def setUp(self): self.example_xml_files = (os.path.join(os.path.dirname(__file__), "example.xml"), os.path.join(os.path.dirname(__file__), "example2.xml")) self.keys = dict(hmac=b"secret", rsa=rsa.generate_private_key(public_exponent=65537, key_size=2048, backend=default_backend()), dsa=dsa.generate_private_key(key_size=1024, backend=default_backend()), ecdsa=ec.generate_private_key(curve=ec.SECP384R1(), backend=default_backend()))
def generatePrivateKey(size): start = timer() private_key = dsa.generate_private_key(key_size=size, backend=default_backend()) end = timer() print("Time Taken to generate key is ", (end - start)) return private_key
def generate_private_key( key_size: Optional[int], key_type: Literal["RSA", "DSA", "ECC"], ecc_curve: Optional[ec.EllipticCurve] ) -> PrivateKeyTypes: """Generate a private key. This function assumes that you called :py:func:`~django_ca.utils.validate_key_parameters` on the input values and does not do any sanity checks on its own. Parameters ---------- key_size : int The size of the private key (not used for ECC keys). key_type : {'RSA', 'DSA', 'ECC'} The type of the private key. ecc_curve : :py:class:`~cg:cryptography.hazmat.primitives.asymmetric.ec.EllipticCurve` The ECC curve to use for an ECC key. Returns ------- key A private key of the appropriate type. """ if key_type == "DSA" and key_size is not None: return dsa.generate_private_key(key_size=key_size, backend=default_backend()) if key_type == "ECC" and ecc_curve is not None: return ec.generate_private_key(ecc_curve, default_backend()) if key_type == "RSA" and key_size is not None: return rsa.generate_private_key(public_exponent=65537, key_size=key_size, backend=default_backend()) raise ValueError("%s: Invalid key type." % key_type)
def test_generate_dsa_private_key_and_parameters(self, backend): skey = dsa.generate_private_key(1024, backend) assert skey numbers = skey.private_numbers() skey_parameters = numbers.public_numbers.parameter_numbers assert numbers.public_numbers.y == pow(skey_parameters.g, numbers.x, skey_parameters.p)
def generate(self, profile, keyType=None, keyLen=None): """Generate Private key based on: - profile object (profile) """ if keyLen is None: keyLen = profile['keyLen'] if keyType is None: keyType = profile['keyType'] if keyType == 'rsa': try: pkey = rsa.generate_private_key(public_exponent=65537, key_size=int(keyLen), backend=self.__backend) except Exception as err: raise Exception(err) elif keyType == 'dsa': try: pkey = dsa.generate_private_key(key_size=int(keyLen), backend=self.__backend) except Exception as err: raise Exception(err) else: raise NotImplementedError( 'Private key generation only support {t} key type'.format( t=self._config._allowed.KeyTypes)) return pkey
def generate_key(self): ''' Generates key pair using type and length specified in config :return: None ''' if self.config['key']['key_type'] == 'rsa': self.key = rsa.generate_private_key( public_exponent=65537, key_size=self.config['key']['key_peram'], backend=default_backend() ) elif self.config['key']['key_type'] == 'dsa': self.key = dsa.generate_private_key( key_size=self.config['key']['key_peram'], backend=default_backend() ) elif self.config['key']['key_type'] == 'ec': self.key = ec.generate_private_key( curve=getattr(ec, self.config['key']['key_peram'])(), backend=default_backend() ) else: raise ValueError("\nFailed to generate key, no key_type key type provided!\n" "Offending key name: {}\n".format(self.name))
def generate_asymmetric(self, generate_dto, kek_meta_dto, project_id): """Generate asymmetric keys based on below rules: - RSA, with passphrase (supported) - RSA, without passphrase (supported) - DSA, without passphrase (supported) - DSA, with passphrase (supported) """ if (generate_dto.algorithm is None or generate_dto.algorithm.lower() == 'rsa'): private_key = rsa.generate_private_key( public_exponent=65537, key_size=generate_dto.bit_length, backend=default_backend()) elif generate_dto.algorithm.lower() == 'dsa': private_key = dsa.generate_private_key( key_size=generate_dto.bit_length, backend=default_backend()) else: raise c.CryptoPrivateKeyFailureException() public_key = private_key.public_key() if generate_dto.algorithm.lower() == 'rsa': private_key = private_key.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.PKCS8, encryption_algorithm=self._get_encryption_algorithm( generate_dto.passphrase)) public_key = public_key.public_bytes( encoding=serialization.Encoding.PEM, format=serialization.PublicFormat.SubjectPublicKeyInfo) if generate_dto.algorithm.lower() == 'dsa': private_key = private_key.private_bytes( encoding=serialization.Encoding.DER, format=serialization.PrivateFormat.PKCS8, encryption_algorithm=self._get_encryption_algorithm( generate_dto.passphrase)) public_key = public_key.public_bytes( encoding=serialization.Encoding.DER, format=serialization.PublicFormat.SubjectPublicKeyInfo) private_dto = self.encrypt(c.EncryptDTO(private_key), kek_meta_dto, project_id) public_dto = self.encrypt(c.EncryptDTO(public_key), kek_meta_dto, project_id) passphrase_dto = None if generate_dto.passphrase: if isinstance(generate_dto.passphrase, six.text_type): generate_dto.passphrase = generate_dto.passphrase.encode( 'utf-8') passphrase_dto = self.encrypt( c.EncryptDTO(generate_dto.passphrase), kek_meta_dto, project_id) return private_dto, public_dto, passphrase_dto
def test_cryptography_module(): try: from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives.asymmetric import dsa from cryptography.hazmat.primitives.asymmetric.utils import decode_dss_signature privk = dsa.generate_private_key(key_size=1024, backend=default_backend()) params = privk.parameters().parameter_numbers() p, q, g = params.p, params.q, params.g pubk = privk.public_key() y = pubk.public_numbers().y data = "SANITY_TESTSANITY_TEST_SANITYTEST" sig = privk.sign(data, hashes.SHA1()) r, s = decode_dss_signature(sig) pub = (p, q, g, y) logging.debug( "sanity checking verify with cryptography module generated params+keys" ) assert (dsa_verify(pub, (r, s), data) == True) except ImportError: logging.error("cannot test using another source (cryptography module)")
def generate_key_pairs(key_size=1024): #define key_pairs dictionary key_pairs = {} #generate private key private_key = dsa.generate_private_key(key_size=key_size, backend=default_backend()) private_number = private_key.private_numbers() #add private key value - x key_pairs['private_key'] = private_number.x #get private key from private_key public_key = private_key.public_key() #get public number public_numbers = public_key.public_numbers() y = public_numbers.y p = public_numbers.parameter_numbers.p q = public_numbers.parameter_numbers.q g = public_numbers.parameter_numbers.g #add public_key_numbers value - y, p, q, g public_keys_numbers = {'y': y, 'p': p, 'q': q, 'g': g} key_pairs['public_key'] = public_keys_numbers return key_pairs
def testCorrectTransactionIsVerified(self): private_key = dsa.generate_private_key(2048, backends.default_backend()) public_key = private_key.public_key() public_key_bytes = public_key.public_bytes( serialization.Encoding.PEM, serialization.PublicFormat.SubjectPublicKeyInfo) public_key_string = binascii.hexlify(public_key_bytes) first_transaction = plebcoin_pb2.Transaction() output = first_transaction.outputs.add() output.amount = 10.0 output.receiver = public_key_string first_transaction_hash = node._HashTransaction(first_transaction) transactions = {first_transaction_hash: first_transaction} transaction = plebcoin_pb2.Transaction() transaction.inputs.add(sender=public_key_string, transaction=first_transaction_hash) transaction.outputs.add(amount=10.0, receiver='1') transaction.hash, hash_bytes = ( node._ComputeInnerTransactionHash(transaction)) signature_bytes = private_key.sign(hash_bytes, utils.Prehashed(hashes.SHA256())) signature = binascii.hexlify(signature_bytes) transaction.signatures.append(signature) self.assertTrue( node._VerifyTransaction(transaction, transactions, set()))
def getDSAKeys(): """ Checks for existing DSA Keys, if there are none, generates a 2048 bit DSA key pair, saves them to a temporary location and returns the keys formatted as OpenSSH keys. """ public_key = os.path.join(SSH_PATH, 'id_dsa.pub') private_key = os.path.join(SSH_PATH, 'id_dsa') if not (os.path.exists(public_key) and os.path.exists(private_key)): ssh_key = dsa.generate_private_key( key_size=1024, backend=default_backend()) public_key_string = ssh_key.public_key().public_bytes( serialization.Encoding.OpenSSH, serialization.PublicFormat.OpenSSH) private_key_string = ssh_key.private_bytes( serialization.Encoding.PEM, serialization.PrivateFormat.TraditionalOpenSSL, serialization.NoEncryption()) with open(public_key, 'w+b') as key_file: key_file.write(public_key_string) with open(private_key, 'w+b') as key_file: key_file.write(private_key_string) else: with open(public_key) as key_file: public_key_string = key_file.read() with open(private_key) as key_file: private_key_string = key_file.read() return public_key_string, private_key_string
def test_generate_dsa_private_key_and_parameters(self, backend): skey = dsa.generate_private_key(1024, backend) assert skey if isinstance(skey, dsa.DSAPrivateKeyWithNumbers): numbers = skey.private_numbers() skey_parameters = numbers.public_numbers.parameter_numbers assert numbers.public_numbers.y == pow(skey_parameters.g, numbers.x, skey_parameters.p)
def generate_private_key(key_size, key_type, ecc_curve): """Generate a private key. This function assumes that you called :py:func:`~django_ca.utils.validate_key_parameters` on the input values and does not do any sanity checks on its own. Parameters ---------- key_size : int The size of the private key (not used for ECC keys). key_type : {'RSA', 'DSA', 'ECC'} The type of the private key. ecc_curve : :py:class:`~cg:cryptography.hazmat.primitives.asymmetric.ec.EllipticCurve` The ECC curve to use for an ECC key. Returns ------- key A private key of the appropriate type. """ if key_type == 'DSA': private_key = dsa.generate_private_key(key_size=key_size, backend=default_backend()) elif key_type == 'ECC': private_key = ec.generate_private_key(ecc_curve, default_backend()) else: private_key = rsa.generate_private_key(public_exponent=65537, key_size=key_size, backend=default_backend()) return private_key
def test_build_keys(self): """Test building from the key info config file example.""" test_config_file = str(Path("examples/key_example.yaml").absolute()) dsa_key = dsa.generate_private_key(key_size=2048, ) with open("/tmp/my_dsa.key", "wb") as f: f.write( dsa_key.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.PKCS8, encryption_algorithm=serialization.NoEncryption(), )) result = self.cli.invoke( app, [ "build", test_config_file, ], ) self.assertEqual( result.exit_code, 0, "Should successfully create a Certificate Signing Request", ) self.assertEqual( result.output, "Created new CSR at /tmp/my_rsa_autocsr.csr\n" "Created new CSR at /tmp/my_dsa_autocsr.csr\n" "Created new CSR at /tmp/my_ec_autocsr.csr\n", "Should print success to user", )
def generate_asym_key(choice, password, folder): if choice == 'RSA': private_key = rsa.generate_private_key(public_exponent=65537, key_size=2048, backend=default_backend()) elif choice == 'DSA': private_key = dsa.generate_private_key(key_size=2048) elif choice == 'Elliptic Curve': elliptic_curve = ec.SECP384R1() private_key = ec.generate_private_key(elliptic_curve) public_key = private_key.public_key() serialized_private_key = private_key.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.PKCS8, encryption_algorithm=serialization.BestAvailableEncryption( password.encode('utf-8'))) with open('utils/asymmetric/' + folder + '/private.pem', 'wb') as f: f.write(serialized_private_key) serialized_pub_key = public_key.public_bytes( encoding=serialization.Encoding.PEM, format=serialization.PublicFormat.SubjectPublicKeyInfo) with open('utils/asymmetric/' + folder + '/public.pem', 'wb') as f: f.write(serialized_pub_key)
def test_loading_ca_key(self): ca_key = _generate_private_key() with patch('scionlab.openvpn_config._generate_private_key', return_value=ca_key): call_command('initialize_root_ca') stored_ca_key = load_ca_key() self.assertEqual( ca_key.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.TraditionalOpenSSL, encryption_algorithm=serialization.NoEncryption()).decode(), stored_ca_key.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.TraditionalOpenSSL, encryption_algorithm=serialization.NoEncryption()).decode()) # replace with wrong key type wrong_key = dsa.generate_private_key(key_size=3072, ) pathlib.Path(TEST_CA_KEY_PATH).write_bytes( wrong_key.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.TraditionalOpenSSL, encryption_algorithm=serialization.BestAvailableEncryption( settings.VPN_CA_KEY_PASSWORD.encode('utf-8')))) # detect wrong key type with self.assertRaises(TypeError): load_ca_key()
def createNewKey(self): choice = QtGui.QMessageBox.question(self, 'Generate new keys?', "Are you sure you want to generate new set of keys " "(private and public)?", QtGui.QMessageBox.Yes | QtGui.QMessageBox.No) if choice == QtGui.QMessageBox.Yes: key = dsa.generate_private_key(3072, backend=default_backend()) # TODO Dorobic wybor dugosci klucza try: with open("privateKey.pem", "wb") as f: f.write(key.private_bytes(encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.TraditionalOpenSSL, encryption_algorithm=serialization.NoEncryption(),)) # f.write(key.private_bytes(encoding=serialization.Encoding.PEM, # format=serialization.PrivateFormat.TraditionalOpenSSL, # encryption_algorithm=serialization.BestAvailableEncryption(b"password"),)) QtGui.QMessageBox.information(self, 'Success!', "New key generated successfully!", QtGui.QMessageBox.Ok) self.keyPath = os.path.abspath(f.name) self.keyPathBox.setText(self.keyPath) QtGui.QApplication.processEvents() except IOError: QtGui.QMessageBox.critical(self, 'Error!', "Key generation failed!", QtGui.QMessageBox.Ok) else: pass
def generate(cls, keytype='rsa', size=None, passphrase=None): """Returns an Asymmetric_Keypair object generated with the supplied parameters or defaults to an unencrypted RSA-2048 key :keytype: One of rsa, dsa, ecdsa, ed25519 :size: The key length for newly generated keys :passphrase: Secret of type Bytes used to encrypt the private key being generated """ if keytype not in _ALGORITHM_PARAMETERS.keys(): raise InvalidKeyTypeError( "%s is not a valid keytype. Valid keytypes are %s" % ( keytype, ", ".join(_ALGORITHM_PARAMETERS.keys()) ) ) if not size: size = _ALGORITHM_PARAMETERS[keytype]['default_size'] else: if size not in _ALGORITHM_PARAMETERS[keytype]['valid_sizes']: raise InvalidKeySizeError( "%s is not a valid key size for %s keys" % (size, keytype) ) if passphrase: encryption_algorithm = get_encryption_algorithm(passphrase) else: encryption_algorithm = serialization.NoEncryption() if keytype == 'rsa': privatekey = rsa.generate_private_key( # Public exponent should always be 65537 to prevent issues # if improper padding is used during signing public_exponent=65537, key_size=size, backend=backend, ) elif keytype == 'dsa': privatekey = dsa.generate_private_key( key_size=size, backend=backend, ) elif keytype == 'ed25519': privatekey = Ed25519PrivateKey.generate() elif keytype == 'ecdsa': privatekey = ec.generate_private_key( _ALGORITHM_PARAMETERS['ecdsa']['curves'][size], backend=backend, ) publickey = privatekey.public_key() return cls( keytype=keytype, size=size, privatekey=privatekey, publickey=publickey, encryption_algorithm=encryption_algorithm )
def clone_certificate(self, remote_server): cert_string = self.get_certificate_from_server(remote_server) #Get Certificate properties cert_dict = self.parse_pem(cert_string) #Check if exists in cache cnp = os.path.sep.join([self.cache_dir, '{}-{}.pem'.format(self.CERT_PREFIX, cert_dict["subject"]["commonName"])]) if os.path.exists(cnp): print("Cert already exists common_name={}".format(cert_dict["subject"]["commonName"])) else: print("Creating and signing cert common_name={}".format(cert_dict["subject"]["commonName"])) #Generating the Correct Private Keytype if cert_dict["public_key"] == "RSA": private_key = rsa.generate_private_key(public_exponent=cert_dict["public_key_pub_exp"], key_size=cert_dict["public_key_size"], backend=default_backend()) elif cert_dict["public_key"] == "DSA": private_key = dsa.generate_private_key(key_size=cert_dict["public_key_size"], backend=default_backend()) elif cert_dict["public_key"] == "EllipticCurve": private_key = ec.generate_private_key(cert_dict["public_key_curve"], default_backend()) #Generate Certificate Signing Request csr_subject = cert_dict["subject_object"] #csr = x509.CertificateSigningRequestBuilder().subject_name(x509.Name(csr_subject)) #for extension in cert_dict["ext_object"]: # print("{}, {}".format(extension.oid._name, extension.critical)) # if extension.oid._name not in ["signedCertificateTimestampList"]: # csr = csr.add_extension(extension.value, critical=extension.critical) #csr = csr.sign(private_key, cert_dict["signature_hash_algorithm"], default_backend()) #Generate Certificate cert = x509.CertificateBuilder().subject_name(csr_subject) cert = cert.issuer_name(self.cert.subject) cert = cert.public_key(private_key.public_key()) cert = cert.serial_number(cert_dict["serial_number"]) cert = cert.not_valid_before(cert_dict["not_valid_before"]) cert = cert.not_valid_after(cert_dict["not_valid_after"]) for extension in cert_dict["ext_object"]: #print("{}, {}".format(extension.oid._name, extension.critical)) if extension.oid._name not in ["signedCertificateTimestampList"]: cert = cert.add_extension(extension.value, critical=extension.critical) cert = cert.sign(self.key, cert_dict["signature_hash_algorithm"], default_backend()) # Write our certificate out to disk. with open(cnp, 'wb+') as f: f.write(cert.public_bytes(serialization.Encoding.PEM)) with open(cnp[:-3] + "key", 'wb+') as f: f.write(private_key.private_bytes(encoding=serialization.Encoding.PEM, encryption_algorithm=serialization.NoEncryption(), format=serialization.PrivateFormat.TraditionalOpenSSL)) return {"certfile": cnp, "keyfile": cnp[:-3] + "key"}
def test_generate_dsa_private_key_and_parameters(self, backend): skey = dsa.generate_private_key(1024, backend) assert skey numbers = skey.private_numbers() skey_parameters = numbers.public_numbers.parameter_numbers assert numbers.public_numbers.y == pow( skey_parameters.g, numbers.x, skey_parameters.p )
def _GenerateKeyPair(): private_key = dsa.generate_private_key(2048, backends.default_backend()) public_key = private_key.public_key() public_key_bytes = public_key.public_bytes( serialization.Encoding.PEM, serialization.PublicFormat.SubjectPublicKeyInfo) public_key_string = binascii.hexlify(public_key_bytes) return KeyPair(private_key, public_key, public_key_string)
def generate(cls, key_size): """Generate a new DSA private key""" priv_key = dsa.generate_private_key(key_size, default_backend()) priv = priv_key.private_numbers() pub = priv.public_numbers params = pub.parameter_numbers return cls(priv_key, params, pub, priv)
def generate_random_dsa_key(): n = 1024 private_key = dsa.generate_private_key(key_size=n, backend=default_backend()) pem = private_key.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.TraditionalOpenSSL, encryption_algorithm=serialization.NoEncryption()) return pem
def test_generate_dsa_private_key_and_parameters(self, backend): skey = dsa.generate_private_key(1024, backend) assert skey if isinstance(skey, interfaces.DSAPrivateKeyWithNumbers): numbers = skey.private_numbers() skey_parameters = numbers.public_numbers.parameter_numbers assert numbers.public_numbers.y == pow( skey_parameters.g, numbers.x, skey_parameters.p )
def generate(cls, key_size): """Generate a new DSA private key""" priv_key = dsa.generate_private_key(key_size, default_backend()) priv = priv_key.private_numbers() pub = priv.public_numbers params = pub.parameter_numbers return cls(params, pub, priv, priv_key)
def question_1g_1h(file_name, output_file_name, key_length): """ This section deals with the signature and verification of the file :param file_name: Input file name :param output_file_name: Output file name :param key_length: Length of the key in bits """ from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives.asymmetric import dsa from cryptography.hazmat.backends import default_backend print("Starting Signature and Verification for {} bit key length".format( key_length)) key_start_time = datetime.datetime.now() key = dsa.generate_private_key(key_size=key_length, backend=default_backend()) print("Time taken for KeyGen in Seconds is {}".format( (datetime.datetime.now() - key_start_time).total_seconds())) fo_input = open(file_name, 'rb') content = fo_input.read() fo_input.close() # Signature signing_start_time = datetime.datetime.now() # signer = DSS.new(key, 'fips-186-3') h = hashes.SHA256() signature = key.sign(content, h) fo = open(output_file_name, 'wb') fo.write(signature) fo.close() diff = datetime.datetime.now() - signing_start_time print("Time taken in seconds for Signing this document was {}".format( diff.total_seconds())) print( "Time taken in seconds per byte for signing this document was {0:.7f}". format(diff.total_seconds() / float(os.path.getsize(file_name)))) # Verification verify_start_time = datetime.datetime.now() fo = open(output_file_name, 'rb') sig_content = fo.read() fo.close() try: key.public_key().verify(signature, content, hashes.SHA256()) diff_verify = datetime.datetime.now() - verify_start_time print("Time taken for Verifying this document was {}".format( diff_verify.total_seconds())) print( "Time taken in microseconds per byte for verifying this document was {0:.5f}" .format( float((diff_verify.total_seconds()) / os.path.getsize(output_file_name)))) print("Valid Signature!!\n") except: print("Invalid Signature!.. Corrupted!!\n")
def gen_private_dsa(): from cryptography.hazmat.primitives import serialization from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives.asymmetric import dsa private_key = dsa.generate_private_key(key_size=1024, backend=default_backend()) pem = private_key.private_bytes(encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.TraditionalOpenSSL, encryption_algorithm=serialization.NoEncryption()) return pem
def dsa_private_key(): private_key = force_str(dsa.generate_private_key( key_size=1024, backend=default_backend() )) return private_key.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.TraditionalOpenSSL, encryption_algorithm=serialization.NoEncryption(), )
def generate_dsa_private_public_key_pair(): private_key = dsa.generate_private_key( key_size=1024, backend=default_backend() ) public_key = private_key.public_key() private_key_bytes = __dumps_prk(private_key) public_key_bytes = __dumps_dsa_puk(public_key) return private_key_bytes, public_key_bytes
def generateDSAkey(options): from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives.asymmetric import dsa print('Generating public/private dsa key pair.') keyPrimitive = dsa.generate_private_key( key_size=int(options['bits']), backed=default_backend(), ) key = keys.Key(keyPrimitive) _saveKey(key, options)
def signing_verify(testfile): privatekey = dsa.generate_private_key( key_size=2048, backend=default_backend()) with open(testfile,"rb") as inputfile: inputdata = inputfile.read() sign = privatekey.sign( inputdata,hashes.SHA256()) print("DSA Signature for 1 KB file:\n ",sig,"\n") publickey = privatekey.public_key() pubblickey.verify( sign, inputdata, hashes.SHA256())
def create_key(self): key = dsa.generate_private_key(backend=crypto_default_backend(), key_size=self.get("KeySize")) private_key = key.private_bytes( crypto_serialization.Encoding.PEM, crypto_serialization.PrivateFormat.PKCS8, crypto_serialization.NoEncryption(), ) return private_key.decode("ascii"), self.public_key(key).decode( "ascii")
def generateDSAkey(options): from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives.asymmetric import dsa if not options['bits']: options['bits'] = 1024 keyPrimitive = dsa.generate_private_key( key_size=int(options['bits']), backend=default_backend(), ) key = keys.Key(keyPrimitive) _saveKey(key, options)
def create_key(self): key = dsa.generate_private_key(backend=crypto_default_backend(), key_size=self.get('KeySize')) private_key = key.private_bytes( crypto_serialization.Encoding.PEM, crypto_serialization.PrivateFormat.PKCS8, crypto_serialization.NoEncryption()) public_key = key.public_key().public_bytes( crypto_serialization.Encoding.OpenSSH, crypto_serialization.PublicFormat.OpenSSH) return private_key.decode('ascii'), public_key.decode('ascii')
def generate_private_key( key_size: Optional[int], key_type: ParsableKeyType, ecc_curve: Optional[ec.EllipticCurve], ) -> PRIVATE_KEY_TYPES: """Generate a private key. This function assumes that you called :py:func:`~django_ca.utils.validate_key_parameters` on the input values and does not do any sanity checks on its own. Parameters ---------- key_size : int The size of the private key. The value is ignored if ``key_type`` is not ``"DSA"`` or ``"RSA"``. key_type : {'RSA', 'DSA', 'ECC', 'EdDSA', 'Ed448'} The type of the private key. ecc_curve : :py:class:`~cg:cryptography.hazmat.primitives.asymmetric.ec.EllipticCurve` An elliptic curve to use for ECC keys. This parameter is ignored if ``key_type`` is not ``"ECC"``. Defaults to the :ref:`CA_DEFAULT_ECC_CURVE <settings-ca-default-ecc-curve>`. Returns ------- key A private key of the appropriate type. """ # Make sure that parameters are valid validate_key_parameters(key_size, key_type, ecc_curve) if key_type == "DSA": if key_size is None: key_size = ca_settings.CA_DEFAULT_KEY_SIZE return dsa.generate_private_key(key_size=key_size, backend=default_backend()) if key_type == "ECC": if ecc_curve is None: ecc_curve = ca_settings.CA_DEFAULT_ECC_CURVE() return ec.generate_private_key(ecc_curve, default_backend()) if key_type == "EdDSA": return ed25519.Ed25519PrivateKey.generate() if key_type == "Ed448": return ed448.Ed448PrivateKey.generate() if key_type == "RSA": if key_size is None: key_size = ca_settings.CA_DEFAULT_KEY_SIZE return rsa.generate_private_key(public_exponent=65537, key_size=key_size, backend=default_backend()) # COVERAGE NOTE: Unreachable code, as all possible key_types are handled above and validate_key_parameters # would raise for any other key types. raise ValueError(f"{key_type}: Invalid key type.") # pragma: no cover
def _generate(self, key_size): if any(c != 0 for c in self): # pragma: no cover raise PGPError("key is already populated") # generate some big numbers! pk = dsa.generate_private_key(key_size, default_backend()) pkn = pk.private_numbers() self.p = MPI(pkn.public_numbers.parameter_numbers.p) self.q = MPI(pkn.public_numbers.parameter_numbers.q) self.g = MPI(pkn.public_numbers.parameter_numbers.g) self.y = MPI(pkn.public_numbers.y) self.x = MPI(pkn.x) del pkn del pk self._compute_chksum()
def generate_keypair(): """Generate a new DSA keypair for use with PyBrowserID. This function returns a tuple (public_data, private_key) giving the JSON-serializable public-key data and the associated private key as a browserid.jwt.Key object. """ key = dsa.generate_private_key(1024, backend=backend) params = key.parameters().parameter_numbers() data = { "algorithm": "DS", "p": to_hex(params.p), "q": to_hex(params.q), "g": to_hex(params.g), "y": to_hex(key.public_key().public_numbers().y), "x": to_hex(key.private_numbers().x), } private_key = browserid.jwt.DS128Key(data) del data["x"] return data, private_key
def generate(bits=1024, progress_func=None): """ Generate a new private DSS key. This factory function can be used to generate a new host key or authentication key. :param int bits: number of bits the generated key should be. :param function progress_func: Unused :return: new `.DSSKey` private key """ numbers = dsa.generate_private_key( bits, backend=default_backend() ).private_numbers() key = DSSKey(vals=( numbers.public_numbers.parameter_numbers.p, numbers.public_numbers.parameter_numbers.q, numbers.public_numbers.parameter_numbers.g, numbers.public_numbers.y )) key.x = numbers.x return key
def getDSAKeys(): """ """ publicKeyFile = CONFIG.get('ssh', 'dsa_public_key') privateKeyFile = CONFIG.get('ssh', 'dsa_private_key') if not (os.path.exists(publicKeyFile) and os.path.exists(privateKeyFile)): log.msg("Generating new DSA keypair...") from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives.asymmetric import dsa dsaKey = dsa.generate_private_key(key_size=1024, backend=default_backend()) publicKeyString = keys.Key(dsaKey).public().toString('openssh') privateKeyString = keys.Key(dsaKey).toString('openssh') with open(publicKeyFile, 'w+b') as f: f.write(publicKeyString) with open(privateKeyFile, 'w+b') as f: f.write(privateKeyString) else: with open(publicKeyFile, 'r') as f: publicKeyString = f.read() with open(privateKeyFile, 'r') as f: privateKeyString = f.read() return publicKeyString, privateKeyString
# if algo = alias.split(".")[0] key_para = alias.split(".")[1].upper() version = alias.split(".")[2] usage = alias.split(".")[3] key_type = alias.split(".")[4] # "ec.SECP192R1()" if algo == "ecc": curve = eval(algo+"."+key_para+ "()") priv_key = ecc.generate_private_key(curve, default_backend()) pub_key = priv_key.public_key() elif algo == "dsa": priv_key = dsa.generate_private_key( key_size= 2048, backend=default_backend()) pub_key = priv_key.public_key() else: print("not valid") # pub_key = priv_key.public_key() return priv_key, pub_key class PKFernet(object): def __init__(self, private_keyring, public_keyrings, backend=None): # empty dictionary for receivers and their public key rings
from cryptography.hazmat import backends from cryptography.hazmat.primitives.asymmetric import dsa from cryptography.hazmat.primitives.asymmetric import ec from cryptography.hazmat.primitives.asymmetric import rsa from Crypto.PublicKey import DSA as pycrypto_dsa from Crypto.PublicKey import RSA as pycrypto_rsa from Cryptodome.PublicKey import DSA as pycryptodomex_dsa from Cryptodome.PublicKey import RSA as pycryptodomex_rsa # Correct dsa.generate_private_key(key_size=2048, backend=backends.default_backend()) ec.generate_private_key(curve=ec.SECP384R1, backend=backends.default_backend()) rsa.generate_private_key(public_exponent=65537, key_size=2048, backend=backends.default_backend()) pycrypto_dsa.generate(bits=2048) pycrypto_rsa.generate(bits=2048) pycryptodomex_dsa.generate(bits=2048) pycryptodomex_rsa.generate(bits=2048) # Also correct: without keyword args dsa.generate_private_key(4096, backends.default_backend()) ec.generate_private_key(ec.SECP256K1, backends.default_backend()) rsa.generate_private_key(3, 4096, backends.default_backend())
from cryptography.hazmat.primitives.asymmetric import padding from cryptography.hazmat.primitives.asymmetric import rsa from oslo_utils import timeutils from nova import exception from nova import signature_utils from nova import test TEST_RSA_PRIVATE_KEY = rsa.generate_private_key(public_exponent=3, key_size=1024, backend=default_backend()) TEST_ECC_PRIVATE_KEY = ec.generate_private_key(ec.SECP521R1(), default_backend()) TEST_DSA_PRIVATE_KEY = dsa.generate_private_key(key_size=3072, backend=default_backend()) # Required image property names SIGNATURE = signature_utils.SIGNATURE HASH_METHOD = signature_utils.HASH_METHOD KEY_TYPE = signature_utils.KEY_TYPE CERT_UUID = signature_utils.CERT_UUID class FakeKeyManager(object): def __init__(self): self.certs = {'invalid_format_cert': FakeCastellanCertificate('A' * 256, 'BLAH'), 'valid_format_cert': FakeCastellanCertificate('A' * 256, 'X.509')}
def generate_asymmetric(self, generate_dto, kek_meta_dto, project_id): """Generate asymmetric keys based on below rules: - RSA, with passphrase (supported) - RSA, without passphrase (supported) - DSA, without passphrase (supported) - DSA, with passphrase (supported) """ if(generate_dto.algorithm is None or generate_dto .algorithm.lower() == 'rsa'): private_key = rsa.generate_private_key( public_exponent=65537, key_size=generate_dto.bit_length, backend=default_backend() ) elif generate_dto.algorithm.lower() == 'dsa': private_key = dsa.generate_private_key( key_size=generate_dto.bit_length, backend=default_backend() ) else: raise c.CryptoPrivateKeyFailureException() public_key = private_key.public_key() if generate_dto.algorithm.lower() == 'rsa': private_key = private_key.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.PKCS8, encryption_algorithm=self._get_encryption_algorithm( generate_dto.passphrase) ) public_key = public_key.public_bytes( encoding=serialization.Encoding.PEM, format=serialization.PublicFormat.SubjectPublicKeyInfo ) if generate_dto.algorithm.lower() == 'dsa': private_key = private_key.private_bytes( encoding=serialization.Encoding.DER, format=serialization.PrivateFormat.PKCS8, encryption_algorithm=self._get_encryption_algorithm( generate_dto.passphrase) ) public_key = public_key.public_bytes( encoding=serialization.Encoding.DER, format=serialization.PublicFormat.SubjectPublicKeyInfo ) private_dto = self.encrypt(c.EncryptDTO(private_key), kek_meta_dto, project_id) public_dto = self.encrypt(c.EncryptDTO(public_key), kek_meta_dto, project_id) passphrase_dto = None if generate_dto.passphrase: if isinstance(generate_dto.passphrase, six.text_type): generate_dto.passphrase = generate_dto.passphrase.encode( 'utf-8') passphrase_dto = self.encrypt(c.EncryptDTO(generate_dto. passphrase), kek_meta_dto, project_id) return private_dto, public_dto, passphrase_dto
def generate(cls, algorithm: KeyAlgorithmType, *, size: int = None) -> "PrivateKey": """ Generates a new private key using the given algorithm (key type). Safe defaults will automatically be used, and my change time to time. Some of the defaults can be overridden, such as size. Not all options are used for all algorithms, and may be ignored. :param algorithm: The type of key to generate. :param size: Keyword-only argument to override the default key size, if applicable for the given algorithm. :return: A new ``PrivateKey`` representing the newly generated key. :raises TypeError: If the given algorithm is an invalid AlgorithmType. :raises TypeError: If the given key size is not an integer. """ algorithm = KeyAlgorithmType(algorithm) if size: size = int(size) size = size or _KEY_MIN_SIZES[algorithm] # RSA Key Generation if algorithm is KeyAlgorithmType.RSA: if size < _KEY_MIN_SIZES[KeyAlgorithmType.RSA]: warnings.warn("RSA Key Size '{}' Considered Weak".format(size)) key = rsa.generate_private_key( public_exponent=65537, key_size=size, backend=default_backend() ) # DSA Key Generation elif algorithm is KeyAlgorithmType.DSA: if size < _KEY_MIN_SIZES[KeyAlgorithmType.DSA]: warnings.warn("DSA Key Size '{}' Considered Weak".format(size)) key = dsa.generate_private_key( key_size=size, backend=default_backend() ) # ECDSA Key Generation else: # algorithm is AlgorithmType.ECDSA: warning = "Invalid Curve Size '{}': Rounding up to {} bits" for curve_size in _P_CURVES: if size <= curve_size: if size < curve_size: warnings.warn(warning.format(size, curve_size)) curve = _P_CURVES[curve_size] break # User specified too large of a key size else: max_size = list(_P_CURVES)[-1] warnings.warn("Invalid Curve Size '{}': Rounding down to {} " "bits".format(size, max_size)) curve = _P_CURVES[max_size] key = ec.generate_private_key( curve=curve, backend=default_backend() ) # Serialize Key to Bytes key_bytes = key.private_bytes( EncodingType.DER, serialization.PrivateFormat.PKCS8, serialization.NoEncryption() ) return cls(data=key_bytes)
def generate(cls): return cls(dsa.generate_private_key(1024, cls.__backend__)) # OTR requires that the DSA q parameter is 160 bits, which forces us to use 1024 bit keys (which are not secure)