def SignKeys(self, client_public_key, server_public_key): signature = self.private_key.sign( (client_public_key + server_public_key), padding.PSS( mgf=padding.MGF1(hashes.SHA256()), salt_length=padding.PSS.MAX_LENGTH), hashes.SHA256()) return signature
def verify_rsa(): # Read the public key. filename = raw_input('Type the PEM file containing the RSA public key: ') with open(filename, 'rb') as f: pubkey_text = f.read() pubkey = serialization.load_pem_public_key(pubkey_text, backend=default_backend()) # Read the file to verify. filename = raw_input('Type the file to verify: ') with open(filename, 'rb') as f: plaintext = f.read() # Read the signature. filename = raw_input('Type the signature file: ') with open(filename, 'rb') as f: signature = f.read() # Verify the file. pubkey.verify( signature, plaintext, padding.PSS(mgf=padding.MGF1(hashes.SHA256()), salt_length=padding.PSS.MAX_LENGTH), hashes.SHA256()) # If passing here, the verification is ok. print 'Signature ok'
def myRSADecrypt(RSACipher, C, IV, t, path, pTK, sig): from cryptography.hazmat.primitives.asymmetric import padding with open(pTK, "rb") as key_file: prk = serialization.load_pem_private_key(key_file.read(), password=None, backend=default_backend()) pub = prk.public_key() pub.verify( sig, RSACipher, padding.PSS(mgf=padding.MGF1(hashes.SHA256()), salt_length=padding.PSS.MAX_LENGTH), hashes.SHA256()) newK = prk.decrypt( RSACipher, padding.OAEP(mgf=padding.MGF1(algorithm=hashes.SHA256()), algorithm=hashes.SHA256(), label=None)) key = newK[0:32] hKey = newK[32:] pt = myfileDecryptHMAC(C, IV, t, key, hKey, path) return pt
def generate_sign(private_key): from cryptography.hazmat.primitives.asymmetric import padding sign = private_key.sign( b'key', padding.PSS(mgf=padding.MGF1(hashes.SHA256()), salt_length=128), hashes.SHA256()) return sign
def myRSAEncrypt(path, pTK, pTK2): from cryptography.hazmat.primitives.asymmetric import padding C, IV, t, key, hKey, fExt = myfileEncryptHMAC(path) newK = key + hKey with open(pTK, "rb") as key_file: pk = serialization.load_pem_public_key(key_file.read(), backend=default_backend()) with open(pTK2, "rb") as key_file: prk = serialization.load_pem_private_key(key_file.read(), password=None, backend=default_backend()) RSACipher = pk.encrypt( newK, padding.OAEP(mgf=padding.MGF1(algorithm=hashes.SHA256()), algorithm=hashes.SHA256(), label=None)) sig = prk.sign( RSACipher, padding.PSS(mgf=padding.MGF1(hashes.SHA256()), salt_length=padding.PSS.MAX_LENGTH), hashes.SHA256()) return RSACipher, C, IV, t, fExt, sig
def sign_private(self, message, hash_using=hashes.SHA256()): # if self.priv_key.public_key().public_bytes(Encoding.PEM, PublicFormat.SubjectPublicKeyInfo) == self.certificate.public_key().public_bytes(Encoding.PEM, PublicFormat.SubjectPublicKeyInfo): # logger.info("SAO IGUAIS") signature = self.priv_key.sign( message.encode(), padding.PSS(mgf=padding.MGF1(hashes.SHA256()), salt_length=padding.PSS.MAX_LENGTH), hash_using) logger.info("Signing with private: %s" % (signature)) return signature
def pk_sign(message: bytes, private_key: rsa.RSAPrivateKey) -> bytes: """ Sign a message using RSASSA-PSS. """ signer = private_key.signer( padding.PSS(padding.MGF1(hashes.SHA256()), padding.PSS.MAX_LENGTH), hashes.SHA256()) signer.update(message) return signer.finalize()
def gen_pubKey(privateKey): """ RSA PUBLIC KEY """ chosen_hash = hashes.SHA256() hasher = hashes.Hash(chosen_hash, default_backend()) hasher.update(b"data & ") hasher.update(b"more data") digest = hasher.finalize() sig = privateKey.sign( digest, padding.PSS(mgf=padding.MGF1(hashes.SHA256()), salt_length=padding.PSS.MAX_LENGTH), utils.Prehashed(chosen_hash)) publicKey = privateKey.public_key() publicKey.verify( sig, digest, padding.PSS(mgf=padding.MGF1(hashes.SHA256()), salt_length=padding.PSS.MAX_LENGTH), utils.Prehashed(chosen_hash)) return publicKey
def pk_verify(message: bytes, public_key: rsa.RSAPublicKey, signature: bytes) -> bool: """ Verify a message signature created with RSASSA-PSS. """ verifier = public_key.verifier( signature, padding.PSS(padding.MGF1(hashes.SHA256()), padding.PSS.MAX_LENGTH), hashes.SHA256()) verifier.update(message) try: verifier.verify() return True except exceptions.InvalidSignature: return False
def verifySignature(self, signatureClient, client_public_key, server_public_key): key_file = open("key_client.pem", "rb") pp = key_file.read() key_file.close() rsa_client_public_key = serialization.load_pem_public_key( pp[1874:], backend=default_backend()) try: rsa_client_public_key.verify( signatureClient, (client_public_key + server_public_key), padding.PSS(mgf=padding.MGF1(hashes.SHA256()), salt_length=padding.PSS.MAX_LENGTH), hashes.SHA256()) except InvalidSignature as InvalidSignature: print("Assinatura inválida") exit
def verifySignature(self, signatureClient, client_public_key, server_public_key, unknown_cert): try: uc = crypto.load_certificate(crypto.FILETYPE_PEM, unknown_cert) store = crypto.X509Store() store.add_cert(self.trusted_cert) store_ctx = crypto.X509StoreContext(store, uc) store_ctx.verify_certificate() public_key_cert = x509.load_pem_x509_certificate( unknown_cert, default_backend()).public_key() public_key_cert.verify( signatureClient, (client_public_key + server_public_key), padding.PSS(mgf=padding.MGF1(hashes.SHA256()), salt_length=padding.PSS.MAX_LENGTH), hashes.SHA256()) except Exception as e: print(e) exit
def sign_rsa_cert(): # Read the private key. filename = raw_input('Type the PEM file containing the RSA private key: ') with open(filename, 'rb') as f: prvkey_text = f.read() prvkey = serialization.load_pem_private_key(prvkey_text, password=None, backend=default_backend()) # Read the file to sign. filename = raw_input('Type the file to sign: ') with open(filename, 'rb') as f: plaintext = f.read() # Sign the file. signature = prvkey.sign( plaintext, padding.PSS(mgf=padding.MGF1(hashes.SHA256()), salt_length=padding.PSS.MAX_LENGTH), hashes.SHA256()) # Write the signature in the output file. with open(filename + '.sgn', 'wb') as f: f.write(signature) print('Signature file: ' + filename + '.sgn')
def verify_rsa_cert(): # Read the CA's certificate. filename = raw_input('Type the PEM file containing the CA certificate: ') with open(filename, 'rb') as f: ca_cert_text = f.read() ca_cert = x509.load_pem_x509_certificate(ca_cert_text, backend=default_backend()) # Check the CA's certificate validity. now = datetime.datetime.now() if now < ca_cert.not_valid_before or now > ca_cert.not_valid_after: print 'ERROR. Invalid CA certificate.' sys.exit(1) # Display the CA's name. ca_name = ca_cert.subject.get_attributes_for_oid( NameOID.COMMON_NAME)[0].value print 'CA name:', ca_name ca_pubkey = ca_cert.public_key() # Read the signer's certificate. filename = raw_input( 'Type the PEM file containing the file signer certificate: ') with open(filename, 'rb') as f: sgn_cert_text = f.read() sgn_cert = x509.load_pem_x509_certificate(sgn_cert_text, backend=default_backend()) # Check the signer's certificate validity. sgn_cert_issuer_name = sgn_cert.issuer.get_attributes_for_oid( NameOID.COMMON_NAME)[0].value if sgn_cert_issuer_name != ca_name: print 'ERROR. Unknown CA: ', sgn_cert_issuer_name sys.exit(1) if now < sgn_cert.not_valid_before or now > sgn_cert.not_valid_after: print 'ERROR. Invalid file signer certificate.' sys.exit(1) ca_pubkey.verify(sgn_cert.signature, sgn_cert.tbs_certificate_bytes, padding.PKCS1v15(), hashes.SHA256()) # If passing here, the signer's certificate is ok. sgn_name = sgn_cert.subject.get_attributes_for_oid( NameOID.COMMON_NAME)[0].value print 'Certificate ok' print 'File signer common name:', sgn_name # Extract the signer's public key. pubkey = sgn_cert.public_key() # Read the file to verify. filename = raw_input('Type the file to verify: ') with open(filename, 'rb') as f: plaintext = f.read() # Read the signature. filename = raw_input('Type the signature file: ') with open(filename, 'rb') as f: signature = f.read() # Verify the file. pubkey.verify( signature, plaintext, padding.PSS(mgf=padding.MGF1(hashes.SHA256()), salt_length=padding.PSS.MAX_LENGTH), hashes.SHA256()) # If passing here, the verification is ok. print 'Signature ok'
plaintext = private_key.decrypt(ciphertext, padding.OAEP(mgf=padding.MGF1(algorithm=hashes.SHA256()), algorithm=hashes.SHA256(), label=None)) print plaintext from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives.asymmetric import padding signer = private_key.signer(padding.PSS(mgf=padding.MGF1(hashes.SHA256()), salt_length=padding.PSS.MAX_LENGTH), hashes.SHA256()) message = "A message of arbitrary length" signer.update(message) signature = signer.finalize() public_key = private_key.public_key() verifier = public_key.verifier(signature, padding.PSS(mgf=padding.MGF1(hashes.SHA256()), salt_length=padding.PSS.MAX_LENGTH), hashes.SHA256()) verifier.update(message) verifier.verify() ####################################################################
def createDigitalSignature(privateKey, message): signature = privateKey.sign( message, padding.PSS(mgf=padding.MGF1(hashes.SHA256()), salt_length=padding.PSS.MAX_LENGTH), hashes.SHA256()) return signature