def ec_generate_pair(curve):
"""
Generates a EC public/private key pair
:param curve:
A unicode string. Valid values include "secp256r1", "secp384r1" and
"secp521r1".
:raises:
ValueError - when any of the parameters contain an invalid value
TypeError - when any of the parameters are of the wrong type
:return:
A 2-element tuple of (asn1crypto.keys.PublicKeyInfo,
asn1crypto.keys.PrivateKeyInfo)
"""
if curve not in set(['secp256r1', 'secp384r1', 'secp521r1']):
raise ValueError(
pretty_message(
'''
curve must be one of "secp256r1", "secp384r1", "secp521r1", not %s
''', repr(curve)))
curve_num_bytes = CURVE_BYTES[curve]
curve_base_point = {
'secp256r1': SECP256R1_BASE_POINT,
'secp384r1': SECP384R1_BASE_POINT,
'secp521r1': SECP521R1_BASE_POINT,
}[curve]
while True:
private_key_bytes = rand_bytes(curve_num_bytes)
private_key_int = int_from_bytes(private_key_bytes, signed=False)
if private_key_int > 0 and private_key_int < curve_base_point.order:
break
private_key_info = keys.PrivateKeyInfo({
'version':
0,
'private_key_algorithm':
keys.PrivateKeyAlgorithm({
'algorithm':
'ec',
'parameters':
keys.ECDomainParameters(name='named', value=curve)
}),
'private_key':
keys.ECPrivateKey({
'version': 'ecPrivkeyVer1',
'private_key': private_key_int
}),
})
ec_point = ec_compute_public_key_point(private_key_info)
private_key_info['private_key'].parsed['public_key'] = ec_point.copy()
return (ec_public_key_info(ec_point, curve), private_key_info)
def test_decrypt(self):
with open('/Users/robert/test.pri', 'r') as file:
privateKey_data = file.read()
print(privateKey_data.encode('utf-8'))
data = load_pem_private_key(privateKey_data.encode('utf-8'), password=b'trustasia-cloudpki', backend=default_backend())
privateKey = data.private_bytes(
encoding=Encoding.DER,
format=PrivateFormat.PKCS8,
encryption_algorithm=NoEncryption())
private_key = keys.PrivateKeyInfo().load(privateKey)
print(private_key.native)
def test_ec_private_key_info_width(self):
pki = keys.PrivateKeyInfo({
'version': 0,
'private_key_algorithm': {
'algorithm': 'ec',
'parameters': ('named', 'secp256r1'),
},
'private_key': {
'version': 1,
'private_key': 1
}
})
k = pki['private_key'].parsed
self.assertEqual('ecPrivkeyVer1', k['version'].native)
self.assertEqual(1, k['private_key'].native)
self.assertEqual(None, k['parameters'].native)
self.assertEqual(
b'\x04\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01',
k['private_key'].dump())
def parse(self, data):
serial_number = None
# 得到ca证书信息
ca = x509.Certificate().load(data['certificate_data'])
for k, v in ca.native['tbs_certificate'].items():
if k == 'serial_number':
serial_number = v
# 获取ca私钥信息
private_key_data = load_pem_private_key(data['private_key_data'].encode('utf-8'), password=b'trustasia-cloudpki',
backend=default_backend())
private_key_data = private_key_data.private_bytes(
encoding=Encoding.DER,
format=PrivateFormat.PKCS8,
encryption_algorithm=NoEncryption())
ca_privateKey = keys.PrivateKeyInfo().load(private_key_data)
ca_info = {
'ca': ca,
'ca_privateKey': ca_privateKey,
'ca_serialNumber': serial_number
}
return ca_info
def get_responder(self, serialNumber):
connect = pymysql.connect(host=Config.db_url, port=Config.port, user=Config.user_name, password=Config.password,
db=Config.db)
cur = connect.cursor(cursor=pymysql.cursors.DictCursor)
cur.execute(Config.sql.format(str(serialNumber) + '_responser'))
rest = cur.fetchall()
connect.commit()
cur.close()
connect.close()
cert_data = base64.b64decode(rest[0]['cert'])
responder_cert = x509.Certificate().load(cert_data)
private_key_data = load_pem_private_key(rest[0]['privatekey'].encode('utf-8'), password=b'trustasia-cloudpki',
backend=default_backend())
private_key_data = private_key_data.private_bytes(
encoding=Encoding.DER,
format=PrivateFormat.PKCS8,
encryption_algorithm=NoEncryption())
responder_privatekey = keys.PrivateKeyInfo().load(private_key_data)
responder_info = {
'responder_cert': responder_cert,
'responder_privatekey': responder_privatekey
}
return responder_info