def get_crypto_ecdsa_pubkey_from_bitcoin_hex(bitcoin_hex_key): """ Given a bitcoin hex string key returns the corresponding cryptography ECDSA key object :param bitcoin_hex_key: the h :return: cryptography ECDSA key object """ bin_ecdsa_public_key = extract_bin_ecdsa_pubkey(bitcoin_hex_key) numbers = EllipticCurvePublicNumbers.from_encoded_point(ec.SECP256K1(), b'\x04' + bin_ecdsa_public_key) return numbers.public_key(backend=default_backend())
def validate_message(message): """Validates the entire message using the signature found in the message footer.""" encoded_point = base64.b64decode( message.header.encryption_context['aws-crypto-public-key']) public_numbers = EllipticCurvePublicNumbers.from_encoded_point( ec.SECP384R1(), encoded_point) public_key = public_numbers.public_key(default_backend()) verifier = public_key.verifier(message.footer.signature, ec.ECDSA(hashes.SHA384())) verifier.update(message.serialize_authenticated_fields()) verifier.verify() logging.info("Message integrity verified.")
def _load_uncompressed_verification_key_from_encryption_context( self, algorithm, encryption_context): # pylint: disable=no-self-use """Loads the verification key from an uncompressed elliptic curve point. :param algorithm: Algorithm for which to generate signing key :type algorithm: aws_encryption_sdk.identifiers.Algorithm :param dict encryption_context: Encryption context from request :returns: Raw verification key :rtype: bytes """ # If we are at this point, DefaultCryptoMaterialsManager has already confirmed that: # a) a key should be loaded, # b) the key field is present in the encryption context, and # c) the elliptic curve in the encryption context is not compressed # This means that we can safely skip the safety checks that we know have already been done. uncompressed_point = base64.b64decode( encryption_context[ENCODED_SIGNER_KEY]) public_key = EllipticCurvePublicNumbers.from_encoded_point( curve=algorithm.signing_algorithm_info(), data=uncompressed_point).public_key(default_backend()) return public_key.public_bytes( encoding=serialization.Encoding.DER, format=serialization.PublicFormat.SubjectPublicKeyInfo)
def deserialize_pub_key(public_key_ser): numbers = EllipticCurvePublicNumbers.from_encoded_point( CURVE(), public_key_ser) return numbers.public_key(backend=BACKEND)