def private_key_bytes(private_key: Ed25519PrivateKey) -> bytes:
"""convert cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PrivateKey into raw bytes"""
return private_key.private_bytes(
encoding=serialization.Encoding.Raw,
format=serialization.PrivateFormat.Raw,
encryption_algorithm=serialization.NoEncryption(),
)
def encode_private(self, private_key: ed25519.Ed25519PrivateKey,
f_priv: _FragList) -> None:
"""Write Ed25519 private key"""
public_key = private_key.public_key()
raw_private_key = private_key.private_bytes(Encoding.Raw,
PrivateFormat.Raw,
NoEncryption())
raw_public_key = public_key.public_bytes(Encoding.Raw,
PublicFormat.Raw)
f_keypair = _FragList([raw_private_key, raw_public_key])
self.encode_public(public_key, f_priv)
f_priv.put_sshstr(f_keypair)
def _get_key_pair(pvk: ed25519.Ed25519PrivateKey, encoding: KeyEncoding) -> typing.Tuple[str, str]:
"""Maps private key to an encoded key pair.
"""
pbk = pvk.public_key()
# PEM.
if encoding == KeyEncoding.PEM:
return \
pvk.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.PKCS8,
encryption_algorithm=serialization.NoEncryption()
), \
pbk.public_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PublicFormat.SubjectPublicKeyInfo
)
# Encode -> bytes.
pvk = pvk.private_bytes(
encoding=serialization.Encoding.Raw,
format=serialization.PrivateFormat.Raw,
encryption_algorithm=serialization.NoEncryption()
)
pbk = pbk.public_bytes(
encoding=serialization.Encoding.Raw,
format=serialization.PublicFormat.Raw
)
# HEX.
if encoding == KeyEncoding.HEX:
return pvk.hex(), pbk.hex()
# BYTES.
return pvk, pbk
def _get_key_pair_from_sk(
sk: ed25519.Ed25519PrivateKey) -> typing.Tuple[bytes, bytes]:
"""Returns key pair from a signing key.
"""
pk = sk.public_key()
return \
sk.private_bytes(
encoding=serialization.Encoding.Raw,
format=serialization.PrivateFormat.Raw,
encryption_algorithm=serialization.NoEncryption()
), \
pk.public_bytes(
encoding=serialization.Encoding.Raw,
format=serialization.PublicFormat.Raw
)
def sk_to_curve25519(ed: ed25519.Ed25519PrivateKey) -> x25519.X25519PrivateKey:
raw = ed.private_bytes(
encoding=serialization.Encoding.Raw,
format=serialization.PrivateFormat.Raw,
encryption_algorithm=serialization.NoEncryption(),
)
# as proposed in https://github.com/pyca/cryptography/issues/5557#issuecomment-739339132
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.backends.openssl.backend import backend
hasher = hashes.Hash(hashes.SHA512())
hasher.update(raw)
h = bytearray(hasher.finalize())
# curve25519 clamping
h[0] &= 248
h[31] &= 127
h[31] |= 64
return backend.x25519_load_private_bytes(h[0:32])
def get_private_key_hex(key: Ed25519PrivateKey) -> str:
return key.private_bytes(
encoding=serialization.Encoding.Raw,
format=serialization.PrivateFormat.Raw,
encryption_algorithm=serialization.NoEncryption(),
).hex()
