예제 #1
0
def ec_generate_pair(curve):
    """
    Generates a EC public/private key pair

    :param curve:
        A unicode string. Valid values include "secp256r1", "secp384r1" and
        "secp521r1".

    :raises:
        ValueError - when any of the parameters contain an invalid value
        TypeError - when any of the parameters are of the wrong type

    :return:
        A 2-element tuple of (asn1crypto.keys.PublicKeyInfo,
        asn1crypto.keys.PrivateKeyInfo)
    """

    if curve not in set(['secp256r1', 'secp384r1', 'secp521r1']):
        raise ValueError(
            pretty_message(
                '''
            curve must be one of "secp256r1", "secp384r1", "secp521r1", not %s
            ''', repr(curve)))

    curve_num_bytes = CURVE_BYTES[curve]
    curve_base_point = {
        'secp256r1': SECP256R1_BASE_POINT,
        'secp384r1': SECP384R1_BASE_POINT,
        'secp521r1': SECP521R1_BASE_POINT,
    }[curve]

    while True:
        private_key_bytes = rand_bytes(curve_num_bytes)
        private_key_int = int_from_bytes(private_key_bytes, signed=False)

        if private_key_int > 0 and private_key_int < curve_base_point.order:
            break

    private_key_info = keys.PrivateKeyInfo({
        'version':
        0,
        'private_key_algorithm':
        keys.PrivateKeyAlgorithm({
            'algorithm':
            'ec',
            'parameters':
            keys.ECDomainParameters(name='named', value=curve)
        }),
        'private_key':
        keys.ECPrivateKey({
            'version': 'ecPrivkeyVer1',
            'private_key': private_key_int
        }),
    })

    ec_point = ec_compute_public_key_point(private_key_info)
    private_key_info['private_key'].parsed['public_key'] = ec_point.copy()

    return (ec_public_key_info(ec_point, curve), private_key_info)
예제 #2
0
 def test_decrypt(self):
     with open('/Users/robert/test.pri', 'r') as file:
         privateKey_data = file.read()
     print(privateKey_data.encode('utf-8'))
     data = load_pem_private_key(privateKey_data.encode('utf-8'), password=b'trustasia-cloudpki', backend=default_backend())
     privateKey = data.private_bytes(
         encoding=Encoding.DER,
         format=PrivateFormat.PKCS8,
         encryption_algorithm=NoEncryption())
     private_key = keys.PrivateKeyInfo().load(privateKey)
     print(private_key.native)
예제 #3
0
    def test_ec_private_key_info_width(self):
        pki = keys.PrivateKeyInfo({
            'version': 0,
            'private_key_algorithm': {
                'algorithm': 'ec',
                'parameters': ('named', 'secp256r1'),
            },
            'private_key': {
                'version': 1,
                'private_key': 1
            }
        })

        k = pki['private_key'].parsed
        self.assertEqual('ecPrivkeyVer1', k['version'].native)
        self.assertEqual(1, k['private_key'].native)
        self.assertEqual(None, k['parameters'].native)
        self.assertEqual(
            b'\x04\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
            b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01',
            k['private_key'].dump())
예제 #4
0
파일: utils.py 프로젝트: mr-tan4/ocsp
 def parse(self, data):
     serial_number = None
     # 得到ca证书信息
     ca = x509.Certificate().load(data['certificate_data'])
     for k, v in ca.native['tbs_certificate'].items():
         if k == 'serial_number':
             serial_number = v
     # 获取ca私钥信息
     private_key_data = load_pem_private_key(data['private_key_data'].encode('utf-8'), password=b'trustasia-cloudpki',
                                             backend=default_backend())
     private_key_data = private_key_data.private_bytes(
         encoding=Encoding.DER,
         format=PrivateFormat.PKCS8,
         encryption_algorithm=NoEncryption())
     ca_privateKey = keys.PrivateKeyInfo().load(private_key_data)
     ca_info = {
         'ca': ca,
         'ca_privateKey': ca_privateKey,
         'ca_serialNumber': serial_number
     }
     return ca_info
예제 #5
0
파일: utils.py 프로젝트: mr-tan4/ocsp
 def get_responder(self, serialNumber):
     connect = pymysql.connect(host=Config.db_url, port=Config.port, user=Config.user_name, password=Config.password,
                               db=Config.db)
     cur = connect.cursor(cursor=pymysql.cursors.DictCursor)
     cur.execute(Config.sql.format(str(serialNumber) + '_responser'))
     rest = cur.fetchall()
     connect.commit()
     cur.close()
     connect.close()
     cert_data = base64.b64decode(rest[0]['cert'])
     responder_cert = x509.Certificate().load(cert_data)
     private_key_data = load_pem_private_key(rest[0]['privatekey'].encode('utf-8'), password=b'trustasia-cloudpki',
                                             backend=default_backend())
     private_key_data = private_key_data.private_bytes(
         encoding=Encoding.DER,
         format=PrivateFormat.PKCS8,
         encryption_algorithm=NoEncryption())
     responder_privatekey = keys.PrivateKeyInfo().load(private_key_data)
     responder_info = {
         'responder_cert': responder_cert,
         'responder_privatekey': responder_privatekey
     }
     return responder_info