def handler(args):
key = RSAPrivateKey(modulus=0, exponent=0)
path: str = \
os.path.abspath(
os.path.join(
os.getcwd(),
f'{args.key_name}.{key.kind}.{key.extension}'))
callback(f'reading {key.kind} key from: {path}')
if not os.path.exists(path):
callback(f'error: no such key')
sys.exit(1)
key.load_from_file(path)
with io.BufferedReader(sys.stdin.buffer, 1024) as buffer, \
io.BufferedWriter(sys.stdout.buffer, 1024) as out_buffer:
block = bytes.fromhex(buffer.readline().decode()[0:-1])
while block:
decrypted_block = rsa_decryption_scheme_with_oaep_padding(
private_key=key,
ciphertext=block,
label=b'oblivion',
)
out_buffer.write(decrypted_block)
block = bytes.fromhex(buffer.readline().decode()[0:-1])
def handler(args):
key = RSAPublicKey(modulus=0, exponent=0)
path: str = \
os.path.abspath(
os.path.join(
os.getcwd(),
f'{args.key_name}.{key.kind}.{key.extension}'))
callback(f'reading {key.kind} key from: {path}')
if not os.path.exists(path):
callback(f'error: no such key')
sys.exit(1)
key.load_from_file(path)
# We can encrypt at much this data octets per round
block_size = key.modulus_octets - 2 * (HASH_LENGTH + 1)
# Adjust the last octet
block_size -= 1
with io.BufferedReader(sys.stdin.buffer) as buffer:
block = buffer.read(block_size)
while block:
encrypted_block = rsa_encryption_scheme_with_oaep_padding(
public_key=key,
message=block,
label=b'oblivion',
)
print(encrypted_block.hex())
block = buffer.read(block_size)
def generate_prime(bits: int) -> int:
"""Return a prime number of the specified bits."""
callback(f'generating prime with {bits} bits')
mask: int = (1 << bits - 1) | 1
while True:
prime = secrets.randbits(bits) | mask
if prime.bit_length() < bits:
continue
if is_prime(prime):
return prime
def generate_hard_to_factor_prime(bits: int, depth: int = 2) -> int:
"""
Return a prime 'p' where 'p - 1' has a large prime factor.
To guarantee that 'p - 1' has a large prime factor we'll generate a random
base prime number 'u', and then find the first prime 'p' in the sequence:
i * u + 1, where i = 2, 4, 6, ...
With this, we ensure that the only prime factor of 'p - 1' is 'u', which is
large.
To provide extra security, 'u - 1' will also contain large prime factors,
and recursively the base prime used to generate 'u', up to the provided
depth level.
"""
counter: int = 0
if depth > 0:
callback(f'generating a base prime "d{depth}" with {bits} bits '
f'where "d{depth} - 1" has a large prime factor')
base_prime = generate_hard_to_factor_prime(bits, depth=depth - 1)
else:
callback(f'generating prime "d{depth}" with {bits} bits')
base_prime = generate_prime(bits)
callback(f'inflating base prime "d{depth}"')
while True:
counter += 2
prime = counter * base_prime + 1
if is_prime(prime):
return prime
def handler(args):
callback('generating a new secure RSA key pair')
if args.bits < MINIMUM_MODULUS_BIT_SIZE:
callback(f'minimum bit size is {MINIMUM_MODULUS_BIT_SIZE}, adjusting')
args.bits = MINIMUM_MODULUS_BIT_SIZE
public_key, private_key = rsa_generate_keys(args.bits)
for key in (public_key, private_key):
path: str = \
os.path.abspath(
os.path.join(
os.getcwd(),
f'{args.name}.{key.kind}.{key.extension}'))
callback(f'saving {key.kind} key to: {path}')
key.save_to_file(path)