Exemplo n.º 1
0
 def setUp(self):
     self.example_xml_files = (os.path.join(os.path.dirname(__file__), "example.xml"),
                               os.path.join(os.path.dirname(__file__), "example2.xml"))
     self.keys = dict(hmac=b"secret",
                      rsa=rsa.generate_private_key(public_exponent=65537, key_size=2048, backend=default_backend()),
                      dsa=dsa.generate_private_key(key_size=1024, backend=default_backend()),
                      ecdsa=ec.generate_private_key(curve=ec.SECP384R1(), backend=default_backend()))
Exemplo n.º 2
0
def generatePrivateKey(size):
    start = timer()
    private_key = dsa.generate_private_key(key_size=size,
                                           backend=default_backend())
    end = timer()
    print("Time Taken to generate key is ", (end - start))
    return private_key
Exemplo n.º 3
0
def generate_private_key(
    key_size: Optional[int], key_type: Literal["RSA", "DSA", "ECC"], ecc_curve: Optional[ec.EllipticCurve]
) -> PrivateKeyTypes:
    """Generate a private key.

    This function assumes that you called :py:func:`~django_ca.utils.validate_key_parameters` on the input
    values and does not do any sanity checks on its own.

    Parameters
    ----------

    key_size : int
        The size of the private key (not used for ECC keys).
    key_type : {'RSA', 'DSA', 'ECC'}
        The type of the private key.
    ecc_curve : :py:class:`~cg:cryptography.hazmat.primitives.asymmetric.ec.EllipticCurve`
        The ECC curve to use for an ECC key.

    Returns
    -------

    key
        A private key of the appropriate type.
    """
    if key_type == "DSA" and key_size is not None:
        return dsa.generate_private_key(key_size=key_size, backend=default_backend())
    if key_type == "ECC" and ecc_curve is not None:
        return ec.generate_private_key(ecc_curve, default_backend())
    if key_type == "RSA" and key_size is not None:
        return rsa.generate_private_key(public_exponent=65537, key_size=key_size, backend=default_backend())

    raise ValueError("%s: Invalid key type." % key_type)
Exemplo n.º 4
0
 def test_generate_dsa_private_key_and_parameters(self, backend):
     skey = dsa.generate_private_key(1024, backend)
     assert skey
     numbers = skey.private_numbers()
     skey_parameters = numbers.public_numbers.parameter_numbers
     assert numbers.public_numbers.y == pow(skey_parameters.g, numbers.x,
                                            skey_parameters.p)
Exemplo n.º 5
0
    def generate(self, profile, keyType=None, keyLen=None):
        """Generate Private key based on:
            - profile object (profile)
        """
        if keyLen is None:
            keyLen = profile['keyLen']
        if keyType is None:
            keyType = profile['keyType']

        if keyType == 'rsa':
            try:
                pkey = rsa.generate_private_key(public_exponent=65537,
                                                key_size=int(keyLen),
                                                backend=self.__backend)
            except Exception as err:
                raise Exception(err)
        elif keyType == 'dsa':
            try:
                pkey = dsa.generate_private_key(key_size=int(keyLen),
                                                backend=self.__backend)
            except Exception as err:
                raise Exception(err)
        else:
            raise NotImplementedError(
                'Private key generation only support {t} key type'.format(
                    t=self._config._allowed.KeyTypes))

        return pkey
Exemplo n.º 6
0
    def generate_key(self):
        '''
        Generates key pair using type and length specified in config
        :return: None
        '''

        if self.config['key']['key_type'] == 'rsa':
            self.key = rsa.generate_private_key(
                public_exponent=65537,
                key_size=self.config['key']['key_peram'],
                backend=default_backend()
            )
        elif self.config['key']['key_type'] == 'dsa':
            self.key = dsa.generate_private_key(
                key_size=self.config['key']['key_peram'],
                backend=default_backend()
            )
        elif self.config['key']['key_type'] == 'ec':
            self.key = ec.generate_private_key(
                curve=getattr(ec, self.config['key']['key_peram'])(),
                backend=default_backend()
            )
        else:
            raise ValueError("\nFailed to generate key, no key_type key type provided!\n"
                             "Offending key name: {}\n".format(self.name))
Exemplo n.º 7
0
    def generate_asymmetric(self, generate_dto, kek_meta_dto, project_id):
        """Generate asymmetric keys based on below rules:

        - RSA, with passphrase (supported)
        - RSA, without passphrase (supported)
        - DSA, without passphrase (supported)
        - DSA, with passphrase (supported)
        """
        if (generate_dto.algorithm is None
                or generate_dto.algorithm.lower() == 'rsa'):
            private_key = rsa.generate_private_key(
                public_exponent=65537,
                key_size=generate_dto.bit_length,
                backend=default_backend())
        elif generate_dto.algorithm.lower() == 'dsa':
            private_key = dsa.generate_private_key(
                key_size=generate_dto.bit_length, backend=default_backend())
        else:
            raise c.CryptoPrivateKeyFailureException()

        public_key = private_key.public_key()

        if generate_dto.algorithm.lower() == 'rsa':
            private_key = private_key.private_bytes(
                encoding=serialization.Encoding.PEM,
                format=serialization.PrivateFormat.PKCS8,
                encryption_algorithm=self._get_encryption_algorithm(
                    generate_dto.passphrase))

            public_key = public_key.public_bytes(
                encoding=serialization.Encoding.PEM,
                format=serialization.PublicFormat.SubjectPublicKeyInfo)

        if generate_dto.algorithm.lower() == 'dsa':
            private_key = private_key.private_bytes(
                encoding=serialization.Encoding.DER,
                format=serialization.PrivateFormat.PKCS8,
                encryption_algorithm=self._get_encryption_algorithm(
                    generate_dto.passphrase))
            public_key = public_key.public_bytes(
                encoding=serialization.Encoding.DER,
                format=serialization.PublicFormat.SubjectPublicKeyInfo)

        private_dto = self.encrypt(c.EncryptDTO(private_key), kek_meta_dto,
                                   project_id)

        public_dto = self.encrypt(c.EncryptDTO(public_key), kek_meta_dto,
                                  project_id)

        passphrase_dto = None
        if generate_dto.passphrase:
            if isinstance(generate_dto.passphrase, six.text_type):
                generate_dto.passphrase = generate_dto.passphrase.encode(
                    'utf-8')

            passphrase_dto = self.encrypt(
                c.EncryptDTO(generate_dto.passphrase), kek_meta_dto,
                project_id)

        return private_dto, public_dto, passphrase_dto
Exemplo n.º 8
0
def test_cryptography_module():
    try:
        from cryptography.hazmat.backends import default_backend
        from cryptography.hazmat.primitives import hashes
        from cryptography.hazmat.primitives.asymmetric import dsa
        from cryptography.hazmat.primitives.asymmetric.utils import decode_dss_signature

        privk = dsa.generate_private_key(key_size=1024,
                                         backend=default_backend())

        params = privk.parameters().parameter_numbers()
        p, q, g = params.p, params.q, params.g

        pubk = privk.public_key()
        y = pubk.public_numbers().y

        data = "SANITY_TESTSANITY_TEST_SANITYTEST"

        sig = privk.sign(data, hashes.SHA1())
        r, s = decode_dss_signature(sig)

        pub = (p, q, g, y)

        logging.debug(
            "sanity checking verify with cryptography module generated params+keys"
        )
        assert (dsa_verify(pub, (r, s), data) == True)

    except ImportError:
        logging.error("cannot test using another source (cryptography module)")
Exemplo n.º 9
0
    def generate_key_pairs(key_size=1024):
        #define key_pairs dictionary
        key_pairs = {}

        #generate private key
        private_key = dsa.generate_private_key(key_size=key_size,
                                               backend=default_backend())
        private_number = private_key.private_numbers()

        #add private key value - x
        key_pairs['private_key'] = private_number.x

        #get private key from private_key
        public_key = private_key.public_key()

        #get public number
        public_numbers = public_key.public_numbers()
        y = public_numbers.y
        p = public_numbers.parameter_numbers.p
        q = public_numbers.parameter_numbers.q
        g = public_numbers.parameter_numbers.g

        #add public_key_numbers value - y, p, q, g
        public_keys_numbers = {'y': y, 'p': p, 'q': q, 'g': g}
        key_pairs['public_key'] = public_keys_numbers

        return key_pairs
Exemplo n.º 10
0
    def testCorrectTransactionIsVerified(self):
        private_key = dsa.generate_private_key(2048,
                                               backends.default_backend())
        public_key = private_key.public_key()
        public_key_bytes = public_key.public_bytes(
            serialization.Encoding.PEM,
            serialization.PublicFormat.SubjectPublicKeyInfo)
        public_key_string = binascii.hexlify(public_key_bytes)

        first_transaction = plebcoin_pb2.Transaction()
        output = first_transaction.outputs.add()
        output.amount = 10.0
        output.receiver = public_key_string
        first_transaction_hash = node._HashTransaction(first_transaction)
        transactions = {first_transaction_hash: first_transaction}

        transaction = plebcoin_pb2.Transaction()
        transaction.inputs.add(sender=public_key_string,
                               transaction=first_transaction_hash)
        transaction.outputs.add(amount=10.0, receiver='1')

        transaction.hash, hash_bytes = (
            node._ComputeInnerTransactionHash(transaction))
        signature_bytes = private_key.sign(hash_bytes,
                                           utils.Prehashed(hashes.SHA256()))
        signature = binascii.hexlify(signature_bytes)
        transaction.signatures.append(signature)

        self.assertTrue(
            node._VerifyTransaction(transaction, transactions, set()))
Exemplo n.º 11
0
def getDSAKeys():
    """
    Checks for existing DSA Keys, if there are none, generates a 2048 bit
    DSA key pair, saves them to a temporary location and returns the keys
    formatted as OpenSSH keys.
    """
    public_key = os.path.join(SSH_PATH, 'id_dsa.pub')
    private_key = os.path.join(SSH_PATH, 'id_dsa')

    if not (os.path.exists(public_key) and os.path.exists(private_key)):
        ssh_key = dsa.generate_private_key(
            key_size=1024,
            backend=default_backend())
        public_key_string = ssh_key.public_key().public_bytes(
            serialization.Encoding.OpenSSH,
            serialization.PublicFormat.OpenSSH)
        private_key_string = ssh_key.private_bytes(
            serialization.Encoding.PEM,
            serialization.PrivateFormat.TraditionalOpenSSL,
            serialization.NoEncryption())
        with open(public_key, 'w+b') as key_file:
            key_file.write(public_key_string)
        with open(private_key, 'w+b') as key_file:
            key_file.write(private_key_string)
    else:
        with open(public_key) as key_file:
            public_key_string = key_file.read()
        with open(private_key) as key_file:
            private_key_string = key_file.read()

    return public_key_string, private_key_string
Exemplo n.º 12
0
 def test_generate_dsa_private_key_and_parameters(self, backend):
     skey = dsa.generate_private_key(1024, backend)
     assert skey
     if isinstance(skey, dsa.DSAPrivateKeyWithNumbers):
         numbers = skey.private_numbers()
         skey_parameters = numbers.public_numbers.parameter_numbers
         assert numbers.public_numbers.y == pow(skey_parameters.g, numbers.x, skey_parameters.p)
Exemplo n.º 13
0
def generate_private_key(key_size, key_type, ecc_curve):
    """Generate a private key.

    This function assumes that you called :py:func:`~django_ca.utils.validate_key_parameters` on the input
    values and does not do any sanity checks on its own.

    Parameters
    ----------

    key_size : int
        The size of the private key (not used for ECC keys).
    key_type : {'RSA', 'DSA', 'ECC'}
        The type of the private key.
    ecc_curve : :py:class:`~cg:cryptography.hazmat.primitives.asymmetric.ec.EllipticCurve`
        The ECC curve to use for an ECC key.

    Returns
    -------

    key
        A private key of the appropriate type.
    """
    if key_type == 'DSA':
        private_key = dsa.generate_private_key(key_size=key_size,
                                               backend=default_backend())
    elif key_type == 'ECC':
        private_key = ec.generate_private_key(ecc_curve, default_backend())
    else:
        private_key = rsa.generate_private_key(public_exponent=65537,
                                               key_size=key_size,
                                               backend=default_backend())

    return private_key
Exemplo n.º 14
0
    def test_build_keys(self):
        """Test building from the key info config file example."""
        test_config_file = str(Path("examples/key_example.yaml").absolute())
        dsa_key = dsa.generate_private_key(key_size=2048, )
        with open("/tmp/my_dsa.key", "wb") as f:
            f.write(
                dsa_key.private_bytes(
                    encoding=serialization.Encoding.PEM,
                    format=serialization.PrivateFormat.PKCS8,
                    encryption_algorithm=serialization.NoEncryption(),
                ))

        result = self.cli.invoke(
            app,
            [
                "build",
                test_config_file,
            ],
        )
        self.assertEqual(
            result.exit_code,
            0,
            "Should successfully create a Certificate Signing Request",
        )
        self.assertEqual(
            result.output,
            "Created new CSR at /tmp/my_rsa_autocsr.csr\n"
            "Created new CSR at /tmp/my_dsa_autocsr.csr\n"
            "Created new CSR at /tmp/my_ec_autocsr.csr\n",
            "Should print success to user",
        )
Exemplo n.º 15
0
def generate_asym_key(choice, password, folder):
    if choice == 'RSA':
        private_key = rsa.generate_private_key(public_exponent=65537,
                                               key_size=2048,
                                               backend=default_backend())
    elif choice == 'DSA':
        private_key = dsa.generate_private_key(key_size=2048)
    elif choice == 'Elliptic Curve':
        elliptic_curve = ec.SECP384R1()
        private_key = ec.generate_private_key(elliptic_curve)

    public_key = private_key.public_key()

    serialized_private_key = private_key.private_bytes(
        encoding=serialization.Encoding.PEM,
        format=serialization.PrivateFormat.PKCS8,
        encryption_algorithm=serialization.BestAvailableEncryption(
            password.encode('utf-8')))
    with open('utils/asymmetric/' + folder + '/private.pem', 'wb') as f:
        f.write(serialized_private_key)

    serialized_pub_key = public_key.public_bytes(
        encoding=serialization.Encoding.PEM,
        format=serialization.PublicFormat.SubjectPublicKeyInfo)
    with open('utils/asymmetric/' + folder + '/public.pem', 'wb') as f:
        f.write(serialized_pub_key)
Exemplo n.º 16
0
    def test_loading_ca_key(self):
        ca_key = _generate_private_key()
        with patch('scionlab.openvpn_config._generate_private_key',
                   return_value=ca_key):
            call_command('initialize_root_ca')
        stored_ca_key = load_ca_key()
        self.assertEqual(
            ca_key.private_bytes(
                encoding=serialization.Encoding.PEM,
                format=serialization.PrivateFormat.TraditionalOpenSSL,
                encryption_algorithm=serialization.NoEncryption()).decode(),
            stored_ca_key.private_bytes(
                encoding=serialization.Encoding.PEM,
                format=serialization.PrivateFormat.TraditionalOpenSSL,
                encryption_algorithm=serialization.NoEncryption()).decode())

        # replace with wrong key type
        wrong_key = dsa.generate_private_key(key_size=3072, )

        pathlib.Path(TEST_CA_KEY_PATH).write_bytes(
            wrong_key.private_bytes(
                encoding=serialization.Encoding.PEM,
                format=serialization.PrivateFormat.TraditionalOpenSSL,
                encryption_algorithm=serialization.BestAvailableEncryption(
                    settings.VPN_CA_KEY_PASSWORD.encode('utf-8'))))

        # detect wrong key type
        with self.assertRaises(TypeError):
            load_ca_key()
Exemplo n.º 17
0
    def createNewKey(self):
        choice = QtGui.QMessageBox.question(self, 'Generate new keys?', "Are you sure you want to generate new set of keys "
                                                           "(private and public)?",
                                            QtGui.QMessageBox.Yes | QtGui.QMessageBox.No)
        if choice == QtGui.QMessageBox.Yes:
            key = dsa.generate_private_key(3072, backend=default_backend())       # TODO Dorobic wybor dugosci klucza
            try:
                with open("privateKey.pem", "wb") as f:
                    f.write(key.private_bytes(encoding=serialization.Encoding.PEM,
                                                  format=serialization.PrivateFormat.TraditionalOpenSSL,
                                                  encryption_algorithm=serialization.NoEncryption(),))

                    # f.write(key.private_bytes(encoding=serialization.Encoding.PEM,
                    #                           format=serialization.PrivateFormat.TraditionalOpenSSL,
                    #                           encryption_algorithm=serialization.BestAvailableEncryption(b"password"),))

                    QtGui.QMessageBox.information(self, 'Success!', "New key generated successfully!",
                                                  QtGui.QMessageBox.Ok)
                self.keyPath = os.path.abspath(f.name)
                self.keyPathBox.setText(self.keyPath)
                QtGui.QApplication.processEvents()
            except IOError:
                QtGui.QMessageBox.critical(self, 'Error!', "Key generation failed!", QtGui.QMessageBox.Ok)
        else:
            pass
Exemplo n.º 18
0
    def generate(cls, keytype='rsa', size=None, passphrase=None):
        """Returns an Asymmetric_Keypair object generated with the supplied parameters
           or defaults to an unencrypted RSA-2048 key

           :keytype: One of rsa, dsa, ecdsa, ed25519
           :size: The key length for newly generated keys
           :passphrase: Secret of type Bytes used to encrypt the private key being generated
        """

        if keytype not in _ALGORITHM_PARAMETERS.keys():
            raise InvalidKeyTypeError(
                "%s is not a valid keytype. Valid keytypes are %s" % (
                    keytype, ", ".join(_ALGORITHM_PARAMETERS.keys())
                )
            )

        if not size:
            size = _ALGORITHM_PARAMETERS[keytype]['default_size']
        else:
            if size not in _ALGORITHM_PARAMETERS[keytype]['valid_sizes']:
                raise InvalidKeySizeError(
                    "%s is not a valid key size for %s keys" % (size, keytype)
                )

        if passphrase:
            encryption_algorithm = get_encryption_algorithm(passphrase)
        else:
            encryption_algorithm = serialization.NoEncryption()

        if keytype == 'rsa':
            privatekey = rsa.generate_private_key(
                # Public exponent should always be 65537 to prevent issues
                # if improper padding is used during signing
                public_exponent=65537,
                key_size=size,
                backend=backend,
            )
        elif keytype == 'dsa':
            privatekey = dsa.generate_private_key(
                key_size=size,
                backend=backend,
            )
        elif keytype == 'ed25519':
            privatekey = Ed25519PrivateKey.generate()
        elif keytype == 'ecdsa':
            privatekey = ec.generate_private_key(
                _ALGORITHM_PARAMETERS['ecdsa']['curves'][size],
                backend=backend,
            )

        publickey = privatekey.public_key()

        return cls(
            keytype=keytype,
            size=size,
            privatekey=privatekey,
            publickey=publickey,
            encryption_algorithm=encryption_algorithm
        )
Exemplo n.º 19
0
	def clone_certificate(self, remote_server):
		cert_string = self.get_certificate_from_server(remote_server)

		#Get Certificate properties
		cert_dict = self.parse_pem(cert_string)

		#Check if exists in cache
		cnp = os.path.sep.join([self.cache_dir, '{}-{}.pem'.format(self.CERT_PREFIX, cert_dict["subject"]["commonName"])])
		if os.path.exists(cnp):
			print("Cert already exists common_name={}".format(cert_dict["subject"]["commonName"]))
		else:
			print("Creating and signing cert common_name={}".format(cert_dict["subject"]["commonName"]))

			#Generating the Correct Private Keytype
			if cert_dict["public_key"] == "RSA":
				private_key = rsa.generate_private_key(public_exponent=cert_dict["public_key_pub_exp"],
										key_size=cert_dict["public_key_size"], backend=default_backend())

			elif cert_dict["public_key"] == "DSA":
				private_key = dsa.generate_private_key(key_size=cert_dict["public_key_size"], backend=default_backend())

			elif cert_dict["public_key"] == "EllipticCurve":
				private_key = ec.generate_private_key(cert_dict["public_key_curve"], default_backend())


			#Generate Certificate Signing Request
			csr_subject = cert_dict["subject_object"]

			#csr = x509.CertificateSigningRequestBuilder().subject_name(x509.Name(csr_subject))


			#for extension in cert_dict["ext_object"]:
			#	print("{}, {}".format(extension.oid._name, extension.critical))
			#	if extension.oid._name not in ["signedCertificateTimestampList"]:
			#		csr = csr.add_extension(extension.value, critical=extension.critical)

			#csr = csr.sign(private_key, cert_dict["signature_hash_algorithm"], default_backend())

			#Generate Certificate
			cert = x509.CertificateBuilder().subject_name(csr_subject)
			cert = cert.issuer_name(self.cert.subject)
			cert = cert.public_key(private_key.public_key())
			cert = cert.serial_number(cert_dict["serial_number"])
			cert = cert.not_valid_before(cert_dict["not_valid_before"])
			cert = cert.not_valid_after(cert_dict["not_valid_after"])
			for extension in cert_dict["ext_object"]:
				#print("{}, {}".format(extension.oid._name, extension.critical))
				if extension.oid._name not in ["signedCertificateTimestampList"]:
					cert = cert.add_extension(extension.value, critical=extension.critical)
					
			cert = cert.sign(self.key, cert_dict["signature_hash_algorithm"], default_backend())

			# Write our certificate out to disk.
			with open(cnp, 'wb+') as f:
				f.write(cert.public_bytes(serialization.Encoding.PEM))
			with open(cnp[:-3] + "key", 'wb+') as f:
				f.write(private_key.private_bytes(encoding=serialization.Encoding.PEM, encryption_algorithm=serialization.NoEncryption(), format=serialization.PrivateFormat.TraditionalOpenSSL))

		return {"certfile": cnp, "keyfile": cnp[:-3] + "key"}
Exemplo n.º 20
0
 def test_generate_dsa_private_key_and_parameters(self, backend):
     skey = dsa.generate_private_key(1024, backend)
     assert skey
     numbers = skey.private_numbers()
     skey_parameters = numbers.public_numbers.parameter_numbers
     assert numbers.public_numbers.y == pow(
         skey_parameters.g, numbers.x, skey_parameters.p
     )
Exemplo n.º 21
0
def _GenerateKeyPair():
  private_key = dsa.generate_private_key(2048, backends.default_backend())
  public_key = private_key.public_key()
  public_key_bytes = public_key.public_bytes(
      serialization.Encoding.PEM,
      serialization.PublicFormat.SubjectPublicKeyInfo)
  public_key_string = binascii.hexlify(public_key_bytes)
  return KeyPair(private_key, public_key, public_key_string)
Exemplo n.º 22
0
    def generate(cls, key_size):
        """Generate a new DSA private key"""

        priv_key = dsa.generate_private_key(key_size, default_backend())
        priv = priv_key.private_numbers()
        pub = priv.public_numbers
        params = pub.parameter_numbers

        return cls(priv_key, params, pub, priv)
Exemplo n.º 23
0
def generate_random_dsa_key():
    n = 1024
    private_key = dsa.generate_private_key(key_size=n,
                                           backend=default_backend())
    pem = private_key.private_bytes(
        encoding=serialization.Encoding.PEM,
        format=serialization.PrivateFormat.TraditionalOpenSSL,
        encryption_algorithm=serialization.NoEncryption())
    return pem
Exemplo n.º 24
0
 def test_generate_dsa_private_key_and_parameters(self, backend):
     skey = dsa.generate_private_key(1024, backend)
     assert skey
     if isinstance(skey, interfaces.DSAPrivateKeyWithNumbers):
         numbers = skey.private_numbers()
         skey_parameters = numbers.public_numbers.parameter_numbers
         assert numbers.public_numbers.y == pow(
             skey_parameters.g, numbers.x, skey_parameters.p
         )
Exemplo n.º 25
0
    def generate(cls, key_size):
        """Generate a new DSA private key"""

        priv_key = dsa.generate_private_key(key_size, default_backend())
        priv = priv_key.private_numbers()
        pub = priv.public_numbers
        params = pub.parameter_numbers

        return cls(params, pub, priv, priv_key)
Exemplo n.º 26
0
def question_1g_1h(file_name, output_file_name, key_length):
    """
    This section deals with the signature and verification of the file
    :param file_name: Input file name
    :param output_file_name: Output file name
    :param key_length: Length of the key in bits
    """
    from cryptography.hazmat.primitives import hashes
    from cryptography.hazmat.primitives.asymmetric import dsa
    from cryptography.hazmat.backends import default_backend

    print("Starting Signature and Verification for {} bit key length".format(
        key_length))
    key_start_time = datetime.datetime.now()
    key = dsa.generate_private_key(key_size=key_length,
                                   backend=default_backend())
    print("Time taken for KeyGen in Seconds is {}".format(
        (datetime.datetime.now() - key_start_time).total_seconds()))
    fo_input = open(file_name, 'rb')
    content = fo_input.read()
    fo_input.close()

    # Signature
    signing_start_time = datetime.datetime.now()
    # signer = DSS.new(key, 'fips-186-3')
    h = hashes.SHA256()
    signature = key.sign(content, h)
    fo = open(output_file_name, 'wb')
    fo.write(signature)
    fo.close()
    diff = datetime.datetime.now() - signing_start_time
    print("Time taken in seconds for Signing this document was {}".format(
        diff.total_seconds()))
    print(
        "Time taken in seconds per byte for signing this document was {0:.7f}".
        format(diff.total_seconds() / float(os.path.getsize(file_name))))

    # Verification
    verify_start_time = datetime.datetime.now()
    fo = open(output_file_name, 'rb')
    sig_content = fo.read()
    fo.close()

    try:
        key.public_key().verify(signature, content, hashes.SHA256())
        diff_verify = datetime.datetime.now() - verify_start_time
        print("Time taken for Verifying this document was {}".format(
            diff_verify.total_seconds()))
        print(
            "Time taken in microseconds per byte for verifying this document was {0:.5f}"
            .format(
                float((diff_verify.total_seconds()) /
                      os.path.getsize(output_file_name))))
        print("Valid Signature!!\n")
    except:
        print("Invalid Signature!.. Corrupted!!\n")
Exemplo n.º 27
0
def gen_private_dsa():
    from cryptography.hazmat.primitives import serialization
    from cryptography.hazmat.backends import default_backend
    from cryptography.hazmat.primitives.asymmetric import dsa

    private_key = dsa.generate_private_key(key_size=1024, backend=default_backend())
    pem = private_key.private_bytes(encoding=serialization.Encoding.PEM,
                                    format=serialization.PrivateFormat.TraditionalOpenSSL,
                                    encryption_algorithm=serialization.NoEncryption())
    return pem
Exemplo n.º 28
0
def gen_private_dsa():
    from cryptography.hazmat.primitives import serialization
    from cryptography.hazmat.backends import default_backend
    from cryptography.hazmat.primitives.asymmetric import dsa

    private_key = dsa.generate_private_key(key_size=1024, backend=default_backend())
    pem = private_key.private_bytes(encoding=serialization.Encoding.PEM,
                                    format=serialization.PrivateFormat.TraditionalOpenSSL,
                                    encryption_algorithm=serialization.NoEncryption())
    return pem
Exemplo n.º 29
0
def dsa_private_key():
    private_key = force_str(dsa.generate_private_key(
        key_size=1024,
        backend=default_backend()
    ))
    return private_key.private_bytes(
        encoding=serialization.Encoding.PEM,
        format=serialization.PrivateFormat.TraditionalOpenSSL,
        encryption_algorithm=serialization.NoEncryption(),
    )
Exemplo n.º 30
0
def generate_dsa_private_public_key_pair():
    private_key = dsa.generate_private_key(
        key_size=1024,
        backend=default_backend()
    )

    public_key = private_key.public_key()
    private_key_bytes = __dumps_prk(private_key)
    public_key_bytes = __dumps_dsa_puk(public_key)

    return private_key_bytes, public_key_bytes
Exemplo n.º 31
0
def generateDSAkey(options):
    from cryptography.hazmat.backends import default_backend
    from cryptography.hazmat.primitives.asymmetric import dsa

    print('Generating public/private dsa key pair.')
    keyPrimitive = dsa.generate_private_key(
        key_size=int(options['bits']),
        backed=default_backend(),
        )
    key = keys.Key(keyPrimitive)
    _saveKey(key, options)
Exemplo n.º 32
0
def signing_verify(testfile):
    privatekey = dsa.generate_private_key( key_size=2048, backend=default_backend())
	
	with open(testfile,"rb") as inputfile:
            inputdata = inputfile.read()

	sign = privatekey.sign( inputdata,hashes.SHA256())
	print("DSA Signature for 1 KB file:\n ",sig,"\n")

	publickey = privatekey.public_key()
	pubblickey.verify( sign, inputdata, hashes.SHA256())
Exemplo n.º 33
0
    def create_key(self):
        key = dsa.generate_private_key(backend=crypto_default_backend(),
                                       key_size=self.get("KeySize"))
        private_key = key.private_bytes(
            crypto_serialization.Encoding.PEM,
            crypto_serialization.PrivateFormat.PKCS8,
            crypto_serialization.NoEncryption(),
        )

        return private_key.decode("ascii"), self.public_key(key).decode(
            "ascii")
Exemplo n.º 34
0
def generateDSAkey(options):
    from cryptography.hazmat.backends import default_backend
    from cryptography.hazmat.primitives.asymmetric import dsa

    if not options['bits']:
        options['bits'] = 1024
    keyPrimitive = dsa.generate_private_key(
        key_size=int(options['bits']),
        backend=default_backend(),
        )
    key = keys.Key(keyPrimitive)
    _saveKey(key, options)
Exemplo n.º 35
0
    def create_key(self):
        key = dsa.generate_private_key(backend=crypto_default_backend(),
                                       key_size=self.get('KeySize'))
        private_key = key.private_bytes(
            crypto_serialization.Encoding.PEM,
            crypto_serialization.PrivateFormat.PKCS8,
            crypto_serialization.NoEncryption())

        public_key = key.public_key().public_bytes(
            crypto_serialization.Encoding.OpenSSH,
            crypto_serialization.PublicFormat.OpenSSH)
        return private_key.decode('ascii'), public_key.decode('ascii')
Exemplo n.º 36
0
def generate_private_key(
    key_size: Optional[int],
    key_type: ParsableKeyType,
    ecc_curve: Optional[ec.EllipticCurve],
) -> PRIVATE_KEY_TYPES:
    """Generate a private key.

    This function assumes that you called :py:func:`~django_ca.utils.validate_key_parameters` on the input
    values and does not do any sanity checks on its own.

    Parameters
    ----------

    key_size : int
        The size of the private key. The value is  ignored if ``key_type`` is not ``"DSA"`` or ``"RSA"``.
    key_type : {'RSA', 'DSA', 'ECC', 'EdDSA', 'Ed448'}
        The type of the private key.
    ecc_curve : :py:class:`~cg:cryptography.hazmat.primitives.asymmetric.ec.EllipticCurve`
        An elliptic curve to use for ECC keys. This parameter is ignored if ``key_type`` is not ``"ECC"``.
        Defaults to the :ref:`CA_DEFAULT_ECC_CURVE <settings-ca-default-ecc-curve>`.

    Returns
    -------

    key
        A private key of the appropriate type.
    """
    # Make sure that parameters are valid
    validate_key_parameters(key_size, key_type, ecc_curve)

    if key_type == "DSA":
        if key_size is None:
            key_size = ca_settings.CA_DEFAULT_KEY_SIZE

        return dsa.generate_private_key(key_size=key_size, backend=default_backend())
    if key_type == "ECC":
        if ecc_curve is None:
            ecc_curve = ca_settings.CA_DEFAULT_ECC_CURVE()

        return ec.generate_private_key(ecc_curve, default_backend())
    if key_type == "EdDSA":
        return ed25519.Ed25519PrivateKey.generate()
    if key_type == "Ed448":
        return ed448.Ed448PrivateKey.generate()
    if key_type == "RSA":
        if key_size is None:
            key_size = ca_settings.CA_DEFAULT_KEY_SIZE

        return rsa.generate_private_key(public_exponent=65537, key_size=key_size, backend=default_backend())

    # COVERAGE NOTE: Unreachable code, as all possible key_types are handled above and validate_key_parameters
    #                 would raise for any other key types.
    raise ValueError(f"{key_type}: Invalid key type.")  # pragma: no cover
Exemplo n.º 37
0
def generateDSAkey(options):
    from cryptography.hazmat.backends import default_backend
    from cryptography.hazmat.primitives.asymmetric import dsa

    if not options['bits']:
        options['bits'] = 1024
    keyPrimitive = dsa.generate_private_key(
        key_size=int(options['bits']),
        backend=default_backend(),
        )
    key = keys.Key(keyPrimitive)
    _saveKey(key, options)
Exemplo n.º 38
0
    def _generate(self, key_size):
        if any(c != 0 for c in self):  # pragma: no cover
            raise PGPError("key is already populated")

        # generate some big numbers!
        pk = dsa.generate_private_key(key_size, default_backend())
        pkn = pk.private_numbers()

        self.p = MPI(pkn.public_numbers.parameter_numbers.p)
        self.q = MPI(pkn.public_numbers.parameter_numbers.q)
        self.g = MPI(pkn.public_numbers.parameter_numbers.g)
        self.y = MPI(pkn.public_numbers.y)
        self.x = MPI(pkn.x)

        del pkn
        del pk

        self._compute_chksum()
Exemplo n.º 39
0
def generate_keypair():
    """Generate a new DSA keypair for use with PyBrowserID.

    This function returns a tuple (public_data, private_key) giving the
    JSON-serializable public-key data and the associated private key as a
    browserid.jwt.Key object.
    """
    key = dsa.generate_private_key(1024, backend=backend)
    params = key.parameters().parameter_numbers()
    data = {
        "algorithm": "DS",
        "p": to_hex(params.p),
        "q": to_hex(params.q),
        "g": to_hex(params.g),
        "y": to_hex(key.public_key().public_numbers().y),
        "x": to_hex(key.private_numbers().x),
    }
    private_key = browserid.jwt.DS128Key(data)
    del data["x"]
    return data, private_key
Exemplo n.º 40
0
    def generate(bits=1024, progress_func=None):
        """
        Generate a new private DSS key.  This factory function can be used to
        generate a new host key or authentication key.

        :param int bits: number of bits the generated key should be.
        :param function progress_func: Unused
        :return: new `.DSSKey` private key
        """
        numbers = dsa.generate_private_key(
            bits, backend=default_backend()
        ).private_numbers()
        key = DSSKey(vals=(
            numbers.public_numbers.parameter_numbers.p,
            numbers.public_numbers.parameter_numbers.q,
            numbers.public_numbers.parameter_numbers.g,
            numbers.public_numbers.y
        ))
        key.x = numbers.x
        return key
Exemplo n.º 41
0
def getDSAKeys():
    """
    """
    publicKeyFile = CONFIG.get('ssh', 'dsa_public_key')
    privateKeyFile = CONFIG.get('ssh', 'dsa_private_key')
    if not (os.path.exists(publicKeyFile) and os.path.exists(privateKeyFile)):
        log.msg("Generating new DSA keypair...")
        from cryptography.hazmat.backends import default_backend
        from cryptography.hazmat.primitives.asymmetric import dsa
        dsaKey = dsa.generate_private_key(key_size=1024, backend=default_backend())
        publicKeyString = keys.Key(dsaKey).public().toString('openssh')
        privateKeyString = keys.Key(dsaKey).toString('openssh')
        with open(publicKeyFile, 'w+b') as f:
            f.write(publicKeyString)
        with open(privateKeyFile, 'w+b') as f:
            f.write(privateKeyString)
    else:
        with open(publicKeyFile, 'r') as f:
            publicKeyString = f.read()
        with open(privateKeyFile, 'r') as f:
            privateKeyString = f.read()
    return publicKeyString, privateKeyString
Exemplo n.º 42
0
    # if
    algo = alias.split(".")[0]
    key_para = alias.split(".")[1].upper()
    version = alias.split(".")[2]
    usage = alias.split(".")[3]
    key_type = alias.split(".")[4]

    # "ec.SECP192R1()" 
    if algo == "ecc":
        curve = eval(algo+"."+key_para+ "()") 
        priv_key = ecc.generate_private_key(curve, default_backend())
		pub_key = priv_key.public_key()
    elif algo == "dsa":
        priv_key = dsa.generate_private_key(
            key_size= 2048,
            backend=default_backend())
		pub_key = priv_key.public_key()
    else:
        print("not valid")

	# pub_key = priv_key.public_key()

    return priv_key, pub_key

class PKFernet(object):

	def __init__(self, private_keyring, public_keyrings, backend=None):
		# empty dictionary for receivers and their public key rings
Exemplo n.º 43
0
from cryptography.hazmat import backends
from cryptography.hazmat.primitives.asymmetric import dsa
from cryptography.hazmat.primitives.asymmetric import ec
from cryptography.hazmat.primitives.asymmetric import rsa
from Crypto.PublicKey import DSA as pycrypto_dsa
from Crypto.PublicKey import RSA as pycrypto_rsa
from Cryptodome.PublicKey import DSA as pycryptodomex_dsa
from Cryptodome.PublicKey import RSA as pycryptodomex_rsa


# Correct
dsa.generate_private_key(key_size=2048,
                         backend=backends.default_backend())
ec.generate_private_key(curve=ec.SECP384R1,
                        backend=backends.default_backend())
rsa.generate_private_key(public_exponent=65537,
                         key_size=2048,
                         backend=backends.default_backend())
pycrypto_dsa.generate(bits=2048)
pycrypto_rsa.generate(bits=2048)
pycryptodomex_dsa.generate(bits=2048)
pycryptodomex_rsa.generate(bits=2048)

# Also correct: without keyword args
dsa.generate_private_key(4096,
                         backends.default_backend())
ec.generate_private_key(ec.SECP256K1,
                        backends.default_backend())
rsa.generate_private_key(3,
                         4096,
                         backends.default_backend())
Exemplo n.º 44
0
from cryptography.hazmat.primitives.asymmetric import padding
from cryptography.hazmat.primitives.asymmetric import rsa
from oslo_utils import timeutils

from nova import exception
from nova import signature_utils
from nova import test

TEST_RSA_PRIVATE_KEY = rsa.generate_private_key(public_exponent=3,
                                                key_size=1024,
                                                backend=default_backend())

TEST_ECC_PRIVATE_KEY = ec.generate_private_key(ec.SECP521R1(),
                                               default_backend())

TEST_DSA_PRIVATE_KEY = dsa.generate_private_key(key_size=3072,
                                                backend=default_backend())

# Required image property names
SIGNATURE = signature_utils.SIGNATURE
HASH_METHOD = signature_utils.HASH_METHOD
KEY_TYPE = signature_utils.KEY_TYPE
CERT_UUID = signature_utils.CERT_UUID


class FakeKeyManager(object):

    def __init__(self):
        self.certs = {'invalid_format_cert':
                      FakeCastellanCertificate('A' * 256, 'BLAH'),
                      'valid_format_cert':
                      FakeCastellanCertificate('A' * 256, 'X.509')}
Exemplo n.º 45
0
    def generate_asymmetric(self, generate_dto, kek_meta_dto, project_id):
        """Generate asymmetric keys based on below rules:

        - RSA, with passphrase (supported)
        - RSA, without passphrase (supported)
        - DSA, without passphrase (supported)
        - DSA, with passphrase (supported)
        """
        if(generate_dto.algorithm is None or generate_dto
                .algorithm.lower() == 'rsa'):
            private_key = rsa.generate_private_key(
                public_exponent=65537,
                key_size=generate_dto.bit_length,
                backend=default_backend()
            )
        elif generate_dto.algorithm.lower() == 'dsa':
            private_key = dsa.generate_private_key(
                key_size=generate_dto.bit_length,
                backend=default_backend()
            )
        else:
            raise c.CryptoPrivateKeyFailureException()

        public_key = private_key.public_key()

        if generate_dto.algorithm.lower() == 'rsa':
            private_key = private_key.private_bytes(
                encoding=serialization.Encoding.PEM,
                format=serialization.PrivateFormat.PKCS8,
                encryption_algorithm=self._get_encryption_algorithm(
                    generate_dto.passphrase)
            )

            public_key = public_key.public_bytes(
                encoding=serialization.Encoding.PEM,
                format=serialization.PublicFormat.SubjectPublicKeyInfo
            )

        if generate_dto.algorithm.lower() == 'dsa':
            private_key = private_key.private_bytes(
                encoding=serialization.Encoding.DER,
                format=serialization.PrivateFormat.PKCS8,
                encryption_algorithm=self._get_encryption_algorithm(
                    generate_dto.passphrase)
            )
            public_key = public_key.public_bytes(
                encoding=serialization.Encoding.DER,
                format=serialization.PublicFormat.SubjectPublicKeyInfo
            )

        private_dto = self.encrypt(c.EncryptDTO(private_key),
                                   kek_meta_dto,
                                   project_id)

        public_dto = self.encrypt(c.EncryptDTO(public_key),
                                  kek_meta_dto,
                                  project_id)

        passphrase_dto = None
        if generate_dto.passphrase:
            if isinstance(generate_dto.passphrase, six.text_type):
                generate_dto.passphrase = generate_dto.passphrase.encode(
                    'utf-8')

            passphrase_dto = self.encrypt(c.EncryptDTO(generate_dto.
                                                       passphrase),
                                          kek_meta_dto,
                                          project_id)

        return private_dto, public_dto, passphrase_dto
Exemplo n.º 46
0
    def generate(cls, algorithm: KeyAlgorithmType, *,
                 size: int = None) -> "PrivateKey":
        """
        Generates a new private key using the given algorithm (key type).

        Safe defaults will automatically be used, and my change time to time.
        Some of the defaults can be overridden, such as size.

        Not all options are used for all algorithms, and may be ignored.

        :param algorithm: The type of key to generate.
        :param size: Keyword-only argument to override the default key size,
         if applicable for the given algorithm.

        :return: A new ``PrivateKey`` representing the newly generated key.

        :raises TypeError: If the given algorithm is an invalid AlgorithmType.
        :raises TypeError: If the given key size is not an integer.
        """
        algorithm = KeyAlgorithmType(algorithm)
        if size:
            size = int(size)
        size = size or _KEY_MIN_SIZES[algorithm]

        # RSA Key Generation
        if algorithm is KeyAlgorithmType.RSA:

            if size < _KEY_MIN_SIZES[KeyAlgorithmType.RSA]:
                warnings.warn("RSA Key Size '{}' Considered Weak".format(size))

            key = rsa.generate_private_key(
                public_exponent=65537,
                key_size=size,
                backend=default_backend()
            )

        # DSA Key Generation
        elif algorithm is KeyAlgorithmType.DSA:

            if size < _KEY_MIN_SIZES[KeyAlgorithmType.DSA]:
                warnings.warn("DSA Key Size '{}' Considered Weak".format(size))

            key = dsa.generate_private_key(
                key_size=size,
                backend=default_backend()
            )

        # ECDSA Key Generation
        else:  # algorithm is AlgorithmType.ECDSA:

            warning = "Invalid Curve Size '{}': Rounding up to {} bits"
            for curve_size in _P_CURVES:

                if size <= curve_size:
                    if size < curve_size:
                        warnings.warn(warning.format(size, curve_size))
                    curve = _P_CURVES[curve_size]
                    break

            # User specified too large of a key size
            else:

                max_size = list(_P_CURVES)[-1]
                warnings.warn("Invalid Curve Size '{}': Rounding down to {} "
                              "bits".format(size, max_size))
                curve = _P_CURVES[max_size]

            key = ec.generate_private_key(
                curve=curve,
                backend=default_backend()
            )

        # Serialize Key to Bytes
        key_bytes = key.private_bytes(
            EncodingType.DER,
            serialization.PrivateFormat.PKCS8,
            serialization.NoEncryption()
        )

        return cls(data=key_bytes)
Exemplo n.º 47
0
 def generate(cls):
     return cls(dsa.generate_private_key(1024, cls.__backend__))  # OTR requires that the DSA q parameter is 160 bits, which forces us to use 1024 bit keys (which are not secure)