def decrypt_message(ciphertext: bytes, private_key: rsa.RSAPrivateKey = PRIVATE_KEY) -> bytes: """Decrypt some message encrypted with out public key.""" return private_key.decrypt( ciphertext, padding.OAEP(mgf=padding.MGF1(algorithm=hashes.SHA256()), algorithm=hashes.SHA256(), label=None))
def pk_decrypt(ciphertext: bytes, private_key: rsa.RSAPrivateKey) -> bytes: """ Decrypt an RSAES-OAEP-encrypted message. """ plaintext = private_key.decrypt( ciphertext, padding.OAEP(padding.MGF1(hashes.SHA1()), hashes.SHA1(), None)) return plaintext
def pk_decrypt(ciphertext: bytes, private_key: rsa.RSAPrivateKey) -> bytes: """ Decrypt an RSAES-OAEP-encrypted message. """ plaintext = private_key.decrypt(ciphertext, padding.OAEP( padding.MGF1(hashes.SHA1()), hashes.SHA1(), None)) return plaintext
def get_decrypted_envelope_data(self, certificate: x509.Certificate, key: rsa.RSAPrivateKey) -> bytes: """Decrypt the encrypted envelope data: Decrypt encrypted_key using public key of CA encrypted_key is available at content.recipient_infos[x].encrypted_key algo is content.recipient_infos[x].key_encryption_algorithm at the moment this is RSA """ encap = self.encap_content_info ct = encap['content_type'].native print(ct) recipient_info = encap['content']['recipient_infos'][0] encryption_algo = recipient_info.chosen[ 'key_encryption_algorithm'].native encrypted_key = recipient_info.chosen['encrypted_key'].native assert encryption_algo['algorithm'] == 'rsa' plain_key = key.decrypt( encrypted_key, padding=asympad.PKCS1v15(), ) # Now we have the plain key, we can decrypt the encrypted data encrypted_contentinfo = encap['content']['encrypted_content_info'] print('encrypted content type: {}'.format( encrypted_contentinfo['content_type'].native)) algorithm = encrypted_contentinfo[ 'content_encryption_algorithm'] #: EncryptionAlgorithm encrypted_content_bytes = encrypted_contentinfo[ 'encrypted_content'].native symkey = None if algorithm.encryption_cipher == 'aes': symkey = AES(plain_key) print('cipher AES') elif algorithm.encryption_cipher == 'tripledes': symkey = TripleDES(plain_key) print('cipher 3DES') else: print('Dont understand encryption cipher: ', algorithm.encryption_cipher) print('key length: ', algorithm.key_length) print('enc mode: ', algorithm.encryption_mode) cipher = Cipher(symkey, modes.CBC(algorithm.encryption_iv), backend=default_backend()) decryptor = cipher.decryptor() return decryptor.update(encrypted_content_bytes) + decryptor.finalize()
def rsa_decrypt(enc_short_message: bytes, private_key: rsa.RSAPrivateKey) -> bytes: """ decrypt Optimal Asymmetric Encryption Padding (OAEP)""" hash_algorithm = hashes.SHA512 if private_key.key_size >= 2048 else hashes.SHA256 return private_key.decrypt( ciphertext=enc_short_message, padding=padding.OAEP( mgf=padding.MGF1(algorithm=hash_algorithm()), algorithm=hash_algorithm(), label=None ) )
def _compute( ciphertext: bytes, key: rsa.RSAPrivateKey, ) -> str: plain = key.decrypt( ciphertext, padding.OAEP( mgf=padding.MGF1(algorithm=hashes.SHA1()), algorithm=hashes.SHA1(), label=None ) ) return b64encode(sha1(plain).digest()).decode("ascii")
def decrypt_smime_content(payload: bytes, key: rsa.RSAPrivateKey) -> bytes: content_info = ContentInfo.load(payload) assert content_info['content_type'].native == 'enveloped_data' content: EnvelopedData = content_info['content'] matching_recipient = content['recipient_infos'][0] # Need to see if we hold the key for any valid recipient. # for recipient_info in content['recipient_infos']: # assert recipient_info.name == 'ktri' # Only support KeyTransRecipientInfo # ktri: KeyTransRecipientInfo = recipient_info.chosen # recipient_id: RecipientIdentifier = ktri['rid'] # assert recipient_id.name == 'issuer_and_serial_number' # Only support IssuerAndSerialNumber # matching_recipient = recipient_info encryption_algo = matching_recipient.chosen['key_encryption_algorithm'].native encrypted_key = matching_recipient.chosen['encrypted_key'].native assert encryption_algo['algorithm'] == 'rsa' # Get the content key plain_key = key.decrypt( encrypted_key, padding=padding.PKCS1v15(), ) # Now we have the plain key, we can decrypt the encrypted data encrypted_contentinfo = content['encrypted_content_info'] algorithm: EncryptionAlgorithm = encrypted_contentinfo['content_encryption_algorithm'] #: EncryptionAlgorithm encrypted_content_bytes = encrypted_contentinfo['encrypted_content'].native symkey = None if algorithm.encryption_cipher == 'aes': symkey = AES(plain_key) elif algorithm.encryption_cipher == 'tripledes': symkey = TripleDES(plain_key) else: print('Dont understand encryption cipher: ', algorithm.encryption_cipher) cipher = Cipher(symkey, modes.CBC(algorithm.encryption_iv), backend=default_backend()) decryptor = cipher.decryptor() decrypted_data = decryptor.update(encrypted_content_bytes) + decryptor.finalize() return decrypted_data
def hybrid_decrypt(h_data, pk: rsa.RSAPrivateKey) -> bytes: """ This method is the hybrid decrypt outlined in the Tor spec 0.4 section :param h_data: The handshake data object of type TapCHData :param pk: The RSA private key to decrypt the message with :return: The decrypted message in bytes """ if h_data.SYMKEY is None: return_message = "hi" # pk.decrypt(x["GX1"], padding.OAEP(mgf=padding.MGF1(algorithm=hashes.SHA256()), # algorithm=hashes.SHA256(), label=None)) else: # Get the params of in bytes form gx1 = h_data.GX1 gx2 = h_data.GX2 sym_key = h_data.SYMKEY padding_bytes = h_data.PADDING print(padding_bytes + sym_key + gx1) print(sym_key) print(gx1) print(gx2) # Decryption begins km1 = pk.decrypt( padding_bytes + sym_key + gx1, padding.OAEP(mgf=padding.MGF1(algorithm=hashes.SHA1()), algorithm=hashes.SHA1(), label=None)) print(len(km1)) m1 = km1[len(sym_key):] sym_key = km1[0:len(sym_key)] nonce = bytes(CryptoConstants.KEY_LEN) cipher = Cipher(algorithms.AES(sym_key), modes.CTR(nonce), backend=default_backend()) decryptor = cipher.decryptor() m2 = decryptor.update(gx2) + decryptor.finalize() # Return the concatenated message return_message = m1 + m2 return return_message
def decrypt(key: rsa.RSAPrivateKey, cypher_text: bytes) -> bytes: return key.decrypt(cypher_text, padding)