def private_key_bytes(private_key: Ed25519PrivateKey) -> bytes: """convert cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PrivateKey into raw bytes""" return private_key.private_bytes( encoding=serialization.Encoding.Raw, format=serialization.PrivateFormat.Raw, encryption_algorithm=serialization.NoEncryption(), )
def encode_private(self, private_key: ed25519.Ed25519PrivateKey, f_priv: _FragList) -> None: """Write Ed25519 private key""" public_key = private_key.public_key() raw_private_key = private_key.private_bytes(Encoding.Raw, PrivateFormat.Raw, NoEncryption()) raw_public_key = public_key.public_bytes(Encoding.Raw, PublicFormat.Raw) f_keypair = _FragList([raw_private_key, raw_public_key]) self.encode_public(public_key, f_priv) f_priv.put_sshstr(f_keypair)
def _get_key_pair(pvk: ed25519.Ed25519PrivateKey, encoding: KeyEncoding) -> typing.Tuple[str, str]: """Maps private key to an encoded key pair. """ pbk = pvk.public_key() # PEM. if encoding == KeyEncoding.PEM: return \ pvk.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.PKCS8, encryption_algorithm=serialization.NoEncryption() ), \ pbk.public_bytes( encoding=serialization.Encoding.PEM, format=serialization.PublicFormat.SubjectPublicKeyInfo ) # Encode -> bytes. pvk = pvk.private_bytes( encoding=serialization.Encoding.Raw, format=serialization.PrivateFormat.Raw, encryption_algorithm=serialization.NoEncryption() ) pbk = pbk.public_bytes( encoding=serialization.Encoding.Raw, format=serialization.PublicFormat.Raw ) # HEX. if encoding == KeyEncoding.HEX: return pvk.hex(), pbk.hex() # BYTES. return pvk, pbk
def _get_key_pair_from_sk( sk: ed25519.Ed25519PrivateKey) -> typing.Tuple[bytes, bytes]: """Returns key pair from a signing key. """ pk = sk.public_key() return \ sk.private_bytes( encoding=serialization.Encoding.Raw, format=serialization.PrivateFormat.Raw, encryption_algorithm=serialization.NoEncryption() ), \ pk.public_bytes( encoding=serialization.Encoding.Raw, format=serialization.PublicFormat.Raw )
def sk_to_curve25519(ed: ed25519.Ed25519PrivateKey) -> x25519.X25519PrivateKey: raw = ed.private_bytes( encoding=serialization.Encoding.Raw, format=serialization.PrivateFormat.Raw, encryption_algorithm=serialization.NoEncryption(), ) # as proposed in https://github.com/pyca/cryptography/issues/5557#issuecomment-739339132 from cryptography.hazmat.primitives import hashes from cryptography.hazmat.backends.openssl.backend import backend hasher = hashes.Hash(hashes.SHA512()) hasher.update(raw) h = bytearray(hasher.finalize()) # curve25519 clamping h[0] &= 248 h[31] &= 127 h[31] |= 64 return backend.x25519_load_private_bytes(h[0:32])
def get_private_key_hex(key: Ed25519PrivateKey) -> str: return key.private_bytes( encoding=serialization.Encoding.Raw, format=serialization.PrivateFormat.Raw, encryption_algorithm=serialization.NoEncryption(), ).hex()