def MyRSAdecrypt(RSACipher, C, IV, ext, RSA_Privatekey_filepath): key = private_key.decrypt( #uses private key to decrypt key used for message RSACipher, OAEP(mgf=uno(algorithm=hashes.SHA256()), algorithm=hashes.SHA256(), label=None)) Decryptor(IV, key, ext) #decrypt the message using decrypted key
def wrap_key(self, key, algorithm='RSA'): if algorithm == 'RSA': return self.public_key.encrypt( key, OAEP(mgf=MGF1(algorithm=SHA1()), algorithm=SHA1(), label=None)) raise ValueError(_ERROR_UNKNOWN_KEY_WRAP_ALGORITHM)
def encrypt_bytes(data, keyfile): """ Encrypt data using envelope encryption. """ padder = padding.PKCS7(128).padder() padded_data = padder.update(data) padded_data += padder.finalize() iv = os.urandom(16) symkey = os.urandom(16) pubkey = load_public_key(keyfile) if not pubkey: print("Public Key Not Found.") return cipher = Cipher(algorithms.AES(symkey), modes.CBC(iv), backend=default_backend()) encryptor = cipher.encryptor() ciphertext = encryptor.update(padded_data) encryptor.finalize() cryptkey = pubkey.encrypt( symkey, OAEP(mgf=asym_padding.MGF1(algorithm=SHA256()), algorithm=SHA256(), label=None)) safecipher = base64.b64encode(ciphertext) safekey = base64.b64encode(cryptkey) safeiv = base64.b64encode(iv) package = { "key": safekey.decode('ascii'), "iv": safeiv.decode('ascii'), "cipher": safecipher.decode('ascii') } return package
def encrypt(self, raw): return base64.b64encode( self.public_key.encrypt( raw, OAEP(mgf=MGF1(algorithm=hashes.SHA256()), algorithm=hashes.SHA256(), label=None)))
def encrypt_request(self, serialized_request): padder = self.session_key_padding.padder() serialized_request_padded = padder.update(serialized_request) + padder.finalize() encryptor = self.session_key_cipher.encryptor() serialized_request_ciphertext = encryptor.update(serialized_request_padded) + encryptor.finalize() hasher = Hash(self.digest_algorithm) hasher.update(serialized_request) serialized_request_digest = hasher.finalize() session_key_ciphertext = self.c2_public_key.encrypt( self.session_key, OAEP(MGF1(self.digest_algorithm), self.digest_algorithm, None), ) session_key_ciphertext_size = self.c2_public_key.key_size // 8 serialized_request_digest_size = self.digest_algorithm.digest_size serialized_request_ciphertext_size = len(serialized_request_ciphertext) encrypted_request = struct.pack( '<%ds%ds%ds' % ( session_key_ciphertext_size, serialized_request_digest_size, serialized_request_ciphertext_size ), session_key_ciphertext, serialized_request_digest, serialized_request_ciphertext, ) return encrypted_request
def decrypt_bytes(package, keyfile): """ decrypt data using envelope encryption. """ #unpack the dictionary safekey = package["key"].encode('ascii') safeiv = package["iv"].encode('ascii') safecipher = package["cipher"].encode('ascii') #decode the base64 encoded values ciphertext = base64.b64decode(safecipher) cryptkey = base64.b64decode(safekey) iv = base64.b64decode(safeiv) privkey = load_private_key(keyfile) if not privkey: print("Private Key Not Found") return symkey = privkey.decrypt( cryptkey, OAEP(mgf=asym_padding.MGF1(algorithm=SHA256()), algorithm=SHA256(), label=None)) cipher = Cipher(algorithms.AES(symkey), modes.CBC(iv), backend=default_backend()) decryptor = cipher.decryptor() padded_data = decryptor.update(ciphertext) decryptor.finalize() unpadder = padding.PKCS7(128).unpadder() data = unpadder.update(padded_data) data += unpadder.finalize() return data
def rsa_decrypt(ciphertext, private_key): data = private_key.decrypt(ciphertext=b64decode(ciphertext), padding=OAEP(mgf=MGF1(algorithm=SHA1()), algorithm=SHA1(), label=None)) result = data.decode('UTF-8') return result
def tap_handshake(payload, onion_key): pk_enc = payload[:PK_ENC_LEN] sym_enc = payload[PK_ENC_LEN:TAP_C_HANDSHAKE_LEN] decrypted = onion_key.decrypt(pk_enc, OAEP(MGF1(SHA1()), SHA1(), None)) sym_key = decrypted[:KEY_LEN] dh_first_part = decrypted[KEY_LEN:PK_ENC_LEN] initial_counter = "\x00" * 16 dh_second_part = Cipher( AES(sym_key), modes.CTR(initial_counter), backend=_default_backend).decryptor().update(sym_enc) y = dh_first_part + dh_second_part privkey = DH_PARAM.generate_private_key() shared_key = privkey.exchange( DHPublicNumbers(bytes_to_long(y), DH_PARAM_NUMBERS).public_key(backend=_default_backend)) encoded_privkey = EncodedDHPublicKey(privkey) return (encoded_privkey, kdf_tor(shared_key))
def unwrap_key(self, key, algorithm): if algorithm == 'RSA': return self.private_key.decrypt( key, OAEP(mgf=MGF1(algorithm=SHA1()), algorithm=SHA1(), label=None)) else: raise ValueError(_ERROR_UNKNOWN_KEY_WRAP_ALGORITHM)
class PassportKey: _padding: Final[OAEP] = OAEP(mgf=MGF1(algorithm=SHA1()), algorithm=SHA1(), label=None) def __init__(self, private_key: RSAPrivateKey) -> None: if not isinstance(private_key, RSAPrivateKey): raise RuntimeError('Key is not RSA private key') self._private_key: Final[RSAPrivateKey] = private_key public_key = self._private_key.public_key() public_bytes = public_key.public_bytes( serialization.Encoding.PEM, serialization.PublicFormat.SubjectPublicKeyInfo) self._public_key_pem: Final[str] = public_bytes.decode() @staticmethod def load_der(private_bytes: bytes) -> 'PassportKey': private_key = serialization.load_der_private_key(private_bytes, password=None) return PassportKey(cast(RSAPrivateKey, private_key)) @staticmethod def load_pem(private_text: str) -> 'PassportKey': private_key = serialization.load_pem_private_key(private_text.encode(), password=None) return PassportKey(cast(RSAPrivateKey, private_key)) def decrypt(self, ciphertext: bytes) -> bytes: return self._private_key.decrypt(ciphertext, self._padding) @property def public_key_pem(self) -> str: return self._public_key_pem
def decrypted_secret(self): """ :obj:`str`: Lazily decrypt and return secret. Raises: telegram.TelegramDecryptionError: Decryption failed. Usually due to bad private/public key but can also suggest malformed/tampered data. """ if self._decrypted_secret is None: # Try decrypting according to step 1 at # https://core.telegram.org/passport#decrypting-data # We make sure to base64 decode the secret first. # Telegram says to use OAEP padding so we do that. The Mask Generation Function # is the default for OAEP, the algorithm is the default for PHP which is what # Telegram's backend servers run. try: self._decrypted_secret = self.bot.private_key.decrypt( b64decode(self.secret), OAEP(mgf=MGF1(algorithm=SHA1()), algorithm=SHA1(), label=None)) except ValueError as e: # If decryption fails raise exception raise TelegramDecryptionError(e) return self._decrypted_secret
def decrypted_secret(self) -> str: """ :obj:`str`: Lazily decrypt and return secret. Raises: telegram.error.PassportDecryptionError: Decryption failed. Usually due to bad private/public key but can also suggest malformed/tampered data. """ if self._decrypted_secret is None: if not CRYPTO_INSTALLED: raise RuntimeError( "To use Telegram Passports, PTB must be installed via `pip install " "python-telegram-bot[passport]`." ) # Try decrypting according to step 1 at # https://core.telegram.org/passport#decrypting-data # We make sure to base64 decode the secret first. # Telegram says to use OAEP padding so we do that. The Mask Generation Function # is the default for OAEP, the algorithm is the default for PHP which is what # Telegram's backend servers run. try: self._decrypted_secret = self.get_bot().private_key.decrypt( # type: ignore b64decode(self.secret), OAEP(mgf=MGF1(algorithm=SHA1()), algorithm=SHA1(), label=None), # skipcq ) except ValueError as exception: # If decryption fails raise exception raise PassportDecryptionError(exception) from exception return self._decrypted_secret
def rsa_encrypt(text, certificate): data = text.encode('UTF-8') public_key = certificate.public_key() cipherbyte = public_key.encrypt(plaintext=data, padding=OAEP(mgf=MGF1(algorithm=SHA1()), algorithm=SHA1(), label=None)) return b64encode(cipherbyte).decode('UTF-8')
def decrypt_session_key(self, encrypted_session_key): private_key = self.get_my_private_key_object() decrypted_session_key = private_key.decrypt( encrypted_session_key, OAEP(mgf=MGF1(algorithm=hashes.SHA256()), algorithm=hashes.SHA256(), label=None)) return decrypted_session_key
def encrypt(self, data, hash_alg): """Encrypt a block of data""" try: hash_alg = hashes[hash_alg]() pub_key = self.pyca_key return pub_key.encrypt(data, OAEP(MGF1(hash_alg), hash_alg, None)) except ValueError: return None
def encrypt(self, data, algorithm): """Encrypt a block of data""" try: hash_alg = self.get_hash(algorithm) pub_key = self.pyca_key return pub_key.encrypt(data, OAEP(MGF1(hash_alg), hash_alg, None)) except ValueError: return None
def unwrap_key(self, key, algorithm): if algorithm == 'RSA': return self.private_key.decrypt( key, OAEP( mgf=MGF1(algorithm=SHA1()), # nosec algorithm=SHA1(), # nosec label=None)) raise ValueError('Unknown key wrap algorithm.')
def wrap_key(self, key, algorithm='RSA'): if algorithm == 'RSA': return self.public_key.encrypt( key, OAEP( mgf=MGF1(algorithm=SHA1()), # nosec algorithm=SHA1(), # nosec label=None)) raise ValueError('Unknown key wrap algorithm.')
def MyRSAdecrypt(RSACipher, C, IV, ext, RSA_Privatekey_filepath, tag): key = private_key.decrypt( #uses private key to decrypt key used for message RSACipher, OAEP(mgf=uno(algorithm=hashes.SHA256()), algorithm=hashes.SHA256(), label=None)) EncKey = key[0:32] HMACKey = key[len(EncKey):] Decryptor(IV, EncKey, ext, HMACKey, tag) #decrypt the message using decrypted key
def cipher_repo_public(data): f = open('repositoryCertificate.pem', 'rb') cert = x509.load_pem_x509_certificate(f.read(), default_backend()) pub_k = cert.public_key() ciphered_data = pub_k.encrypt( data, OAEP(mgf=MGF1(algorithm=hashes.SHA256()), algorithm=hashes.SHA256(), label=None)) return ciphered_data
def MyRSAencrypt(filepath, RSA_Publickey_filepath): backend = default_backend() C, IV, key, ext = MyfileEncrypt(filepath) #encrypts message RSACipher = public_key.encrypt( #use RSA encrypt to encrypt the public key key, OAEP(mgf=MGF1(algorithm=hashes.SHA256()), algorithm=hashes.SHA256(), label=None)) return RSACipher, C, IV, ext
def encrypt_session_key(self, public_key_bytes, session_key): public_key = serialization.load_pem_public_key( public_key_bytes, backend=backends.default_backend()) encrypted_session_key = public_key.encrypt( session_key, OAEP(mgf=MGF1(algorithm=hashes.SHA256()), algorithm=hashes.SHA256(), label=None)) return encrypted_session_key
def generate_session_key(hmac_secret=b''): """ :param hmac_secret: optional HMAC :type hmac_secret: :class:`bytes` :return: (session_key, encrypted_session_key) tuple :rtype: :class:`tuple` """ session_key = random_bytes(32) encrypted_session_key = UniverseKey.Public.encrypt(session_key + hmac_secret, OAEP(MGF1(SHA1()), SHA1(), None) ) return (session_key, encrypted_session_key)
def asymmetric_decrypt(ciphertext, private_key): """Asymmetrically decrypt a message""" size = DECRYPTION_BLOCK_SIZE blocks = [ciphertext[i:i + size] for i in range(0, len(ciphertext), size)] plaintext = [] for block in blocks: plaintext.append( private_key.decrypt( block, OAEP(mgf=MGF1(algorithm=SHA1()), algorithm=SHA1(), label=None))) return b''.join(plaintext)
def asymmetric_encrypt(msg, public_key): """Asymmmetrically encrypts a message""" size = ENCRYPTION_BLOCK_SIZE blocks = [msg[i:i + size] for i in range(0, len(msg), size)] ciphertext = [] for block in blocks: ciphertext.append( public_key.encrypt( block, OAEP(mgf=MGF1(algorithm=SHA1()), algorithm=SHA1(), label=None))) return b''.join(ciphertext)
def handshake(self): self.client_A = os.urandom(16) self.client_B = os.urandom(16) encrypted = self.pub_key.encrypt( self.client_A + self.client_B, OAEP(mgf=MGF1(algorithm=hashes.SHA1()), algorithm=hashes.SHA1(), label=None)) req = geocacher_pb2.AuthRequest() req.message_type = 15 req.data = encrypted return self.wrap_packet(req)
def rsa_decrypt(data, rsa_priv_key_bytes): """ When given some `data` and an RSA private key, decrypt the data """ if isinstance(data, text_type): data = data.encode('utf-8') if isinstance(rsa_priv_key_bytes, text_type): rsa_priv_key_bytes = rsa_priv_key_bytes.encode('utf-8') if rsa_priv_key_bytes.startswith(b'-----'): key = serialization.load_pem_private_key(rsa_priv_key_bytes, password=None, backend=default_backend()) else: key = serialization.load_der_private_key(rsa_priv_key_bytes, password=None, backend=default_backend()) return key.decrypt(data, OAEP(MGF1(SHA1()), SHA1(), label=None))
def rsa_encrypt(data, rsa_pub_key_bytes): """ `rsa_pub_key_bytes` is a byte sequence with the public key """ if isinstance(data, text_type): data = data.encode('utf-8') if isinstance(rsa_pub_key_bytes, text_type): rsa_pub_key_bytes = rsa_pub_key_bytes.encode('utf-8') if rsa_pub_key_bytes.startswith(b'-----'): key = serialization.load_pem_public_key(rsa_pub_key_bytes, backend=default_backend()) elif rsa_pub_key_bytes.startswith(b'ssh-rsa '): key = serialization.load_ssh_public_key(rsa_pub_key_bytes, backend=default_backend()) else: key = serialization.load_der_public_key(rsa_pub_key_bytes, backend=default_backend()) return key.encrypt(data, OAEP(MGF1(SHA1()), SHA1(), label=None))
def rsa_decrypt(priv_key, data: bytes) -> bytes: """decrypts rsa encrypted data (from rsa_encrypt) :param priv_key: bytes or a cryptography RSA private key :return: plaintext """ if isinstance(priv_key, bytes): priv_key = serialization.load_pem_private_key( priv_key, password=None, backend=default_backend()) plaintext = priv_key.decrypt( data, OAEP(mgf=MGF1(algorithm=hashes.SHA256()), algorithm=hashes.SHA256(), label=None)) return plaintext
def MyRSAencrypt(filepath, RSA_Publickey_filepath): backend = default_backend() C, IV, EncKey, ext, HMACKey, tag = MyfileEncryptMAC( filepath) #encrypts message with open(RSA_Publickey_filepath, "rb") as key_file: #load public key from file public_key = serialization.load_pem_public_key( key_file.read(), backend=default_backend()) RSACipher = public_key.encrypt( #use RSA encrypt to encrypt the public key EncKey + HMACKey, OAEP(mgf=MGF1(algorithm=hashes.SHA256()), algorithm=hashes.SHA256(), label=None)) return RSACipher, C, IV, ext, tag