def wrap(private_key,
key_oid,
passphrase=None,
protection=None,
prot_params=None,
key_params=None,
randfunc=None):
"""Wrap a private key into a PKCS#8 blob (clear or encrypted).
Args:
private_key (byte string):
The private key encoded in binary form. The actual encoding is
algorithm specific. In most cases, it is DER.
key_oid (string):
The object identifier (OID) of the private key to wrap.
It is a dotted string, like ``1.2.840.113549.1.1.1`` (for RSA keys).
passphrase (bytes string or string):
The secret passphrase from which the wrapping key is derived.
Set it only if encryption is required.
protection (string):
The identifier of the algorithm to use for securely wrapping the key.
The default value is ``PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC``.
prot_params (dictionary):
Parameters for the protection algorithm.
+------------------+-----------------------------------------------+
| Key | Description |
+==================+===============================================+
| iteration_count | The KDF algorithm is repeated several times to|
| | slow down brute force attacks on passwords |
| | (called *N* or CPU/memory cost in scrypt). |
| | The default value for PBKDF2 is 1000. |
| | The default value for scrypt is 16384. |
+------------------+-----------------------------------------------+
| salt_size | Salt is used to thwart dictionary and rainbow |
| | attacks on passwords. The default value is 8 |
| | bytes. |
+------------------+-----------------------------------------------+
| block_size | *(scrypt only)* Memory-cost (r). The default |
| | value is 8. |
+------------------+-----------------------------------------------+
| parallelization | *(scrypt only)* CPU-cost (p). The default |
| | value is 1. |
+------------------+-----------------------------------------------+
key_params (DER object):
The algorithm parameters associated to the private key.
It is required for algorithms like DSA, but not for others like RSA.
randfunc (callable):
Random number generation function; it should accept a single integer
N and return a string of random data, N bytes long.
If not specified, a new RNG will be instantiated
from :mod:`Cryptodome.Random`.
Return:
The PKCS#8-wrapped private key (possibly encrypted), as a byte string.
"""
if key_params is None:
key_params = DerNull()
#
# PrivateKeyInfo ::= SEQUENCE {
# version Version,
# privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
# privateKey PrivateKey,
# attributes [0] IMPLICIT Attributes OPTIONAL
# }
#
pk_info = DerSequence([
0,
DerSequence([DerObjectId(key_oid), key_params]),
DerOctetString(private_key)
])
pk_info_der = pk_info.encode()
if passphrase is None:
return pk_info_der
if not passphrase:
raise ValueError("Empty passphrase")
# Encryption with PBES2
passphrase = tobytes(passphrase)
if protection is None:
protection = 'PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC'
return PBES2.encrypt(pk_info_der, passphrase, protection, prot_params,
randfunc)
def test3(self):
ct = PBES2.encrypt(self.ref, self.passphrase,
'PBKDF2WithHMAC-SHA1AndAES192-CBC')
pt = PBES2.decrypt(ct, self.passphrase)
self.assertEqual(self.ref, pt)
def test6(self):
ct = PBES2.encrypt(self.ref, self.passphrase, 'scryptAndAES256-CBC')
pt = PBES2.decrypt(ct, self.passphrase)
self.assertEqual(self.ref, pt)
def wrap(private_key, key_oid, passphrase=None, protection=None,
prot_params=None, key_params=None, randfunc=None):
"""Wrap a private key into a PKCS#8 blob (clear or encrypted).
:Parameters:
private_key : byte string
The private key encoded in binary form. The actual encoding is
algorithm specific. In most cases, it is DER.
key_oid : string
The object identifier (OID) of the private key to wrap.
It is a dotted string, like "``1.2.840.113549.1.1.1``" (for RSA keys).
passphrase : (binary) string
The secret passphrase from which the wrapping key is derived.
Set it only if encryption is required.
protection : string
The identifier of the algorithm to use for securely wrapping the key.
The default value is '``PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC``'.
prot_params : dictionary
Parameters for the protection algorithm.
+------------------+-----------------------------------------------+
| Key | Description |
+==================+===============================================+
| iteration_count | The KDF algorithm is repeated several times to|
| | slow down brute force attacks on passwords |
| | (called *N* or CPU/memory cost in scrypt). |
| | |
| | The default value for PBKDF2 is 1 000. |
| | The default value for scrypt is 16 384. |
+------------------+-----------------------------------------------+
| salt_size | Salt is used to thwart dictionary and rainbow |
| | attacks on passwords. The default value is 8 |
| | bytes. |
+------------------+-----------------------------------------------+
| block_size | *(scrypt only)* Memory-cost (r). The default |
| | value is 8. |
+------------------+-----------------------------------------------+
| parallelization | *(scrypt only)* CPU-cost (p). The default |
| | value is 1. |
+------------------+-----------------------------------------------+
key_params : DER object
The algorithm parameters associated to the private key.
It is required for algorithms like DSA, but not for others like RSA.
randfunc : callable
Random number generation function; it should accept a single integer
N and return a string of random data, N bytes long.
If not specified, a new RNG will be instantiated
from ``Cryptodome.Random``.
:Return:
The PKCS#8-wrapped private key (possibly encrypted),
as a binary string.
"""
if key_params is None:
key_params = DerNull()
#
# PrivateKeyInfo ::= SEQUENCE {
# version Version,
# privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
# privateKey PrivateKey,
# attributes [0] IMPLICIT Attributes OPTIONAL
# }
#
pk_info = DerSequence([
0,
DerSequence([
DerObjectId(key_oid),
key_params
]),
DerOctetString(private_key)
])
pk_info_der = pk_info.encode()
if passphrase is None:
return pk_info_der
if not passphrase:
raise ValueError("Empty passphrase")
# Encryption with PBES2
passphrase = tobytes(passphrase)
if protection is None:
protection = 'PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC'
return PBES2.encrypt(pk_info_der, passphrase,
protection, prot_params, randfunc)
def test6(self):
ct = PBES2.encrypt(self.ref, self.passphrase, "scryptAndAES256-CBC")
pt = PBES2.decrypt(ct, self.passphrase)
self.assertEqual(self.ref, pt)
def test3(self):
ct = PBES2.encrypt(self.ref, self.passphrase, "PBKDF2WithHMAC-SHA1AndAES192-CBC")
pt = PBES2.decrypt(ct, self.passphrase)
self.assertEqual(self.ref, pt)
def test5(self):
ct = PBES2.encrypt(self.ref, self.passphrase,
'scryptAndAES192-CBC')
pt = PBES2.decrypt(ct, self.passphrase)
self.assertEqual(self.ref, pt)
def test2(self):
ct = PBES2.encrypt(self.ref, self.passphrase,
'PBKDF2WithHMAC-SHA1AndAES128-CBC')
pt = PBES2.decrypt(ct, self.passphrase)
self.assertEqual(self.ref, pt)