def sign_hash(pub_algorithm_type, secret_key, hash_, k=None): if pub_algorithm_type in (1, 3): # RSA sig_string = PKCS1_v1_5.new(secret_key).sign(hash_) return (bytes_to_long(sig_string), ) elif pub_algorithm_type == 20: # ELG # TODO: Should only be allowed for test purposes if k is None: while 1: # This can be pretty darn slow k = random.StrongRandom().randint(1, secret_key.p - 1) if GCD(k, secret_key.p - 1) == 1: break print(k) # TODO: Remove dependence on undocumented method sig_string = PKCS1_v1_5.EMSA_PKCS1_V1_5_ENCODE(hash_, secret_key.size()) return secret_key.sign(sig_string, k) elif pub_algorithm_type == 17: q = secret_key.q qbits = int(math.floor(float(math.log(q, 2)))) + 1 qbytes = int(math.ceil(qbits / 8.0)) if k is None: k = random.StrongRandom().randint(1, q - 1) digest = hash_.digest()[:qbytes] return secret_key.sign(bytes_to_long(digest), k) else: # TODO: complete raise ValueError
def elgamal(): #伪随机数生成器 random_generator = Random.new().read #生成elgamal Key elgKey = ElGamal.generate(256, random_generator) #生成私钥 while 1: alpha = random.StrongRandom().randint(1, elgKey.p - 1) if GCD(alpha, elgKey.p - 1) == 1: break h = mod(elgKey.g, alpha, elgKey.p) message = [33, 14, 22, 62, 00, 17, 4, 62, 24, 14, 20, 66] print('message: ', message) #加密过程 #1.随机选择整数y y = random.StrongRandom().randint(1, elgKey.p - 1) #2.计算c1 c1 = mod(elgKey.g, y, elgKey.p) #3.计算s s = mod(h, y, elgKey.p) #4.对message进行加密 ciphertext = [(m * s) % (elgKey.p) for m in message] print('ciphetext: ', ciphertext) #解密过程 #1.通过c1计算得到s de_s = mod(c1, alpha, elgKey.p) #2.获得明文 x, y, r = ex_gcd(elgKey.p, de_s) s_reverse = y % (elgKey.p) if s_reverse < 0: s_reverse += elgKey.p plaintext = [(m * s_reverse) % (elgKey.p) for m in ciphertext] print('plaintext: ', plaintext)
def random_solve(self): channel_num = self.PUZ['channel_num'] tmp_int = random.StrongRandom().randint(0, channel_num - 1) while self.available_ans["now"].get('ans') != None and str( tmp_int) in self.available_ans["now"]["ans"].keys(): tmp_int = random.StrongRandom().randint(0, channel_num - 1) return self.solve(tmp_int)
def test_nonce_reuse(secret_key=DSA.generate(1024)): # choose a "random" - k :) this time random is static in order to allow this attack to work k = random.StrongRandom().randint(1, secret_key.q - 1) # sign two messages using the same k samples = (Tests.Dsa.signMessage(secret_key, "This is a signed message!", k), Tests.Dsa.signMessage(secret_key, "Another signed Message - :)", k)) logger.debug("generated sample signatures: %s" % repr(samples)) signatures = [ DsaSignature(sig, h, pubkey) for h, sig, pubkey in samples ] logger.debug("Signature Objects: %r" % signatures) two_sigs = [] for sig in signatures: two_sigs.append(sig) if not len(two_sigs) == 2: continue sample = two_sigs.pop(0) logger.debug("%r - recovering privatekey from nonce reuse..." % sample) assert (sample.x is None) # not yet resolved sample.recover_nonce_reuse(two_sigs[0]) assert (sample.x is not None) # privkey recovered assert (sample.privkey == secret_key) logger.debug("%r - Private key recovered! \n%s" % (sample, sample.export_key()))
def generate(self, algorithm, mode): algorithm = algorithm.get() modes = mode.get() mode = get_mode(mode.get()) sim_key = self.HexToByte(get_data(self.sim_key_path, 'Secret key')) if (algorithm.split('-')[0].upper() == 'AES'): iv = Random.new().read(AES.block_size) cipher = AES.new(sim_key, mode, iv) else: iv = Random.new().read(DES3.block_size) cipher = DES3.new(sim_key, mode, iv) data = get_data(self.input_path, 'Data') if len(data) % cipher.block_size != 0: data += ' ' * (cipher.block_size - len(data) % cipher.block_size) encoded = cipher.encrypt(data) encoded = b64encode(encoded) modulus = int(int(get_data(self.public_key_path, 'Modulus'), 16)) public_exp = int( int(get_data(self.public_key_path, 'Public exponent').strip(), 16)) asimmetric_alg = get_data(self.public_key_path, 'Method') if asimmetric_alg != 'RSA': generator = int( int(get_data(self.public_key_path, 'Generator'), 16)) if (asimmetric_alg == 'RSA'): RSAEncryptor = RSA.construct((modulus, public_exp)) encrypted_key = RSAEncryptor.encrypt(sim_key, '') encrypted_key = encrypted_key[0] else: ElGamalEncryptor = ElGamal.construct( (modulus, generator, public_exp)) while 1: k = random.StrongRandom().randint(1, modulus - 1) if GCD(k, modulus - 1) == 1: break encrypted_key = ElGamalEncryptor.encrypt(sim_key, int(k)) k = encrypted_key[1] encrypted_key = encrypted_key[0] file = open(self.envelope_path, 'w') file.write('---BEGIN OS2 CRYPTO DATA---\n') file.write('Description:\n Envelope\n\n') file.write('File name:\n ') file.write(self.envelope_path) file.write('\n\nMethod:\n ' + algorithm.split('-')[0].upper() + '\n ' + asimmetric_alg + '\n\n') if asimmetric_alg != 'RSA': file.write('Secret number:\n ') write_to_file(file, self.ByteToHex(k)) file.write('\n\nCrypt Method:\n ' + modes + '\n\n') file.write('Initialization vector:\n ' + str(self.ByteToHex(iv))) file.write('\n\nKey length:\n ' + str(hex(len(sim_key) * 8)).replace('0x', '') + '\n ') file.write(get_data(self.public_key_path, 'Key length')) file.write('\n\nEnvelope data:\n ') write_to_file(file, encoded.decode()) file.write('\n\nEnvelope crypt key:\n ') write_to_file(file, self.ByteToHex(encrypted_key)) file.write('\n\n---END OS2 CRYPTO DATA---')
def get_message(self, chunk_number, chunk, dst): m = str(chunk_number) + str(chunk) + str(dst) h = SHA256.new(m).digest() k = random.StrongRandom().randint(1, self.dsa_key.q - 1) sig = self.dsa_key.sign(h, k) return struct.pack('H1024s40s40s', socket.htons(chunk_number), chunk, self.long_to_hex(sig[0]), self.long_to_hex(sig[1]))
def sign(self, data): """expect data as bytes """ if not self.dsa.has_private(): return k = random.StrongRandom().randint(1,self.dsa.q-1) return self.dsa.sign(data, k)
def exec_dsa(form): other_params = {} message = form.text.data.encode("utf-8") hash_ = SHA.new(message) form.sha.data = hash_.hexdigest() h = hash_.digest() # 恢复key if not session.get("key"): key = DSA.generate(1024) session["key"] = pickle.dumps(key) else: key = pickle.loads(session["key"]) if form.sign.data: k = random.StrongRandom().randint(1, key.q - 1) sig = key.sign(h, k) form.signature.data = "%s, %s" % (hex(sig[0])[2:-1], hex(sig[1])[2:-1]) elif form.verify.data: ssig = form.signature.data.split(", ") try: sig = (int(ssig[0], base=16), int(ssig[1], base=16)) except (IndexError, UnicodeEncodeError): flash(u"签名格式错误!") else: if key.verify(h, sig): flash(u"签名验证成功!") else: flash(u"签名验证失败!") return form, other_params
def __init__(self, key, *, Fast = False): if Fast: from Crypto.PublicKey import RSA from Crypto.Random import random try: self.key = RSA.importKey(key) except ValueError: raise self.random = random.StrongRandom() if self.key.has_private(): self.encrypt_block = self.fast_private_encrypt_block self.decrypt_block = self.fast_private_decrypt_block else: self.encrypt_block = self.fast_public_encrypt_block self.decrypt_block = self.fast_public_decrypt_block self.DecryptBlockSize = (self.key.size() + 1) // 8 self.EncryptBlockSize = self.DecryptBlockSize - 11 else: try: self.key = rsa.key.PublicKey.load_pkcs1(key, 'DER') self.encrypt_block = self.slow_public_encrypt_block self.decrypt_block = self.slow_public_decrypt_block except PyAsn1Error: self.key = rsa.key.PrivateKey.load_pkcs1(key, 'DER') self.encrypt_block = self.slow_private_encrypt_block self.decrypt_block = self.slow_private_decrypt_block self.DecryptBlockSize = rsa.common.byte_size(self.key.n) self.EncryptBlockSize = self.DecryptBlockSize - 11
def _generate_nonce(self, nonce_length=24): """ Generate a nonce used to make a request unique. - `nonce_length`, length of the generated nonce. Returns: a nonce. """ try: int(nonce_length) if nonce_length < APIRequest.min_nonce_length or nonce_length > APIRequest.max_nonce_length: raise ValueError() except ValueError: raise APIRequestError( "Nonce length must be an int between %d and %d chars" % (APIRequest.min_nonce_length, APIRequest.max_nonce_length)) rand = random.StrongRandom() nonce = "" nonce = [ rand.choice(APIRequest.nonce_allowable_chars) for i in range(0, nonce_length) ] return "".join(nonce)
def gen_perm(self, l): x = list(range(l)) for i in range(l): d = random.StrongRandom().randint(0, i) if i != d: x[i] = x[d] x[d] = i return x
def getStrongRandomKey(bits): sRandom = random.StrongRandom() randomBits = sRandom.getrandbits(bits) stringRandomBits = str(randomBits) sRandomPrivateKey = SHA256.new(stringRandomBits).hexdigest() return sRandomPrivateKey
def sign(self, message): h = Hash.SHA.new(message.encode('utf-8')).digest() while 1: k = rd.StrongRandom().randint(1, self.__key.p - 1) if GCD(k, self.__key.p - 1) == 1: break sig = self.__key.sign(h, k) return sig
def Encrypt(g, y, m, p): #随机生成一个整数r r = random.StrongRandom().randint(1, p - 1) c1 = mod(g, r, p) tmp = mod(y, r, p) c2 = (m * tmp) % p print('Y的加密结果为({0},{1})'.format(c1, c2)) return c1, c2
def vote(key, m, crypt): while 1: k = random.StrongRandom().randint(1, key.p - 2) if GCD(k, key.p - 1) == 1: break cryptuple = key.encrypt(key.g**m, k) out = "%s\n" % (cryptuple, ) with open(crypt, 'a') as vote_crypt: vote_crypt.write(out)
def __init__(self, seed=1012810): self.nState = RandomState(seed) self.cState = random.StrongRandom() # Sampler warmup print "Starting Sampler Warm-up" junk = self.nState.random_sample(10000) print "Warm-up Complete"
def pad(text): """ Pads text to be encrypted """ pad_length = (blocksize - len(text) % blocksize) sr = random.StrongRandom() pad = ''.join(chr(sr.randint(1, 0xFF)) for i in range(pad_length - 1)) # We use chr(0) as a delimiter between text and padding return text + chr(0) + pad
def _cacu_ans(self, puzzle_attr, server_pk): if puzzle_attr.get('ans') != None and len( puzzle_attr["ans"].keys()) > 0: channel, tmp_ans = random.StrongRandom().choice( list(puzzle_attr["ans"].items())) ans = self._exp_and_sqr(server_pk, tmp_ans, puzzle_attr['p']) ans = self._first_n_bits(ans, 48) return True, (channel, ans) else: return False, ('0', 0)
def sign(message, key, hash_alg): h = hashes[hash_alg].new(message.encode()).digest() while True: k = random.StrongRandom().randint(1, key.key.p-1) if GCD(k, key.key.p-1) == 1: break sign = key.key.sign(h,k) return {'message': message, 'signature': sign, 'hash_alg':hash_alg}
def dsa_sign(dsakey, message): dsakey = DSA.construct(dsakey) h = SHA.new(message).digest() k = random.StrongRandom().randint(1, dsakey.q-1) sign = dsakey.sign(h,k) sign_r = sign[0].to_bytes(20, 'big') sign_s = sign[1].to_bytes(20, 'big') signature = struct.pack('<B', 4 + len(sign_r) + len(sign_s)) + b'\x00\x00\x00' + b'\x00' + \ struct.pack('<B', len(sign_r)*8) + sign_r + b'\x00' + struct.pack('<B', len(sign_s)*8) + sign_s return signature
def create_transaction(self, receiverAddress, amount, password): """Create a new transaction.""" allDSAKey = CryptoLib.restoreWalletDSAKey(password, self.encryptedDSAKey) if isinstance(allDSAKey, str): return "Password Error" else: k = random.StrongRandom().randint(1, allDSAKey.q - 1) senderSignature = allDSAKey.sign(receiverAddress.encode() + str(amount).encode(), k) newTransaction = Block.Transaction(senderPublicKey=self.myDSAPublicKey, senderSignature=senderSignature, receiverWallet=receiverAddress, amount=amount) return newTransaction
def encrypt(lat, lon, key): """TODO: Docstring for encrypt. :arg1: TODO :returns: TODO """ while True: k = random.StrongRandom().randint(1, key.p-1) if GCD(k, key.p-1) == 1: break return key.encrypt(lat, k)
def sign(self, user_id, record_id): session = session_class() digital_sign = session.query(DDigitalSign).filter_by( doctor_id=user_id, record_id=record_id).first() if digital_sign is not None: session.close() return False, '该病历已被签名' user = session.query(DUser).filter_by(id=user_id).first() if user is None: session.close() return False, '用户不存在' info = session.query(DDoctorInfo).filter_by( id=user.doctor_info_id).first() if user is None: session.close() return False, '用户信息不存在' private_key = session.query(DPrivateKey).filter_by( id=info.private_key_id).first() if private_key is None: session.close() return False, '用户密钥不存在' record = session.query(DMedicalRecord).filter_by(id=record_id).first() if record is None: session.close() return False, '病历不存在' plain_text = str(record.id) + record.r_name + record.company + str( record.gender) + record.address + str(record.age) + str( record.department_id) + record.nation + record.symptom + str( record.r_date.year) + '.' + str( record.r_date.month) + '.' + str( record.r_date.day) + record.conclusion print(len(plain_text), plain_text) hashed_text = SHA256.new(plain_text.encode('utf-8')).digest() print(len(hashed_text), hashed_text) key = DSA.construct((int(private_key.key_y), int(private_key.key_g), int(private_key.key_p), int(private_key.key_q), int(private_key.key_x))) k = random.StrongRandom().randint(1, key.q - 1) sign = key.sign(hashed_text, k) sign_data = DDigitalSign(doctor_id=user_id, record_id=record_id, sign_1=str(sign[0]), sign_2=str(sign[1])) try: session.add(sign_data) session.commit() session.close() return True, '签名成功' except Exception as e: print('repr(e):\t', repr(e)) session.rollback() session.close() return False, '数据库错误'
def sign(self, h, priv_key=None, nonce=None): x = self.__x if priv_key is None else priv_key while True: k = random.StrongRandom().randint(1, q-1) if nonce is None else nonce r = pow(g, k, p) % q s2 = number.inverse(k, q) * (number.bytes_to_long(h) + x * r) s = pow(k, q-2, q) * (number.bytes_to_long(h) + x * r) assert(s2 == s) s = s % q if r != 0 and s != 0: self.k = k return (r, s)
def main(): # Run this until the user exits while True: # Take two integers as input x = int(input("Enter an integer or -1 to exit: ")) if x == -1: break y = int(input("Enter another integer: ")) # Generate r for g^r while 1: k1 = random.StrongRandom().randint(1, key.p - 1) if GCD(k1, key.p - 1) == 1: break # Encrypt the first integer encryption_1 = key.encrypt(x, k1) # Generate another r for g^r while 1: k2 = random.StrongRandom().randint(1, key.p - 1) if GCD(k2, key.p - 1) == 1: break # Encrypt the second integer encryption_2 = key.encrypt(y, k2) # Make Enc(x)*Enc(y) mult_enc = (encryption_1[0] * encryption_2[0], encryption_1[1] * encryption_2[1]) # Decrypt Enc(x)*Enc(y) new_decryption = key.decrypt(mult_enc) # Compare the decryption with actual multiplication if new_decryption != x * y: print("Encryption not homomorphic") else: print(new_decryption, "==", x * y, "Encryption is homomorphic")
def signMessage(privkey,msg,k=None): ''' create DSA signed message @arg privkey ... privatekey as DSA obj @arg msg ... message to sign @arg k ... override random k ''' k = k or random.StrongRandom().randint(1, privkey.q-1) # generate msg hash # sign the messages using privkey h = SHA.new(msg).digest() r,s = privkey.sign(h,k) return msg,h,(r,s),privkey.publickey()
def initiate_DH(self): # send first DH parameter to all users print 'Generating Diffie-Hellman parameters' self.DH_params = ElGamal.generate(p_size, Random.new().read) print 'Generated' params_string = str(self.DH_params.y) + '|' + str( self.DH_params.g) + '|' + str(self.DH_params.p) DH_msg1 = DH_INIT + '|' + params_string self.process_outgoing_message(msg_raw=DH_msg1, originates_from_console=False) self.symm_key = number.long_to_bytes( random.StrongRandom().getrandbits(128)) self.save_symm_key()
def main(): # if g=0, then r=0, s=h/k, verification will always pass, because g**x = 0 forall x print('=== Forging signature ===') msg = b"""Hello, world""" hb = SHA.new(msg).digest() y = number.bytes_to_long(b'\x08\x4a\xd4\x71\x9d\x04\x44\x95\x49\x6a\x32\x01\xc8\xff\x48\x4f\xeb\x45\xb9\x62\xe7\x30\x2e\x56\xa3\x92\xae\xe4\xab\xab\x3e\x4b\xde\xbf\x29\x55\xb4\x73\x60\x12\xf2\x1a\x08\x08\x40\x56\xb1\x9b\xcd\x7f\xee\x56\x04\x8e\x00\x4e\x44\x98\x4e\x2f\x41\x17\x88\xef\xdc\x83\x7a\x0d\x2e\x5a\xbb\x7b\x55\x50\x39\xfd\x24\x3a\xc0\x1f\x0f\xb2\xed\x1d\xec\x56\x82\x80\xce\x67\x8e\x93\x18\x68\xd2\x3e\xb0\x95\xfd\xe9\xd3\x77\x91\x91\xb8\xc0\x29\x9d\x6e\x07\xbb\xb2\x83\xe6\x63\x34\x51\xe5\x35\xc4\x55\x13\xb2\xd3\x3c\x99\xea\x17') z = random.StrongRandom().randint(1, q-1) r = pow(y, z, p) % q s = (r * number.inverse(z, q)) % q print('r:', r) print('s:', s) myDSA = MyDSASigner() print("Verification:", myDSA.verify((r, s), hb, y))
def shuffle_decrypt(self, msgs, last=True): msgs2 = msgs.copy() msgs3 = [] while msgs2: n = random.StrongRandom().randint(0, len(msgs2) - 1) a, b, j, qid = msgs2.pop(n) clear = self.decrypt((a, b)) if last: msg = {clear: [j, qid]} else: msg = (a, clear, j, qid) msgs3.append(msg) return msgs3
def generate(self, hash_function): data = get_data(self.input_path, 'Data') modulus = int(int(get_data(self.private_key_path, 'Modulus'), 16)) private_exp = int( int(get_data(self.private_key_path, 'Private exponent'), 16)) public_exp = int( int(get_data(self.public_key_path, 'Public exponent').strip(), 16)) private_key_size = get_data(self.private_key_path, 'Key length') asimmetric_alg = get_data(self.private_key_path, 'Method') m = hashlib.new(hash_function.get()) m.update(data.encode(encoding='utf-8')) hash = m.digest() if (asimmetric_alg == 'RSA'): RSAEncryptor = RSA.construct((modulus, public_exp, private_exp)) signature = RSAEncryptor.sign(hash, '')[0] self.signature_second_part = '' else: generator = int( int(get_data(self.private_key_path, 'Generator'), 16)) ElGamalEncryptor = ElGamal.construct( (modulus, generator, public_exp, private_exp)) while 1: k = random.StrongRandom().randint(1, int(modulus - 1)) if GCD(k, int(modulus - 1)) == 1: break signature = ElGamalEncryptor.sign(hash, int(k)) k = signature[1] signature = signature[0] self.signature = signature data = b64encode(data.encode()) signature = hex(signature) # zapisivanje file = open(self.signature_path, 'w') file.write('---BEGIN OS2 CRYPTO DATA---\n') file.write('Description:\n Signature\n\n') file.write('File name:\n ') file.write(self.signature_path) file.write('\n\nMethod:\n ' + hash_function.get() + '\n ' + asimmetric_alg) if asimmetric_alg != 'RSA': file.write('\n\nSecret number:\n ') write_to_file(file, str(hex(k).upper()[2:])) file.write('\n\nKey length:\n ') file.write( str(hex(len(hash) * 8)).upper().replace('0X', '') + '\n ') file.write(private_key_size) file.write('\n\nData:\n ') write_to_file(file, data.decode()) file.write('\n\nSignature:\n ') write_to_file(file, str(signature).upper().replace('0X', '')) file.write('\n\n---END OS2 CRYPTO DATA---')