def load_key(self, user, pub, priv, temp=False): key_path = self.key_path(user, temp) if pub: key = xsystem([self.sslname, 'rsa', '-pubout', '-in', key_path]) if not key: warning('keymanagement: Could not load public key\n') return None if priv: key = xsystem([self.sslname, 'rsa', '-in', key_path]) if not key: warning('keymanagement: Could not load private key\n') return None return key
def sym_enc(self, plain, passphrase): """ Encrypts message with AES using given passphrase """ ciph = xsystem([self.sslname, self.symmetric, '-e', '-pass', 'stdin'], passphrase + '\n' + plain) if not ciph: warning('keymanagement: Unable to perform symmetric encryption\n') return None return ciph
def sym_dec(self, ciph, passphrase): """ Decrypts message with AES using given passphrase """ (rfd, wfd) = xpipe() os.write(wfd, passphrase + '\n') plain = xsystem([self.sslname, self.symmetric, '-d', '-pass', 'fd:' + str(rfd)], ciph) xclose(wfd) xclose(rfd) if not plain: warning('keymanagement: Unable to decrypt because %s does not exist\n' %(self.sslname)) return None return plain
def asym_dec(self, ciph, keyfile): """ Decrypts encrypted message with given private key. First decrypt the encrypted symmetric key with the private key and then decrypt the actual message with that symmetric key. """ ciph = ciph.split('\0') ciphkey_len = int(ciph[0]) ciph = '\0'.join(ciph[1:]) ciphkey = ciph[:ciphkey_len] ciph = ciph[ciphkey_len:] passphrase = xsystem([self.sslname, 'rsautl', '-decrypt', '-inkey', keyfile], ciphkey) if not passphrase: warning('keymanagement: Unable to perform asymmetric decryption\n') return None return self.sym_dec(ciph, passphrase)
def asym_enc(self, plain, keyfile): """ Encrypts message with given public key. This is done by creating a random key for symmetric cipher, encrypting that key with the public key and then using the symmetric key to encrypt the actual message. """ f = open('/dev/urandom') passphrase = b64encode(f.read(64)) f.close() ciphkey = xsystem([self.sslname, 'rsautl', '-encrypt', '-pubin', '-inkey', keyfile], passphrase) if not ciphkey: warning('keymanagement: Unable to perform asymmetric encryption\n') return None ciph = self.sym_enc(plain, passphrase) if not ciph: return None return str(len(ciphkey)) + '\0' + ciphkey + ciph