def generateKeyPair(self, keyName, params): """ Generate a pair of asymmetric keys. :param Name keyName: The name of the key pair. :param KeyParams params: The parameters of the key. """ if self.doesKeyExist(keyName, KeyClass.PUBLIC): raise SecurityException("Public key already exists") if self.doesKeyExist(keyName, KeyClass.PRIVATE): raise SecurityException("Private key already exists") try: privateKey = TpmPrivateKey.generatePrivateKey(params) privateKeyDer = privateKey.toPkcs8().toBytes() publicKeyDer = privateKey.derivePublicKey().toBytes() except Exception as ex: raise SecurityException("Error in generatePrivateKey: " + str(ex)) keyUri = keyName.toUri() keyFilePathNoExtension = self.maintainMapping(keyUri) publicKeyFilePath = keyFilePathNoExtension + ".pub" privateKeyFilePath = keyFilePathNoExtension + ".pri" with open(publicKeyFilePath, 'w') as keyFile: keyFile.write(Common.base64Encode(publicKeyDer, True)) with open(privateKeyFilePath, 'w') as keyFile: keyFile.write(Common.base64Encode(privateKeyDer, True)) os.chmod(publicKeyFilePath, stat.S_IRUSR | stat.S_IRGRP | stat.S_IROTH) os.chmod(privateKeyFilePath, stat.S_IRUSR)
def generateKeyPair(self, keyName, params): """ Generate a pair of asymmetric keys. :param Name keyName: The name of the key pair. :param KeyParams params: The parameters of the key. """ if self.doesKeyExist(keyName, KeyClass.PUBLIC): raise SecurityException("Public key already exists") if self.doesKeyExist(keyName, KeyClass.PRIVATE): raise SecurityException("Private key already exists") try: privateKey = TpmPrivateKey.generatePrivateKey(params) privateKeyDer = privateKey.toPkcs8().toBytes() publicKeyDer = privateKey.derivePublicKey().toBytes() except Exception as ex: raise SecurityException("Error in generatePrivateKey: " + str(ex)) keyUri = keyName.toUri() keyFilePathNoExtension = self.maintainMapping(keyUri) publicKeyFilePath = keyFilePathNoExtension + ".pub" privateKeyFilePath = keyFilePathNoExtension + ".pri" with open(publicKeyFilePath, 'w') as keyFile: keyFile.write(Common.base64Encode(publicKeyDer, True)) with open(privateKeyFilePath, 'w') as keyFile: keyFile.write(Common.base64Encode(privateKeyDer, True)) os.chmod(publicKeyFilePath, stat.S_IRUSR | stat.S_IRGRP | stat.S_IROTH) os.chmod(privateKeyFilePath, stat.S_IRUSR)
def test_generate_key(self): for dataSet in self.keyTestData: key = TpmPrivateKey.generatePrivateKey(dataSet.keyParams) publicKeyBits = key.derivePublicKey() publicKey = PublicKey(publicKeyBits) data = Blob([0x01, 0x02, 0x03, 0x04]) # Sign and verify. signature = key.sign(data.toBytes(), DigestAlgorithm.SHA256) result = VerificationHelpers.verifySignature( data, signature, publicKey) self.assertTrue(result) # Check that another generated private key is different. key2 = TpmPrivateKey.generatePrivateKey(dataSet.keyParams) self.assertTrue(not key.toPkcs8().equals(key2.toPkcs8()))
def test_generate_key(self): for dataSet in self.keyTestData: key = TpmPrivateKey.generatePrivateKey(dataSet.keyParams) publicKeyBits = key.derivePublicKey() publicKey = PublicKey(publicKeyBits) data = Blob([0x01, 0x02, 0x03, 0x04]) # Sign and verify. signature = key.sign(data.toBytes(), DigestAlgorithm.SHA256) result = VerificationHelpers.verifySignature( data, signature, publicKey) self.assertTrue(result) # Check that another generated private key is different. key2 = TpmPrivateKey.generatePrivateKey(dataSet.keyParams) self.assertTrue(not key.toPkcs8().equals(key2.toPkcs8()))
def generateKey(params): """ Generate a new random decrypt key for RSA based on the given params. :param RsaKeyParams params: The key params with the key size (in bits). :return: The new decrypt key (PKCS8-encoded private key). :rtype: DecryptKey """ privateKey = TpmPrivateKey.generatePrivateKey(params) return DecryptKey(privateKey.toPkcs8())
def test_generate_key(self): for dataSet in self.keyTestData: key = TpmPrivateKey.generatePrivateKey(dataSet.keyParams) publicKeyBits = key.derivePublicKey() publicKey = PublicKey(publicKeyBits) data = Blob([0x01, 0x02, 0x03, 0x04]) # Sign and verify. signature = key.sign(data.toBytes(), DigestAlgorithm.SHA256) # TODO: Move verify into PublicKey? if dataSet.keyParams.getKeyType() == KeyType.ECDSA: cryptoPublicKey = load_der_public_key( publicKeyBits.toBytes(), backend = default_backend()) verifier = cryptoPublicKey.verifier( signature.toBytes(), ec.ECDSA(hashes.SHA256())) verifier.update(data.toBytes()) try: verifier.verify() result = True except InvalidSignature: result = False elif dataSet.keyParams.getKeyType() == KeyType.RSA: cryptoPublicKey = load_der_public_key( publicKeyBits.toBytes(), backend = default_backend()) verifier = cryptoPublicKey.verifier( signature.toBytes(), padding.PKCS1v15(), hashes.SHA256()) verifier.update(data.toBytes()) try: verifier.verify() result = True except InvalidSignature: result = False else: # We don't expect this. self.fail("Unrecognized key type") self.assertTrue(result) # Check that another generated private key is different. key2 = TpmPrivateKey.generatePrivateKey(dataSet.keyParams) self.assertTrue(not key.toPkcs8().equals(key2.toPkcs8()))
def generateKey(params): """ Generate a new random decrypt key for RSA based on the given params. :param RsaKeyParams params: The key params with the key size (in bits). :return: The new decrypt key (PKCS8-encoded private key). :rtype: DecryptKey """ privateKey = TpmPrivateKey.generatePrivateKey(params) return DecryptKey(privateKey.toPkcs8())
def generateKeyPair(self, keyName, params): """ Generate a pair of asymmetric keys. :param Name keyName: The name of the key pair. :param KeyParams params: The parameters of the key. """ privateKey = None try: privateKey = TpmPrivateKey.generatePrivateKey(params) except Exception as ex: raise SecurityException("Error in generatePrivateKey: " + str(ex)) publicKeyDer = None try: publicKeyDer = privateKey.derivePublicKey() except Exception as ex: raise SecurityException("Error in derivePublicKey: " + str(ex)) self._privateKeyStore[keyName.toUri()] = privateKey self._publicKeyStore[keyName.toUri()] = PublicKey(publicKeyDer)
def generateKeyPair(self, keyName, params): """ Generate a pair of asymmetric keys. :param Name keyName: The name of the key pair. :param KeyParams params: The parameters of the key. """ privateKey = None try: privateKey = TpmPrivateKey.generatePrivateKey(params) except Exception as ex: raise SecurityException("Error in generatePrivateKey: " + str(ex)) publicKeyDer = None try: publicKeyDer = privateKey.derivePublicKey() except Exception as ex: raise SecurityException("Error in derivePublicKey: " + str(ex)) self._privateKeyStore[keyName.toUri()] = privateKey self._publicKeyStore[keyName.toUri()] = PublicKey(publicKeyDer)
def _doCreateKey(self, identityName, params): """ Create a key for identityName according to params. The created key is named as: /<identityName>/[keyId]/KEY . The key name is set in the returned TpmKeyHandle. :param Name identityName: The name if the identity. :param KeyParams params: The KeyParams for creating the key. :return: The handle of the created key. :rtype: TpmKeyHandle :raises TpmBackEnd.Error: If the key cannot be created. """ try: key = TpmPrivateKey.generatePrivateKey(params) except Exception as ex: raise TpmBackEndFile.Error( "Error in TpmPrivateKey.generatePrivateKey: " + str(ex)) keyHandle = TpmKeyHandleMemory(key) TpmBackEnd.setKeyName(keyHandle, identityName, params) self._saveKey(keyHandle.getKeyName(), key) return keyHandle
def _doCreateKey(self, identityName, params): """ Create a key for identityName according to params. The created key is named as: /<identityName>/[keyId]/KEY . The key name is set in the returned TpmKeyHandle. :param Name identityName: The name if the identity. :param KeyParams params: The KeyParams for creating the key. :return: The handle of the created key. :rtype: TpmKeyHandle :raises TpmBackEnd.Error: If the key cannot be created. """ try: key = TpmPrivateKey.generatePrivateKey(params) except Exception as ex: raise TpmBackEndFile.Error( "Error in TpmPrivateKey.generatePrivateKey: " + str(ex)) keyHandle = TpmKeyHandleMemory(key) TpmBackEnd.setKeyName(keyHandle, identityName, params) self._saveKey(keyHandle.getKeyName(), key) return keyHandle