def test_generate_sign_verify(self): msg = b'1234567890ABCDEFGH' k1 = rsa_key.RSAKey() k1.generate(1024) sig = k1.sign(msg) assert k1.verify(sig, msg, signature_as_digits=True) k2 = rsa_key.RSAKey() k2.fromString(k1.toPublicString()) assert k2.verify(sig, msg) is True sig_raw = k1.sign(msg, as_digits=False) assert k2.verify(sig_raw, msg, signature_as_digits=False) is True
def test_many_times(self): for _ in range(10): k1 = rsa_key.RSAKey() k1.generate(1024) k2 = rsa_key.RSAKey() k2.fromString(k1.toPublicString()) for _ in range(100): msg = cipher.make_key() sig = k1.sign(msg) if not k2.verify(sig, msg): assert False, (k1.toPrivateString(), msg, sig)
def generate_key(key_id, label='', key_size=4096, keys_folder=None): """ """ if key_id in known_keys(): lg.warn('key "%s" already exists' % key_id) return None if not label: label = 'key%s' % utime.make_timestamp() if _Debug: lg.out( _DebugLevel, 'my_keys.generate_key "%s" of %d bits, label=%r' % (key_id, key_size, label)) key_object = rsa_key.RSAKey() key_object.generate(key_size) key_object.label = label known_keys()[key_id] = key_object if _Debug: lg.out(_DebugLevel, ' key %s generated' % key_id) if not keys_folder: keys_folder = settings.KeyStoreDir() save_key(key_id, keys_folder=keys_folder) events.send('key-generated', data=dict( key_id=key_id, label=label, key_size=key_size, )) return key_object
def load_local_keys(keys_folder=None): """ """ if not keys_folder: keys_folder = settings.KeyStoreDir() if _Debug: lg.out(_DebugLevel, 'my_keys.load_local_keys will read files from %s' % keys_folder) known_keys().clear() count = 0 for key_filename in os.listdir(keys_folder): key_filepath = os.path.join(keys_folder, key_filename) try: key_object = rsa_key.RSAKey() key_object.fromFile(key_filepath) except: lg.exc() continue if not key_object.isPublic(): if not validate_key(key_object): lg.warn('validation failed for %s' % key_filepath) continue key_id = key_filename.replace('.private', '').replace('.public', '') if not is_valid_key_id(key_id): lg.warn('key_id is not valid: %s' % key_id) continue known_keys()[key_id] = key_object count += 1 if _Debug: lg.out(_DebugLevel, ' %d keys loaded' % count)
def load_key(key_id, keys_folder=None): global _LatestLocalKeyID if not is_valid_key_id(key_id): lg.warn('key is not valid: %r' % key_id) return False key_dict = read_key_file(key_id, keys_folder=keys_folder) try: key_object = rsa_key.RSAKey() key_object.fromDict(key_dict) except: lg.exc() return False if not key_object.isPublic(): if not validate_key(key_object): lg.warn('validation failed for: %r' % key_id) return False known_keys()[key_id] = key_object if key_dict.get('need_to_convert'): save_key(key_id, keys_folder=keys_folder) lg.info('key %r format converted to JSON' % key_id) else: if key_object.local_key_id is not None: if _LatestLocalKeyID < key_object.local_key_id: _LatestLocalKeyID = key_object.local_key_id save_latest_local_key_id(keys_folder=keys_folder) local_keys()[key_object.local_key_id] = key_id local_keys_index()[ key_object.toPublicString()] = key_object.local_key_id if _Debug: lg.out( _DebugLevel, 'my_keys.load_key %r label=%r is_private=%r local_key_id=%r from %s' % ( key_id, key_object.label, not key_object.isPublic(), key_object.local_key_id, keys_folder, )) else: lg.warn('for key %r local_key_id was not set' % key_id) events.send('key-loaded', data=dict( key_id=key_id, label=key_object.label, key_size=key_object.size(), )) listeners.push_snapshot('key', snap_id=key_id, data=make_key_info( key_object=key_object, key_id=key_id, event='key-loaded', include_private=False, include_local_id=True, include_signature=True, include_label=True, )) return True
def DecryptOpenSSHPrivateKey(privkeystring, inp): """ Decrypt ``inp`` string with a Private Key provided as string in PEM format. """ priv_key = rsa_key.RSAKey() priv_key.fromString(privkeystring) result = priv_key.decrypt(inp) return result
def EncryptOpenSSHPublicKey(pubkeystring, inp): """ Encrypt ``inp`` string with given Public Key. """ pub_key = rsa_key.RSAKey() pub_key.fromString(pubkeystring) result = pub_key.encrypt(inp) return result
def unserialize_key_to_object(raw_string): try: key_object = rsa_key.RSAKey() key_object.fromString(raw_string) except: lg.exc() return None return key_object
def load_key(key_id, keys_folder=None): """ """ if not is_valid_key_id(key_id): lg.warn('key_id is not valid: %s' % key_id) return False if not keys_folder: keys_folder = settings.KeyStoreDir() key_filepath = os.path.join(keys_folder, '%s.private' % key_id) is_private = True if not os.path.exists(key_filepath): key_filepath = os.path.join(keys_folder, '%s.public' % key_id) is_private = False key_raw = local_fs.ReadTextFile(key_filepath) if not key_raw: lg.warn('failed reading key from %r' % key_filepath) return False key_raw_strip = key_raw.strip() need_to_convert = False try: if key_raw_strip.startswith('{') and key_raw_strip.endswith('}'): key_dict = jsn.loads_text(key_raw_strip) else: key_dict = { 'label': key_id, 'body': key_raw_strip, } need_to_convert = True except: lg.exc() return False try: key_object = rsa_key.RSAKey() key_object.fromDict(key_dict) except: lg.exc() return False if not key_object.isPublic(): if not validate_key(key_object): lg.warn('validation failed for %s' % key_filepath) return False known_keys()[key_id] = key_object if _Debug: lg.out( _DebugLevel, 'my_keys.load_key %r label=%r is_private=%r from %s' % ( key_id, key_object.label, is_private, keys_folder, )) if need_to_convert: save_key(key_id, keys_folder=keys_folder) lg.info('key %r format converted to JSON' % key_id) return True
def VerifySignature(pubkeystring, hashcode, signature): """ Verify signature, this calls function ``Crypto.PublicKey.RSA.verify`` to verify. :param keystring: PublicKey in openssh format. :param hashcode: input data to verify, we use method ``Hash`` to prepare that. :param signature: string with signature to verify. Return True if signature is correct, otherwise False. """ pub_key = rsa_key.RSAKey() pub_key.fromString(pubkeystring) result = pub_key.verify(signature, hashcode) return result
def LoadMyKey(keyfilename=None): global _MyKeyObject if keyfilename is None: keyfilename = settings.KeyFileName() if os.path.exists(keyfilename + '_location'): newkeyfilename = bpio.ReadTextFile(keyfilename + '_location').strip() if os.path.exists(newkeyfilename): keyfilename = newkeyfilename if os.path.exists(keyfilename): _MyKeyObject = rsa_key.RSAKey() _MyKeyObject.fromFile(keyfilename) if _Debug: lg.out(_DebugLevel, 'key.InitMyKey loaded private key from %s' % (keyfilename)) return ValidateKey() return False
def load_local_keys(keys_folder=None): """ """ if not keys_folder: keys_folder = settings.KeyStoreDir() if _Debug: lg.out(_DebugLevel, 'my_keys.load_local_keys will read files from %s' % keys_folder) known_keys().clear() count = 0 for key_filename in os.listdir(keys_folder): key_filepath = os.path.join(keys_folder, key_filename) key_id = key_filename.replace('.private', '').replace('.public', '') if not is_valid_key_id(key_id): lg.warn('key_id is not valid: %s' % key_id) continue key_raw = local_fs.ReadTextFile(key_filepath) if not key_raw: lg.warn('failed reading key from %r' % key_filepath) continue key_raw_strip = key_raw.strip() try: if key_raw_strip.startswith('{') and key_raw_strip.endswith('}'): key_dict = jsn.loads_text(key_raw_strip) else: key_dict = { 'label': key_id, 'body': key_raw_strip, } except: lg.exc() continue try: key_object = rsa_key.RSAKey() key_object.fromDict(key_dict) except: lg.exc() continue if not key_object.isPublic(): if not validate_key(key_object): lg.warn('validation failed for %s' % key_filepath) continue known_keys()[key_id] = key_object count += 1 if _Debug: lg.out(_DebugLevel, ' %d keys loaded' % count) return count
def GenerateNewKey(keyfilename=None): global _MyKeyObject if keyfilename is None: keyfilename = settings.KeyFileName() if os.path.exists(keyfilename + '_location'): newkeyfilename = bpio.ReadTextFile(keyfilename + '_location').strip() if os.path.exists(newkeyfilename): keyfilename = newkeyfilename if _Debug: lg.out(_DebugLevel, 'key.InitMyKey generate new private key') _MyKeyObject = rsa_key.RSAKey() _MyKeyObject.generate(settings.getPrivateKeySize()) keystring = _MyKeyObject.toPrivateString() bpio.WriteTextFile(keyfilename, keystring) if _Debug: lg.out(_DebugLevel, ' wrote %d bytes to %s' % (len(keystring), keyfilename)) del keystring gc.collect()
def generate_key(key_id, key_size=4096, keys_folder=None): """ """ if key_id in known_keys(): lg.warn('key "%s" already exists' % key_id) return None lg.out(4, 'my_keys.generate_key "%s" of %d bits' % (key_id, key_size)) key_object = rsa_key.RSAKey() key_object.generate(key_size) known_keys()[key_id] = key_object if not keys_folder: keys_folder = settings.KeyStoreDir() key_string = key_object.toPrivateString() key_filepath = os.path.join(keys_folder, key_id + '.private') bpio.WriteTextFile(key_filepath, key_string) if _Debug: lg.out(_DebugLevel, ' key %s generated, saved to %s' % (key_id, key_filepath)) return key_object
def generate_key(key_id, label='', key_size=4096, keys_folder=None): global _LatestLocalKeyID key_id = latest_key_id(key_id) if is_key_registered(key_id): lg.warn('key %r already registered' % key_id) return None if not label: label = 'key%s' % utime.make_timestamp() if _Debug: lg.out( _DebugLevel, 'my_keys.generate_key %r of %d bits, label=%r' % (key_id, key_size, label)) _LatestLocalKeyID += 1 save_latest_local_key_id(keys_folder=keys_folder) key_object = rsa_key.RSAKey() key_object.generate(key_size) key_object.label = label key_object.local_key_id = _LatestLocalKeyID known_keys()[key_id] = key_object if _Debug: lg.out(_DebugLevel, ' key %r generated' % key_id) if not keys_folder: keys_folder = settings.KeyStoreDir() save_key(key_id, keys_folder=keys_folder) events.send('key-generated', data=dict( key_id=key_id, label=label, key_size=key_size, )) listeners.push_snapshot('key', snap_id=key_id, data=make_key_info( key_object=key_object, key_id=key_id, event='key-generated', include_private=False, include_local_id=True, include_signature=True, include_label=True, )) return key_object
def test_signature_begins_with_zero_byte(self): pk = '''-----BEGIN RSA PRIVATE KEY----- MIICXQIBAAKBgQDrwjGUyNKFsrZzyxlfdFkStPWokQsKqjlR77xre6shrRJxfbHm aweImvH9+x0on30ORLjk2PeVa2tp+z7hn35wS8VBx+lKOrCHDPPq5uZuNLD1KJHN slzWzCxnquHVbrbop533S90ZA4IEi5SP/NkPjv8O/dm2JQfZTBLnum7GeQIDAQAB AoGABESrRiDOouoF4JnMN0yxciPBkNAzbXmAeSnIdP+zrPPnshNO/bdxVvlLKUh7 Eim1B2WaHVaKQPPFaZFJZadQECqBM4DlxbyPN/7Xj59A5WeTMRw0eBnBq2IXmVzy WVlW/Uy0cB+vxWj2YDo5+QI5UZ2GkZMZ57SrmiNOuAtUoUkCQQDwS6ZuFTft+de5 vdrXjhft0ahsecGTKg08sEFjHTwI9UPMIr1T9ZYjmYIzTLcEls3uVXRQulN8VeaD r5WpYBZdAkEA+yqi/TUihJryoRatY7Qb63oRbD7RfoGeItpyU3stQrrs4SXSe/j3 jP6VauaYvRHaT9IJpgHCjF0yIMXY6AZ2zQJACbZ1FrQC27qijp5u7xGORA2aajAN s/4aJN7W9cOjvpTzVZf94RvnIq88xQgPyb6yujR4DB9L6pWqSJ5bRUpd/QJBAPp0 JrlFbdk7RWx614WPiTPDsnH1JiP3DoCEwfIa5yQej61ncL9soTV4e/hwX6hRkBd+ Q17FbIFZQW5Ku6OLJpUCQQDuJl6KW8e5fXaaGlOP8R8N1oidSf5Sz2LM04GIi2Pa iDt483pngPnWcya4OTjsvJ74yPtkDlwXuA43PUah56LG -----END RSA PRIVATE KEY-----''' k = rsa_key.RSAKey() k.fromString(pk) msg = b'\xcf=8!7f\x85\x81\x05lc\xb1\xaas\x99\xda' sig = k.sign(msg) assert k.verify(sig, msg) sig_raw = k.sign(msg, as_digits=False) assert sig_raw[0:1] == b'\x00', sig_raw assert k.verify(sig_raw, msg, signature_as_digits=False)