示例#1
0
 def _write_private_key(self, tag, f, data, password=None):
     f.write('-----BEGIN %s PRIVATE KEY-----\n' % tag)
     if password is not None:
         # since we only support one cipher here, use it
         cipher_name = list(self._CIPHER_TABLE.keys())[0]
         cipher = self._CIPHER_TABLE[cipher_name]['cipher']
         keysize = self._CIPHER_TABLE[cipher_name]['keysize']
         blocksize = self._CIPHER_TABLE[cipher_name]['blocksize']
         mode = self._CIPHER_TABLE[cipher_name]['mode']
         salt = rng.read(16)
         key = util.generate_key_bytes(MD5, salt, password, keysize)
         if len(data) % blocksize != 0:
             n = blocksize - len(data) % blocksize
             #data += rng.read(n)
             # that would make more sense ^, but it confuses openssh.
             data += zero_byte * n
         data = cipher.new(key, mode, salt).encrypt(data)
         f.write('Proc-Type: 4,ENCRYPTED\n')
         f.write('DEK-Info: %s,%s\n' % (cipher_name, u(hexlify(salt)).upper()))
         f.write('\n')
     s = u(encodebytes(data))
     # re-wrap to 64-char lines
     s = ''.join(s.split('\n'))
     s = '\n'.join([s[i: i + 64] for i in range(0, len(s), 64)])
     f.write(s)
     f.write('\n')
     f.write('-----END %s PRIVATE KEY-----\n' % tag)
示例#2
0
 def _write_private_key(self, tag, f, data, password=None):
     f.write('-----BEGIN %s PRIVATE KEY-----\n' % tag)
     if password is not None:
         cipher_name = list(self._CIPHER_TABLE.keys())[0]
         cipher = self._CIPHER_TABLE[cipher_name]['cipher']
         keysize = self._CIPHER_TABLE[cipher_name]['keysize']
         blocksize = self._CIPHER_TABLE[cipher_name]['blocksize']
         mode = self._CIPHER_TABLE[cipher_name]['mode']
         salt = os.urandom(blocksize)
         key = util.generate_key_bytes(md5, salt, password, keysize)
         if len(data) % blocksize != 0:
             n = blocksize - len(data) % blocksize
             #data += os.urandom(n)
             # that would make more sense ^, but it confuses openssh.
             data += zero_byte * n
         data = cipher.new(key, mode, salt).encrypt(data)
         f.write('Proc-Type: 4,ENCRYPTED\n')
         f.write('DEK-Info: %s,%s\n' %
                 (cipher_name, u(hexlify(salt)).upper()))
         f.write('\n')
     s = u(encodebytes(data))
     # re-wrap to 64-char lines
     s = ''.join(s.split('\n'))
     s = '\n'.join([s[i:i + 64] for i in range(0, len(s), 64)])
     f.write(s)
     f.write('\n')
     f.write('-----END %s PRIVATE KEY-----\n' % tag)
示例#3
0
    def get_base64(self):
        """
        Return a base64 string containing the public part of this key.  Nothing
        secret is revealed.  This format is compatible with that used to store
        public key files or recognized host keys.

        :return: a base64 `string <str>` containing the public part of the key.
        """
        return u(encodebytes(self.asbytes())).replace('\n', '')
示例#4
0
文件: pkey.py 项目: cllover2410/Note
    def get_base64(self):
        """
        Return a base64 string containing the public part of this key.  Nothing
        secret is revealed.  This format is compatible with that used to store
        public key files or recognized host keys.

        :return: a base64 `string <str>` containing the public part of the key.
        """
        return u(encodebytes(self.asbytes())).replace('\n', '')
示例#5
0
    def hash_host(hostname, salt=None):
        """
        Return a "hashed" form of the hostname, as used by OpenSSH when storing
        hashed hostnames in the known_hosts file.

        :param str hostname: the hostname to hash
        :param str salt: optional salt to use when hashing (must be 20 bytes long)
        :return: the hashed hostname as a `str`
        """
        if salt is None:
            salt = os.urandom(sha1().digest_size)
        else:
            if salt.startswith('|1|'):
                salt = salt.split('|')[2]
            salt = decodebytes(b(salt))
        assert len(salt) == sha1().digest_size
        hmac = HMAC(salt, b(hostname), sha1).digest()
        hostkey = '|1|%s|%s' % (u(encodebytes(salt)), u(encodebytes(hmac)))
        return hostkey.replace('\n', '')
示例#6
0
    def hash_host(hostname, salt=None):
        """
        Return a "hashed" form of the hostname, as used by OpenSSH when storing
        hashed hostnames in the known_hosts file.

        :param str hostname: the hostname to hash
        :param str salt: optional salt to use when hashing (must be 20 bytes long)
        :return: the hashed hostname as a `str`
        """
        if salt is None:
            salt = os.urandom(sha1().digest_size)
        else:
            if salt.startswith('|1|'):
                salt = salt.split('|')[2]
            salt = decodebytes(b(salt))
        assert len(salt) == sha1().digest_size
        hmac = HMAC(salt, b(hostname), sha1).digest()
        hostkey = '|1|%s|%s' % (u(encodebytes(salt)), u(encodebytes(hmac)))
        return hostkey.replace('\n', '')
示例#7
0
 def key(self, pkey):
     """
     Creates a new Key object created from a paramiko pkey object
     :param pkey: Public Key
     :type pkey: PKey
     :raises ValueError:
     """
     if not isinstance(pkey, PKey):
         raise ValueError('invalid PKey object supplied')
     if pkey.public_blob is not None:
         self.key_type = pkey.public_blob.key_type
         self.public_key = encodebytes(pkey.public_blob.key_blob)  # pylint: disable=W1505
     else:
         self.key_type = pkey.get_name()
         self.public_key = pkey.get_base64()
     self.private_key = None
     if pkey.can_sign():
         key_data = StringIO()
         pkey.write_private_key(key_data)
         self.private_key = key_data.getvalue()
示例#8
0
 def key(self, pkey):
     """
     Creates a new Key object created from a paramiko pkey object
     :param pkey: Public Key
     :type pkey: PKey
     :raises ValueError:
     """
     if not isinstance(pkey, PKey):
         raise ValueError('invalid PKey object supplied')
     if pkey.public_blob is not None:
         self.key_type = pkey.public_blob.key_type
         self.public_key = encodebytes(pkey.public_blob.key_blob)
     else:
         self.key_type = pkey.get_name()
         self.public_key = pkey.get_base64()
     self.private_key = None
     if pkey.can_sign():
         key_data = BytesIO()
         pkey.write_private_key(key_data)
         self.private_key = key_data.getvalue()