예제 #1
0
def get_crypto_ecdsa_pubkey_from_bitcoin_hex(bitcoin_hex_key):
    """
    Given a bitcoin hex string key returns the corresponding cryptography ECDSA key object
    :param bitcoin_hex_key: the h
    :return: cryptography ECDSA key object
    """
    bin_ecdsa_public_key = extract_bin_ecdsa_pubkey(bitcoin_hex_key)
    numbers = EllipticCurvePublicNumbers.from_encoded_point(ec.SECP256K1(), b'\x04' + bin_ecdsa_public_key)
    return numbers.public_key(backend=default_backend())
예제 #2
0
def validate_message(message):
    """Validates the entire message using the signature found in the message footer."""
    encoded_point = base64.b64decode(
        message.header.encryption_context['aws-crypto-public-key'])
    public_numbers = EllipticCurvePublicNumbers.from_encoded_point(
        ec.SECP384R1(), encoded_point)
    public_key = public_numbers.public_key(default_backend())
    verifier = public_key.verifier(message.footer.signature,
                                   ec.ECDSA(hashes.SHA384()))

    verifier.update(message.serialize_authenticated_fields())
    verifier.verify()

    logging.info("Message integrity verified.")
예제 #3
0
    def _load_uncompressed_verification_key_from_encryption_context(
            self, algorithm, encryption_context):
        # pylint: disable=no-self-use
        """Loads the verification key from an uncompressed elliptic curve point.

        :param algorithm: Algorithm for which to generate signing key
        :type algorithm: aws_encryption_sdk.identifiers.Algorithm
        :param dict encryption_context: Encryption context from request
        :returns: Raw verification key
        :rtype: bytes
        """
        # If we are at this point, DefaultCryptoMaterialsManager has already confirmed that:
        #  a) a key should be loaded,
        #  b) the key field is present in the encryption context, and
        #  c) the elliptic curve in the encryption context is not compressed
        # This means that we can safely skip the safety checks that we know have already been done.
        uncompressed_point = base64.b64decode(
            encryption_context[ENCODED_SIGNER_KEY])
        public_key = EllipticCurvePublicNumbers.from_encoded_point(
            curve=algorithm.signing_algorithm_info(),
            data=uncompressed_point).public_key(default_backend())
        return public_key.public_bytes(
            encoding=serialization.Encoding.DER,
            format=serialization.PublicFormat.SubjectPublicKeyInfo)
예제 #4
0
def deserialize_pub_key(public_key_ser):
    numbers = EllipticCurvePublicNumbers.from_encoded_point(
        CURVE(), public_key_ser)
    return numbers.public_key(backend=BACKEND)