def save_key(private_key: RSAPrivateKeyWithSerialization, path: str):
private_key_pem = private_key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.PKCS8,
encryption_algorithm=serialization.NoEncryption(),
)
with open(path, "wb") as f:
f.write(private_key_pem)
def store_key(private_key: RSAPrivateKeyWithSerialization, where: str):
pem = private_key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=serialization.NoEncryption(),
)
with open(where, "wb") as key_file:
os.chmod(where, 0o0600)
key_file.write(pem)
def store_key(private_key: RSAPrivateKeyWithSerialization, where: str):
pem = private_key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=serialization.NoEncryption(),
)
with open(
os.open(where, os.O_CREAT | os.O_EXCL | os.O_WRONLY | os.O_TRUNC, 0o0600), "wb"
) as key_file:
key_file.write(pem)
def from_crypto(cls, private_key: rsa.RSAPrivateKeyWithSerialization):
"""Convert a cryptography RSAPrivateKey object to an SQLAlchemy model."""
# type: (type, rsa.RSAPrivateKeyWithSerialization) -> RSAPrivateKey
m = cls()
m.pem_data = private_key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.PKCS8,
encryption_algorithm=serialization.NoEncryption(),
)
return m
def _create_key(pkey: RSAPrivateKeyWithSerialization) -> Key:
privpem = pkey.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=serialization.NoEncryption(),
).decode("utf-8")
pub = pkey.public_key() # type: RSAPublicKeyWithSerialization
pubpem = pub.public_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PublicFormat.SubjectPublicKeyInfo).decode("utf-8")
return Key(public_key=pubpem, private_key=privpem, key=pkey)
def _save_cert_chain(
path_pem: Path,
certificate_chain: Iterable[Certificate],
key: RSAPrivateKeyWithSerialization,
) -> None:
path_pem.parent.mkdir(mode=0o770, parents=True, exist_ok=True)
with path_pem.open(mode="wb") as f:
f.write(
key.private_bytes(Encoding.PEM, PrivateFormat.PKCS8,
NoEncryption()))
for cert in certificate_chain:
f.write(cert.public_bytes(Encoding.PEM))
path_pem.chmod(mode=0o660)
def process_bind_param(self, value: rsa.RSAPrivateKeyWithSerialization,
dialect):
return value.private_bytes(
encoding=serialization.Encoding.DER,
format=serialization.PrivateFormat.PKCS8,
encryption_algorithm=serialization.NoEncryption())
def dump_key(key: rsa.RSAPrivateKeyWithSerialization) -> bytes:
return key.private_bytes(
serialization.Encoding.PEM,
serialization.PrivateFormat.TraditionalOpenSSL,
serialization.NoEncryption(),
)
def _serialize_private_key(private_key: RSAPrivateKeyWithSerialization) -> bytes:
return private_key.private_bytes(
Encoding.PEM,
PrivateFormat.PKCS8,
NoEncryption(),
)
def rsa_to_pem(key: rsa.RSAPrivateKeyWithSerialization) -> str:
return key.private_bytes(encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.PKCS8,
encryption_algorithm=serialization.NoEncryption())