8")
def decrypt_using_bot_private(data): private_key_encryption_file = "./lib/botPrivateKey/botprivatekey.pem" key = RSA.importKey(open(private_key_encryption_file, 'rb').read()) digest_size = SHA256.digest_size sentinel = Random.new().read(15 + digest_size) cipher = PKCS1_v1_5.new(key) return cipher.decrypt(data, sentinel)
def start_ciphering(file_to_encrypt): pubkey = RSA.importKey(open(configuration_file.get("Encrypt_server", "pubkey_location")).read()) random_bytes = os.urandom(32) # pid = os.fork() # if pid == 0 : disk_manager(file_name=file_to_encrypt) # sys.exit() # encrypt file with 256MB chunks and 512Mb file size takes about 17 seconds print "Start cifer for %s at %s" % (file_to_encrypt, datetime.now()) encrypt_file( key=random_bytes, in_filename=file_to_encrypt, out_filename=configuration_file.get("Encrypt_server", "encrypted_files_location") + os.path.basename(file_to_encrypt + ".enc"), chunksize=configuration_file.getint("Encrypt_server", "chunksize"), ) # cifer random key to post decrypt public_cipher = PKCS1_v1_5.new(pubkey) ciphertext = public_cipher.encrypt(random_bytes) # doing this on a fuction so i can perform saves on databases to (later on the project) save_signature( KeyToSave=ciphertext, Public_Cipher=public_cipher, FileName=configuration_file.get("Encrypt_server", "encrypted_files_location") + os.path.basename(file_to_encrypt), ) print "Ended cifer for %s at %s\n" % (file_to_encrypt, datetime.now()) os.system("rm %s" % (file_to_encrypt)) return "DONE:%s" % (file_to_encrypt)
def assymmetric_encrypt(val, public_key): modulusDecoded = long(public_key["n"], 16) exponentDecoded = long(public_key["e"], 16) keyPub = RSA.construct((modulusDecoded, exponentDecoded)) # Generate a cypher using the PKCS1.5 standard cipher = PKCS1_v1_5.new(keyPub) return cipher.encrypt(val)
def get_encrypted_password(password, rsa_mod, pub_exp): """ Encrypts a Steam password for web login using RSA with PKCS1_v1_5. Returns the base64 encoded ciphertext since that's what Steam's login endpoint wants. """ public_key = RSA.construct((rsa_mod, pub_exp)) cipher = PKCS1_v1_5.new(public_key) ciphertext = cipher.encrypt(bytes(password, 'utf_8')) return base64.b64encode(ciphertext)
def __init__(self, user, password): # Generate an RSA key self.rsa_full = RSA.generate(2048) self.cipher_full = PKCS1_v1_5.new(self.rsa_full) self._content_type_json = 'application/json; charset=utf-8' self._login_stage = ['email', 'twocfactor', 'captcha'] self._steamid = str(random_number(17)) # Register URIs httpretty.register_uri(httpretty.POST, 'https://steamcommunity.com/mobilelogin/getrsakey/', body=json.dumps({ 'success': True, 'publickey_mod': format(self.rsa_full.n, 'x').upper(), 'publickey_exp': format(self.rsa_full.e, 'x').upper(), 'timestamp': '64861350000', # TODO don't know how this is constructed }), content_type=self._content_type_json) httpretty.register_uri(httpretty.POST, 'https://steamcommunity.com/mobilelogin/dologin/', body=self.generate_dologin_response) httpretty.register_uri(httpretty.GET, 'https://steamcommunity.com/public/captcha.php', body=self.generate_captcha_response, adding_headers={ 'Set-Cookie': 'sessionid=%s; path=/' % ( random_ascii_string(24), ), }) httpretty.register_uri(httpretty.POST, 'https://steamcommunity.com/login/transfer', body='Success', status=200) super(SteamWebBrowserMocked, self).__init__(user, password)
def decrypt(self, ciphertext, key, padding="pkcs1_padding"): if padding == "pkcs1_padding": cipher = PKCS1_v1_5.new(key) if self.with_digest: dsize = SHA.digest_size else: dsize = 0 sentinel = Random.new().read(32+dsize) text = cipher.decrypt(ciphertext, sentinel) if dsize: _digest = text[-dsize:] _msg = text[:-dsize] digest = SHA.new(_msg).digest() if digest == _digest: text = _msg else: raise DecryptionFailed() else: if text == sentinel: raise DecryptionFailed() elif padding == "pkcs1_oaep_padding": cipher = PKCS1_OAEP.new(key) text = cipher.decrypt(ciphertext) else: raise Exception("Unsupported padding") return text
def __init__(self, data, ignoreDigestErrors=False): data = data[:512] self.PublicKeyId = hexpad(bigEndian(binaryToByteArray(data[0:16])), 32) self.DataLength = struct.unpack('B', data[16])[0] if self.DataLength != 128: raise Exception("Got an unexpected Data Length from the MixHeader:", self.DataLength) self.TDESKey = data[17:145] self.IV = data[145:153] self.EncHeader = data[153:481] self.Padding = data[481:512] self.TDESKey_Decrypted = 0 ks = getKeyStore() privKey = ks.getPrivateKey(self.PublicKeyId) if not privKey: raise Exception("Could not decrypt MixHeader, Private Key for " + self.PublicKeyId + " not found in keystore: " + str(ks.listPrivateKeys())) rsa = PKCS1_v1_5.new(privKey.getPCPrivateKey()) self.TDESKey_Decrypted = rsa.decrypt(self.TDESKey, "This is most certainly not the key") if self.TDESKey_Decrypted == "This is most certainly not the key": raise Exception("Could not decrypt MixHeader Encrypted Header") des = DES3.new(self.TDESKey_Decrypted, DES3.MODE_CBC, IV=self.IV) self.EncHeader_Decrypted = des.decrypt(self.EncHeader) self.DecryptedHeader = EncryptedMixHeader(self.EncHeader_Decrypted, ignoreDigestErrors)
def encrypt(self, msg, pubKeyStr): ''' Encrypt a message ''' # prepare for AES aes_rand = Random.new().read(32) aes_iv_rand = Random.new().read(AES.block_size) aes_key = AES.new(aes_rand,AES.MODE_CBC,aes_iv_rand) pre_msg = str(json.dumps(msg)) # Pad the msg length = 16 - (len(pre_msg) % 16) # Now encrypt AES aes_msg = aes_key.encrypt(str.encode(pre_msg) + bytes([length])*length) # Prepare PKCS1 1.5 Cipher pubKey = RSA.importKey(pubKeyStr) cipher = PKCS1_v1_5.new(pubKey) # encrypt RSA rsa_aes_key = cipher.encrypt(aes_rand) rsa_aes_iv = cipher.encrypt(aes_iv_rand) combined = rsa_aes_key + rsa_aes_iv + aes_msg b64out = base64.b64encode(combined) return b64out.decode()
def packet_decrypt(self, packet): """Unpack a received Mixmaster email message header. The spec calls for 512 Bytes, of which the last 31 are padding. Public key ID [ 16 bytes] Length of RSA-encrypted data [ 1 byte ] RSA-encrypted session key [ 128 bytes] Initialization vector [ 8 bytes] Encrypted header part [ 328 bytes] Padding [ 31 bytes] """ # Unpack the header components. This includes the 328 Byte # encrypted component. (keyid, datalen, sesskey, iv, enc, pad) = struct.unpack('@16sB128s8s328s31s', packet.encheads[0]) if not len(sesskey) == datalen: raise ValidationError("Incorrect session key size") keyid = keyid.encode("hex") log.debug("Message is encrypted to key: %s", keyid) # Use the session key to decrypt the 3DES Symmetric key seckey = self.secring[keyid] if seckey is None: raise ValidationError("Secret Key not found") pkcs1 = PKCS1_v1_5.new(seckey) deskey = pkcs1.decrypt(sesskey, "Failed") # Process the 328 Bytes of encrypted header using our newly discovered # 3DES key obtained from the pkcs1 decryption. desobj = DES3.new(deskey, DES3.MODE_CBC, IV=iv) packet.set_dhead(desobj.decrypt(enc))
def test_validate_register(self): self.assertEquals( 0, len(BlogUser.objects.filter(email='*****@*****.**'))) response = self.client.post( reverse('account:register'), { 'username': '******', 'email': '*****@*****.**', 'password1': 'password123!q@wE#R$T', 'password2': 'password123!q@wE#R$T', }) self.assertEquals( 1, len(BlogUser.objects.filter(email='*****@*****.**'))) user = BlogUser.objects.filter(email='*****@*****.**')[0] sign = get_md5(get_md5(settings.SECRET_KEY + str(user.id))) path = reverse('accounts:result') url = '{path}?type=validation&id={id}&sign={sign}'.format(path=path, id=user.id, sign=sign) response = self.client.get(url) self.assertEqual(response.status_code, 200) self.client.login(username='******', password='******') user = BlogUser.objects.filter(email='*****@*****.**')[0] user.is_superuser = True user.is_staff = True user.save() delete_sidebar_cache(user.username) category = Category() category.name = "categoryaaa" category.created_time = datetime.datetime.now() category.last_mod_time = datetime.datetime.now() category.save() article = Article() article.category = category article.title = "nicetitle333" article.body = "nicecontentttt" article.author = user article.type = 'a' article.status = 'p' article.save() response = self.client.get(article.get_admin_url()) self.assertEqual(response.status_code, 200) response = self.client.get(reverse('account:logout')) self.assertIn(response.status_code, [301, 302, 200]) response = self.client.get(article.get_admin_url()) self.assertIn(response.status_code, [301, 302, 200]) response = self.client.get(reverse('account:login')) self.assertEqual(response.status_code, 200) pub_key = response.context['form'].initial['pub_key'] pubobj = Cipher_pkcs1_v1_5.new(RSA.importKey(pub_key)) pw = base64.b64encode(pubobj.encrypt('qwer!@#$ggg'.encode())) response = self.client.post( reverse('account:login'), { 'username': '******', 'password': pw.decode(), 'pub_key': pub_key }) self.assertIn(response.status_code, [301, 302, 200]) response = self.client.get(article.get_admin_url()) self.assertIn(response.status_code, [301, 302, 200])
def rsa_decrypt(input_string, private_key): input_bytes = base64.b64decode(input_string) rsa_key = RSA.importKey("-----BEGIN RSA PRIVATE KEY-----\n" + private_key + "\n-----END RSA PRIVATE KEY-----") cipher = PKCS1_v1_5.new(rsa_key) # noinspection PyArgumentList return str(cipher.decrypt(input_bytes, Random.new().read), 'utf-8')
def rsa_encode(text, public_key): key = RSA.importKey(b64decode(public_key)) cipher = PKCS1_v1_5.new(key) return b64encode(cipher.encrypt(text.encode(encoding='utf-8'))).decode('utf-8')
import rsa random_generator=Random.new().read file="secret.txt" c="" with open(file,"rb") as f: cipher=f.read() instr=base64.b64decode(cipher) print(instr) #instr=str(binascii.b2a_hex(instr),'utf-8') file="rsa_private_key.pem" default_length=117 with open(file,"rb") as f: line=f.read() rsaKey=RSA.importKey(line) decryptor=PKCS1_v1_5.new(rsaKey) privkey = rsa.PrivateKey.load_pkcs1(line) #encrypted_byte=base64.b64decode(cipher.encode()) '''length=len(encrypted_byte) if length < default_length: decrypt_byte = decryptor.decrypt(encrypted_byte, 'failure') else: offset = 0 res = [] while length - offset > 0: if length - offset > default_length: res.append(decryptor.decrypt(encrypted_byte[offset: offset + default_length], 'failure')) else: res.append(decryptor.decrypt(encrypted_byte[offset:], 'failure')) offset += default_length decrypt_byte = b''.join(res)
def rsaDecrypt(m, rsa_private_key): rsakey = RSA.importKey(rsa_private_key.encode()) cipher = Cipher_pkcs1_v1_5.new(rsakey) text = cipher.decrypt(base64.b64decode(m), None) c = text.decode('utf8') return eval(c)
def testEncrypt2(self): # Verify that encryption fail if plaintext is too long pt = '\x00' * (128 - 11 + 1) cipher = PKCS.new(self.key1024) self.assertRaises(ValueError, cipher.encrypt, pt)
def encode(self, str): cipher = PKCS1_v1_5.new(self.public_key) return base64.encodebytes(cipher.encrypt(str))
def decode(self, decode_str): cipher = PKCS1_v1_5.new(self.private_key) return cipher.decrypt(base64.b64decode(decode_str), random_generator)
# coding=utf-8 import json import base64 import requests from . import constants, exceptions from Crypto.Cipher import PKCS1_v1_5 from Crypto.PublicKey import RSA # TODO change this later. Currently kushki uses PKCS1 both in php and this implementation (they should use OAEP). # TODO masking with MGF1 and hashing with SHA1 will be used for PHP if the constant changes to OAEP setting. encrypter = PKCS1_v1_5.new(RSA.importKey(constants.KUSHKI_PUBLIC_KEY)) class Request(object): """ Abstraccion para realizar una peticion al servidor de Kushki. """ def __init__(self, url, params, content_type=constants.CONTENT_TYPE): self._url = url self._params = params self._content_type = content_type url = property(lambda self: self._url) params = property(lambda self: self._params) content_type = property(lambda self: self._content_type) def param(self, param_name): """ Obtiene un parametro de la request. :param param_name: nombre del parametro a obtener. :return:
for cookie in r.headers['Set-Cookie'].split(';'): s = cookie.split('=') cookies[s[0]] = s[1] if len(s) == 2 else None return cookies r = requests.post(get_token_url) if r.status_code != 200: raise Exception("Can not get Token") public_key = json.loads(r.content)['data']['public_key'] public_key = "-----BEGIN PUBLIC KEY-----\n%s\n-----END PUBLIC KEY-----" % public_key print "Get public key:\n", public_key rsakey = RSA.importKey(public_key) cipher = PKCS1_v1_5.new(rsakey) password_encrypted = base64.b64encode(cipher.encrypt(password)) form = { 'username': username, 'password': password_encrypted, } print "Request Form:\n", form cookies = get_cookie(r) r = requests.post(login_url, form, cookies=cookies) print r.status_code, r.reason #, r.content if r.status_code != 200: raise Exception("Can not login") ret_url = json.loads(r.content)['data']['retUrl']
def rsa(src): rsakey = RSA.construct((int(define.__LOGIN_RSA_VER158_KEY_N__, 16), define.__LOGIN_RSA_VER158_KEY_E__)) cipher = Cipher_pkcs1_v1_5.new(rsakey) encrypt_buf = cipher.encrypt(src) return encrypt_buf
def testMemoryview(self): pt = b"XER" cipher = PKCS.new(self.key1024) ct = cipher.encrypt(memoryview(bytearray(pt))) pt2 = cipher.decrypt(memoryview(bytearray(ct)), b'\xFF' * len(pt)) self.assertEqual(pt, pt2)
def check_pay(request): '''获取用户支付的结果''' # receive data from bank server_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) server_socket.bind(('0.0.0.0', 8080)) server_socket.listen(5) print("server is ready:") while True: print("-------") tmp_socket, CLIENT_ADDR = server_socket.accept() sleep(1) try: msg = tmp_socket.recv(2048) print(msg) break except Exception as e: continue # connect to bank # sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) # sock.settimeout(1) # print('ss') msg_list = msg.split('&&') if len(msg_list) != 3: if send_to_bank(tmp_socket, 'NO'): return JsonResponse({'res': 7, 'errmsg': '银行网络错误'}) return JsonResponse({'res': 0, 'errmsg': '订单格式错误'}) # Ek(key), iv, cipher text k = RSA.importKey(settings.PRIKEY) cipher = PKCS1_v1_5.new(k) key = cipher.decrypt(base64.b64decode(msg_list[0]), None) iv = base64.b64decode(msg_list[1]) plaintext = msg_list[2].decode('hex') cipher = AES.new(key, AES.MODE_CBC, iv) pt = unpad(cipher.decrypt(plaintext), 16) # verify infomation try: tmp = pt.split("&&", 2) except: if send_to_bank(tmp_socket, 'NO'): return JsonResponse({'res': 7, 'errmsg': '银行网络错误'}) return JsonResponse({'res': 0, 'errmsg': '订单格式错误'}) OI = urllib.unquote(tmp[0]) PI_hash = tmp[1] DS = tmp[2] # print("DS:"+DS) try: OI_info = OI.split("AAAAA", 3) except: if send_to_bank(tmp_socket, 'NO'): return JsonResponse({'res': 7, 'errmsg': '银行网络错误'}) return JsonResponse({'res': 0, 'errmsg': '订单格式错误'}) order_id = OI_info[1] # print(order_id) # 数据校验 if not order_id: if send_to_bank(tmp_socket, 'NO'): return JsonResponse({'res': 7, 'errmsg': '银行网络错误'}) return JsonResponse({'res': 1, 'errmsg': '订单不存在'}) try: order = OrderInfo.objects.get(order_id=order_id, status=1, pay_method=1) # secret payment except OrderInfo.DoesNotExist: if send_to_bank(tmp_socket, 'NO'): return JsonResponse({'res': 7, 'errmsg': '银行网络错误'}) return JsonResponse({'res': 2, 'errmsg': '订单信息出错'}) # verify DS sh = sha256() try: sh.update(base64.b64encode(OI)) except Exception as e: if send_to_bank(tmp_socket, 'NO'): return JsonResponse({'res': 7, 'errmsg': '银行网络错误'}) return JsonResponse({'res': 5, 'errmsg': '编码错误'}) OI_hash = sh.hexdigest() # print("OI_hash:"+OI_hash) # plaintext m = sha256(OI_hash+PI_hash) # print("PI_hash:" + PI_hash) sh = sha256() sh.update(OI_hash + PI_hash) m = sh.hexdigest() # print(m) # get user PUBkey a = Passport.objects.get_passport_by_id(request.session['passport_id']) pKey = str(a.pubkey) pKey = pKey.replace('\\n', '\n') try: if not my_verify(m, DS, pKey): if send_to_bank(tmp_socket, 'NO'): return JsonResponse({'res': 7, 'errmsg': '银行网络错误'}) return JsonResponse({'res': 6, 'errmsg': '签名错误'}) except Exception as e: print(e) # after verify, listen to bank, watch if paid print("suc") # back_url = "http://localhost:8000/user/order/" send_to_bank(tmp_socket, 'YES') # return JsonResponse({'res': 3, 'errmsg': '支付成功'}) while True: print("-------") sleep(1) try: msg = tmp_socket.recv(2048) print(msg) if msg == '10000': return JsonResponse({'res': 7, 'errmsg': '银行验证出错'}) elif msg == '20000': print('aaa') return JsonResponse({'res': 3, 'errmsg': '支付成功', 'data': DS}) else: return JsonResponse({'res': 4, 'errmsg': '支付出错'}) except Exception as e: return JsonResponse({'res': 7, 'errmsg': '银行网络错误'})
def make_message(pwd): rsakey = RSA.importKey(public_key) cipher = Cipher_pkcs1_v1_5.new(rsakey) cipher_text = base64.b64encode(cipher.encrypt(pwd.encode(encoding="utf-8"))) return cipher_text.decode('utf8')
def testByteArray(self): pt = b"XER" cipher = PKCS.new(self.key1024) ct = cipher.encrypt(bytearray(pt)) pt2 = cipher.decrypt(bytearray(ct), '\xFF' * len(pt)) self.assertEqual(pt, pt2)
def _encrypt_pwd(self, public_key): rsa_key = RSA.importKey(public_key) encryptor = Cipher_pkcs1_v1_5.new(rsa_key) cipher = b64encode(encryptor.encrypt(self.password.encode('utf-8'))) return cipher.decode('utf-8')
def rsa_decode(cipher_text, private_key): rsakey = RSA.importKey(private_key) # 导入读取到的私钥 cipher = PKCS1_v1_5.new(rsakey) # 生成对象 # 将密文解密成明文,返回的是一个bytes类型数据,需要自己转换成str text = cipher.decrypt(base64.b64decode(cipher_text), "ERROR") return text.decode()
def Encrypt(self, message): cipher_rsa = PKCS1_v1_5.new(self.public_key) ciphertext = cipher_rsa.encrypt(message) return ciphertext
def get_crypt_password(private_key, password): rsa = RSA.importKey(private_key) cipher = PKCS1_v1_5.new(rsa) ciphertext = encrypt(password, cipher) return ciphertext
def encrypt_by_public_key(publickey, message): byte = PKCS1_v1_5.new(RSA.importKey(base64.b64decode(publickey))).encrypt( message.encode(encoding="utf8")) return base64.b64encode(byte).decode(encoding="utf8")
def rsaCrypto(adict, rsa_public_key): rsakey = RSA.importKey(rsa_public_key.encode()) cipher = Cipher_pkcs1_v1_5.new(rsakey) cipher_text = base64.b64encode(cipher.encrypt(str(adict).encode())) return cipher_text.decode('utf8')
def encrypt_pwd(password, public_key=RSA_PUBLIC_KEY): rsa_key = RSA.importKey(public_key) encryptor = Cipher_pkcs1_v1_5.new(rsa_key) cipher = b64encode(encryptor.encrypt(password.encode('utf-8'))) return cipher.decode('utf-8')
def encode(self,pub_key,msg): rsakey = RSA.importKey(pub_key) cipher = Cipher_pkcs1_v1_5.new(rsakey) cipher_text = base64.b64encode(cipher.encrypt(msg)) return cipher_text
def asymm_encrypt(text, pub_key): key = RSA.importKey(pub_key) cipherText = Cipher_pkcs1_v1_5.new(key).encrypt(text) return cipherText
print 'received=', repr(ok_pubkey4) if not ok_pubkey4: raise Exception('failed to set the RSA key') print 'Assert that the received public N match the one generated locally' print 'Local Public N=', repr(public_n) ok_pubkey = ok_pubkey1 + ok_pubkey2 + ok_pubkey3 + ok_pubkey4 assert ok_pubkey == public_n print 'Ok, public N matches' print message = 'Secret message' #h = SHA.new(message) cipher = PKCS1_v1_5.new(key) ciphertext = cipher.encrypt(message) #hex_enc_data = bin2hex(enc_data) print 'encrypted payload = ', repr(ciphertext) print # Compute the challenge pin h = hashlib.sha256() h.update(ciphertext) d = h.digest() assert len(d) == 32 def get_button(byte):
def asymm_decrypt(ciphertext, priv_key): rg = Random.new().read key = RSA.importKey(priv_key) text = Cipher_pkcs1_v1_5.new(key).decrypt(ciphertext, rg) return text
def encrypt(message): h = SHA.new(message) cipher = PKCS1_v1_5.new(key) ciphertext = cipher.encrypt(message + h.digest()) return ciphertext
except: print("Cannot import public key.") support.put_exception("import key") hand.client(["quit"]) hand.close() sys.exit(0) #if conf.pgdebug > 1: print("Got pub key", hand.pubkey, "size =", hand.pubkey.size()) # Generate communication key conf.sess_key = Random.new().read(512) sss = SHA512.new() sss.update(conf.sess_key) cipher = PKCS1_v1_5.new(hand.pubkey) #print ("cipher", cipher.can_encrypt()) if conf.pgdebug > 2: support.shortdump("conf.sess_key", conf.sess_key) sess_keyx = cipher.encrypt(conf.sess_key) ttt = SHA512.new() ttt.update(sess_keyx) if conf.pgdebug > 2: support.shortdump("sess_keyx", sess_keyx) #print("Key Hexdigest", ttt.hexdigest()[:16]) #resp3 = hand.client(["sess",], "", False) 3 error responses
def __init__(self, data_folder, config): self.data_folder = data_folder self.data_folder_bn = data_folder.replace('/', '').replace( '\\', '').replace('.', '').replace(' ', '') self.key_bn = os.path.join(data_folder, self.data_folder_bn) self.RSA_KEY_SIZE = config['SSL_KEY_LENGTH'] print "RSA_KEY_SIZE", self.RSA_KEY_SIZE self.rsa_private_key_file_name = '%s_rsa_%d_priv.pem' % ( self.key_bn, self.RSA_KEY_SIZE) self.rsa_public_key_file_name2 = '%s_rsa_%d_pub.pem' % ( self.key_bn, self.RSA_KEY_SIZE) self.rsa_public_key_file_name3 = os.path.join( dir_path, "templates", '%s_rsa_%d_pub.pem' % (self.data_folder_bn, self.RSA_KEY_SIZE)) self.rsa_public_key_file_name = '%s_rsa_%d_pub.pem' % ( self.data_folder_bn, self.RSA_KEY_SIZE) print "rsa private key file name ", self.rsa_private_key_file_name print "rsa public key file name full", self.rsa_public_key_file_name2 print "rsa public key file name bkp ", self.rsa_public_key_file_name3 print "rsa public key file name temp", self.rsa_public_key_file_name if (not os.path.exists(self.rsa_private_key_file_name)) or ( not os.path.exists(self.rsa_public_key_file_name2)): print "one of the ssl keys is missing. deleting" if (os.path.exists(self.rsa_private_key_file_name)): print "ssl key % exists. deleting" % self.rsa_private_key_file_name os.remove(self.rsa_private_key_file_name) if (os.path.exists(self.rsa_public_key_file_name2)): print "ssl key %s exists. deleting" % self.rsa_public_key_file_name2 os.remove(self.rsa_public_key_file_name2) print "PUBLIC KEY %s OR PRIVATE KEY %s DOES NOT EXISTS. CREATING" % ( self.rsa_private_key_file_name, self.rsa_public_key_file_name2) #(pubkey, privkey) = rsa.newkeys(RSA_KEY_SIZE, accurate=True, poolsize=1) #open(rsa_public_key_file_name , 'w').write( pubkey.save_pkcs1() ) #open(rsa_private_key_file_name, 'w').write( privkey.save_pkcs1() ) self.privkey = RSA.generate(self.RSA_KEY_SIZE) self.pubkey = self.privkey.publickey() open(self.rsa_public_key_file_name2, 'w').write(self.pubkey.exportKey('PEM')) open(self.rsa_private_key_file_name, 'w').write(self.privkey.exportKey('PEM')) print "saved public and private keys" if (os.path.exists(self.rsa_public_key_file_name3)): print "ssl key %s exists. deleting" % self.rsa_public_key_file_name3 os.remove(self.rsa_public_key_file_name3) shutil.copy2(self.rsa_public_key_file_name2, self.rsa_public_key_file_name3) self.rsa_private_key = RSA.importKey( open(self.rsa_private_key_file_name, 'r').read()) self.rsa_public_key = RSA.importKey( open(self.rsa_public_key_file_name2, 'r').read()) self.enc_cipher = PKCS1_v1_5.new(self.rsa_public_key) self.dec_cipher = PKCS1_v1_5.new(self.rsa_private_key) print "encryption test" message = "test" encmess = self.encrypter(message) decmess = self.decrypter(encmess) print "message ", message print "encmess ", encmess print "decmess ", decmess assert message == decmess, "decrypted message %s does not match original message %s" % ( decmess, message)
#!/usr/local/bin/python3 plaintext = b'Attack at dawn' from Crypto.PublicKey import RSA # generate pair of keys (and export them) rsa_key = RSA.generate(2048) privkey = rsa_key.exportKey(pkcs=8) pubkey = rsa_key.publickey().export_key() from Crypto.Cipher import PKCS1_v1_5 # encryption k = RSA.importKey(pubkey) cipher = PKCS1_v1_5.new(k) ciphertext = cipher.encrypt(plaintext) print(ciphertext) # decryption k = RSA.importKey(privkey) cipher = PKCS1_v1_5.new(k) d = cipher.decrypt(ciphertext, "thisisarandomsentinelmessage") print(d) from Crypto.Signature import PKCS1_v1_5 from Crypto.Hash import SHA256 # signature k = RSA.importKey(privkey) signer = PKCS1_v1_5.new(k)