def generateRSAkeypair():
'''
Generates a pair of 1024bit RSA public and private keys , returns a
65537 is a standard value used for RSA encryption, a known prime that is efficient for binary computations
'''
rsakeypair = RSA.gen_key(1024, 65537, empty_callback)
return rsakeypair
def fetchBulkKey(self, label):
"""Given a bulk key label, pull the key down from the network,
and decrypt it using my private key. Then store the key
into self storage for later decrypt operations."""
# Do we have the key already?
if label in self.bulkKeys:
return
logging.debug("Fetching encrypted bulk key from %s" % label)
# Note that we do not currently support any authentication model for bulk key
# retrieval other than the usual weave username-password pair. To support
# distributed key models for the more advanced sharing scenarios, we will need
# to revisit that.
keyData = self.ctx.http_get(label)
keyPayload = json.loads(keyData['payload'])
bulkIV = base64.decodestring(keyPayload['bulkIV'])
keyRing = keyPayload['keyring']
# In a future world where we have sharing, the keys of the keyring dictionary will
# define public key domains for the symmetric bulk keys stored on the ring.
# Right now, the first item is always the pubkey of a user, and we just grab the first value.
# We should really make sure that the key we have here matches the private key
# we're using to unwrap, or none of this makes sense.
# Now, using the user's private key, we will unwrap the symmetric key.
encryptedBulkKey = base64.decodestring(keyRing.items()[0][1])
# This is analogous to this openssl command-line invocation:
# openssl rsautl -decrypt -keyform DER -inkey privkey.der -in wrapped_symkey.dat -out unwrapped_symkey.dat
#
# ... except that M2Crypto doesn't have an API for DER importing,
# so we have to PEM-encode the key (with base64 and header/footer blocks).
# So what we're actually doing is:
#
# openssl rsautl -decrypt -keyform PEM -inkey privkey.pem -in wrapped_symkey.dat -out unwrapped_symkey.dat
logging.debug("Decrypting encrypted bulk key %s" % label)
pemEncoded = "-----BEGIN RSA PRIVATE KEY-----\n"
pemEncoded += base64.encodestring(self.privateKey)
pemEncoded += "-----END RSA PRIVATE KEY-----\n"
# Create an EVP, extract the RSA key from it, and do the decrypt
evp = load_key_string(pemEncoded)
rsa = M2Crypto.m2.pkey_get1_rsa(evp.pkey)
rsaObj = RSA.RSA(rsa)
unwrappedSymKey = rsaObj.private_decrypt(encryptedBulkKey,
RSA.pkcs1_padding)
# And save it for later use
self.bulkKeys[label] = unwrappedSymKey
self.bulkKeyIVs[label] = bulkIV
logging.debug("Succesfully decrypted bulk key from %s" % label)
def load_public_rsakey_from_b64string(keyinbase64):
'''
Converts an rsa public key from base64 and loads it into a rsakey object
the resulting rsakey object can be used with rsakey.public_encrypt or public_decrypt
input keyinbase64 : string containing the key in base64, return of the last object
returns : rsakey onject with the public key part loaded
'''
# decoded the string from base64
keyinbase64 = b64decode(keyinbase64)
# make a memory buffer
pubkey_buffer = BIO.MemoryBuffer(keyinbase64)
# load it into an rsakey object
rsakey = RSA.load_pub_key_bio(pubkey_buffer)
# return rsakey
return rsakey
