def _load_privatekey(self): try: # Read bytes with open(self.path, 'rb') as f: data = f.read() # Interpret bytes depending on format. format = crypto_utils.identify_private_key_format(data) if format == 'raw': if len(data) == 56 and CRYPTOGRAPHY_HAS_X448: return cryptography.hazmat.primitives.asymmetric.x448.X448PrivateKey.from_private_bytes(data) if len(data) == 57 and CRYPTOGRAPHY_HAS_ED448: return cryptography.hazmat.primitives.asymmetric.ed448.Ed448PrivateKey.from_private_bytes(data) if len(data) == 32: if CRYPTOGRAPHY_HAS_X25519 and (self.type == 'X25519' or not CRYPTOGRAPHY_HAS_ED25519): return cryptography.hazmat.primitives.asymmetric.x25519.X25519PrivateKey.from_private_bytes(data) if CRYPTOGRAPHY_HAS_ED25519 and (self.type == 'Ed25519' or not CRYPTOGRAPHY_HAS_X25519): return cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PrivateKey.from_private_bytes(data) if CRYPTOGRAPHY_HAS_X25519 and CRYPTOGRAPHY_HAS_ED25519: try: return cryptography.hazmat.primitives.asymmetric.x25519.X25519PrivateKey.from_private_bytes(data) except Exception: return cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PrivateKey.from_private_bytes(data) raise PrivateKeyError('Cannot load raw key') else: return cryptography.hazmat.primitives.serialization.load_pem_private_key( data, None if self.passphrase is None else to_bytes(self.passphrase), backend=self.cryptography_backend ) except Exception as e: raise PrivateKeyError(e)
def dump(self): """Serialize the object into a dictionary.""" result = { 'size': self.size, 'filename': self.path, 'changed': self.changed, 'fingerprint': self.fingerprint, } if self.backup_file: result['backup_file'] = self.backup_file if self.return_content: if self.privatekey_bytes is None: self.privatekey_bytes = crypto_utils.load_file_if_exists( self.path, ignore_errors=True) if self.privatekey_bytes: if crypto_utils.identify_private_key_format( self.privatekey_bytes) == 'raw': result['privatekey'] = base64.b64encode( self.privatekey_bytes) else: result['privatekey'] = self.privatekey_bytes.decode( 'utf-8') else: result['privatekey'] = None return result
def _check_format(self): if self.format == 'auto_ignore': return True try: with open(self.path, 'rb') as f: content = f.read() format = crypto_utils.identify_private_key_format(content) return format == self._get_wanted_format() except Exception as dummy: return False
def _check_passphrase(self): try: with open(self.path, 'rb') as f: data = f.read() format = crypto_utils.identify_private_key_format(data) if format == 'raw': # Raw keys cannot be encrypted return self.passphrase is None else: return cryptography.hazmat.primitives.serialization.load_pem_private_key( data, None if self.passphrase is None else to_bytes(self.passphrase), backend=self.cryptography_backend ) except Exception as dummy: return False