def sign(self, data):
"""
Sign some data with this key.
SECSH-TRANS RFC 4253 Section 6.6.
@type data: L{bytes}
@param data: The data to sign.
@rtype: L{bytes}
@return: A signature for the given data.
"""
if self.type() == 'RSA':
signer = self._keyObject.signer(
padding.PKCS1v15(), hashes.SHA1())
signer.update(data)
ret = common.NS(signer.finalize())
elif self.type() == 'DSA':
signer = self._keyObject.signer(hashes.SHA1())
signer.update(data)
signature = signer.finalize()
(r, s) = decode_dss_signature(signature)
# SSH insists that the DSS signature blob be two 160-bit integers
# concatenated together. The sig[0], [1] numbers from obj.sign
# are just numbers, and could be any length from 0 to 160 bits.
# Make sure they are padded out to 160 bits (20 bytes each)
ret = common.NS(int_to_bytes(r, 20) + int_to_bytes(s, 20))
else:
raise BadKeyError("unknown key type %s" % (self.type(),))
return common.NS(self.sshType()) + ret
def sign(self, data):
"""
Sign some data with this key.
SECSH-TRANS RFC 4253 Section 6.6.
@type data: L{bytes}
@param data: The data to sign.
@rtype: L{bytes}
@return: A signature for the given data.
"""
if self.type() == 'RSA':
signer = self._keyObject.signer(padding.PKCS1v15(), hashes.SHA1())
signer.update(data)
ret = common.NS(signer.finalize())
elif self.type() == 'DSA':
signer = self._keyObject.signer(hashes.SHA1())
signer.update(data)
signature = signer.finalize()
(r, s) = decode_dss_signature(signature)
# SSH insists that the DSS signature blob be two 160-bit integers
# concatenated together. The sig[0], [1] numbers from obj.sign
# are just numbers, and could be any length from 0 to 160 bits.
# Make sure they are padded out to 160 bits (20 bytes each)
ret = common.NS(int_to_bytes(r, 20) + int_to_bytes(s, 20))
else:
raise BadKeyError("unknown key type %s" % (self.type(), ))
return common.NS(self.sshType()) + ret
def sign(self, data):
"""
Sign some data with this key.
SECSH-TRANS RFC 4253 Section 6.6.
@type data: L{bytes}
@param data: The data to sign.
@rtype: L{bytes}
@return: A signature for the given data.
"""
keyType = self.type()
if keyType == 'RSA':
sig = self._keyObject.sign(data, padding.PKCS1v15(), hashes.SHA1())
ret = common.NS(sig)
elif keyType == 'DSA':
sig = self._keyObject.sign(data, hashes.SHA1())
(r, s) = decode_dss_signature(sig)
# SSH insists that the DSS signature blob be two 160-bit integers
# concatenated together. The sig[0], [1] numbers from obj.sign
# are just numbers, and could be any length from 0 to 160 bits.
# Make sure they are padded out to 160 bits (20 bytes each)
ret = common.NS(int_to_bytes(r, 20) + int_to_bytes(s, 20))
elif keyType == 'EC': # Pragma: no branch
# Hash size depends on key size
keySize = self.size()
if keySize <= 256:
hashSize = hashes.SHA256()
elif keySize <= 384:
hashSize = hashes.SHA384()
else:
hashSize = hashes.SHA512()
signature = self._keyObject.sign(data, ec.ECDSA(hashSize))
(r, s) = decode_dss_signature(signature)
rb = int_to_bytes(r)
sb = int_to_bytes(s)
# Int_to_bytes returns rb[0] as a str in python2
# and an as int in python3
if type(rb[0]) is str:
rcomp = ord(rb[0])
else:
rcomp = rb[0]
# If the MSB is set, prepend a null byte for correct formatting.
if rcomp & 0x80:
rb = b"\x00" + rb
if type(sb[0]) is str:
scomp = ord(sb[0])
else:
scomp = sb[0]
if scomp & 0x80:
sb = b"\x00" + sb
ret = common.NS(common.NS(rb) + common.NS(sb))
return common.NS(self.sshType()) + ret