Stowage/pycryptodome
2
0
Fork 0
mirror of https://github.com/Legrandin/pycryptodome.git synced 2025-10-21 08:54:08 +00:00
Code Issues Projects Releases Packages Wiki Activity
pycryptodome/lib/Crypto/PublicKey/RSA.py

670 lines
26 KiB
Python
Raw Normal View History

RSA: Unify interface to GMP ("_fastmath") and pure python ("_slowmath") implementations This commit adds a new module called "_slowmath", which mirrors the RSA portions of _fastmath. A single, unified interface is layered on top of it. This should help avoid any inconsistencies between the _fastmath and the _slowmath code paths. Also, users no longer need to specify an empty second parameter ("K") to rsaObj.encrypt(), and specifying a non-empty second parameter results in a DeprecationWarning. Using the RSA primitive is now as simple as: from Crypto.PublicKey import RSA rsaObj = RSA.generate(2048) # randomly generate a 2048-bit RSA key (ciphertext,) = rsaObj.encrypt("message") Note that this is still just the RSA _primitive_. PKCS#1 padding will come later.
2008-09-18 21:42:28 -04:00
# -*- coding: utf-8 -*-
#
# PublicKey/RSA.py : RSA public key primitive
#
Legal: Dedicate my files to the public domain. In an attempt to simplify the copyright status of PyCrypto, I'm placing my code into the public domain, and encouraging other contributors to do the same. I have used a public domain dedication that was recommended in a book on FOSS legal issues[1], followed by the warranty disclaimer boilerplate from the MIT license. [1] _Intellectual Property and Open Source: A Practical Guide to Protecting Code_, a book written by Van Lindberg and published by O'Reilly Media. (ISBN 978-0-596-51796-0)
2009-02-28 13:24:04 -05:00
# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
RSA: Unify interface to GMP ("_fastmath") and pure python ("_slowmath") implementations This commit adds a new module called "_slowmath", which mirrors the RSA portions of _fastmath. A single, unified interface is layered on top of it. This should help avoid any inconsistencies between the _fastmath and the _slowmath code paths. Also, users no longer need to specify an empty second parameter ("K") to rsaObj.encrypt(), and specifying a non-empty second parameter results in a DeprecationWarning. Using the RSA primitive is now as simple as: from Crypto.PublicKey import RSA rsaObj = RSA.generate(2048) # randomly generate a 2048-bit RSA key (ciphertext,) = rsaObj.encrypt("message") Note that this is still just the RSA _primitive_. PKCS#1 padding will come later.
2008-09-18 21:42:28 -04:00
#
Legal: Dedicate my files to the public domain. In an attempt to simplify the copyright status of PyCrypto, I'm placing my code into the public domain, and encouraging other contributors to do the same. I have used a public domain dedication that was recommended in a book on FOSS legal issues[1], followed by the warranty disclaimer boilerplate from the MIT license. [1] _Intellectual Property and Open Source: A Practical Guide to Protecting Code_, a book written by Van Lindberg and published by O'Reilly Media. (ISBN 978-0-596-51796-0)
2009-02-28 13:24:04 -05:00
# ===================================================================
# The contents of this file are dedicated to the public domain. To
# the extent that dedication to the public domain is not available,
# everyone is granted a worldwide, perpetual, royalty-free,
# non-exclusive license to exercise all rights associated with the
# contents of this file for any purpose whatsoever.
# No rights are reserved.
RSA: Unify interface to GMP ("_fastmath") and pure python ("_slowmath") implementations This commit adds a new module called "_slowmath", which mirrors the RSA portions of _fastmath. A single, unified interface is layered on top of it. This should help avoid any inconsistencies between the _fastmath and the _slowmath code paths. Also, users no longer need to specify an empty second parameter ("K") to rsaObj.encrypt(), and specifying a non-empty second parameter results in a DeprecationWarning. Using the RSA primitive is now as simple as: from Crypto.PublicKey import RSA rsaObj = RSA.generate(2048) # randomly generate a 2048-bit RSA key (ciphertext,) = rsaObj.encrypt("message") Note that this is still just the RSA _primitive_. PKCS#1 padding will come later.
2008-09-18 21:42:28 -04:00
#
Legal: Dedicate my files to the public domain. In an attempt to simplify the copyright status of PyCrypto, I'm placing my code into the public domain, and encouraging other contributors to do the same. I have used a public domain dedication that was recommended in a book on FOSS legal issues[1], followed by the warranty disclaimer boilerplate from the MIT license. [1] _Intellectual Property and Open Source: A Practical Guide to Protecting Code_, a book written by Van Lindberg and published by O'Reilly Media. (ISBN 978-0-596-51796-0)
2009-02-28 13:24:04 -05:00
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
# ===================================================================
RSA: Unify interface to GMP ("_fastmath") and pure python ("_slowmath") implementations This commit adds a new module called "_slowmath", which mirrors the RSA portions of _fastmath. A single, unified interface is layered on top of it. This should help avoid any inconsistencies between the _fastmath and the _slowmath code paths. Also, users no longer need to specify an empty second parameter ("K") to rsaObj.encrypt(), and specifying a non-empty second parameter results in a DeprecationWarning. Using the RSA primitive is now as simple as: from Crypto.PublicKey import RSA rsaObj = RSA.generate(2048) # randomly generate a 2048-bit RSA key (ciphertext,) = rsaObj.encrypt("message") Note that this is still just the RSA _primitive_. PKCS#1 padding will come later.
2008-09-18 21:42:28 -04:00
Polished the Crypto.PublicKey page.Added hyperlinks to RFCs.
2012-04-12 23:16:52 +02:00
"""RSA public-key cryptography algorithm (signature and encryption).
Added more documentation for the RSA module.
2011-01-21 18:54:53 +01:00
Refreshed documentation for RSA. epydoc does not generate documentation for private methods, and inherited ones are made more explicit.
2012-04-10 21:26:33 +02:00
RSA_ is the most widespread and used public key algorithm. Its security is
based on the difficulty of factoring large integers. The algorithm has
withstood attacks for 30 years, and it is therefore considered reasonably
secure for new designs.
The algorithm can be used for both confidentiality (encryption) and
authentication (digital signature). It is worth noting that signing and
decryption are significantly slower than verification and encryption.
Refreshed documentation for ElGamal. Small corrections to DSA and RSA.
2012-04-18 20:45:38 +02:00
The cryptograhic strength is primarily linked to the length of the modulus *n*.
Refreshed documentation for RSA. epydoc does not generate documentation for private methods, and inherited ones are made more explicit.
2012-04-10 21:26:33 +02:00
In 2012, a sufficient length is deemed to be 2048 bits. For more information,
see the most recent ECRYPT_ report.
Refreshed documentation for ElGamal. Small corrections to DSA and RSA.
2012-04-18 20:45:38 +02:00
Both RSA ciphertext and RSA signature are as big as the modulus *n* (256
bytes if *n* is 2048 bit long).
Refreshed documentation for RSA. epydoc does not generate documentation for private methods, and inherited ones are made more explicit.
2012-04-10 21:26:33 +02:00
This module provides facilities for generating fresh, new RSA keys, constructing
them from known components, exporting them, and importing them.
>>> from Crypto.PublicKey import RSA
>>>
>>> key = RSA.generate(2048)
>>> f = open('mykey.pem','w')
FIX #1191411: RSA export example Closes: https://bugs.launchpad.net/pycrypto/+bug/1191411
2013-06-16 11:47:16 +02:00
>>> f.write(key.exportKey('PEM'))
Refreshed documentation for RSA. epydoc does not generate documentation for private methods, and inherited ones are made more explicit.
2012-04-10 21:26:33 +02:00
>>> f.close()
...
>>> f = open('mykey.pem','r')
>>> key = RSA.importKey(f.read())
Even though you may choose to directly use the methods of an RSA key object
Clean up Crypto.PublicKey module This patch does a few things to simplify the public key classes (RSA, DSA and ElGamal): * It removes the Crypto.PublicKey.pubkey module. The 3 classes do not have an ancestor anymore. * Methods sign(), verify(), encrypt(), and decrypt() are removed. * Methods blind() and unblind() are removed. * Methods can_sign() and can_encrypt() are removed. * The 3 classes cannot be pickled anymore.
2014-06-16 21:42:39 +02:00
to perform the primitive cryptographic operations (e.g. `_RSAobj._encrypt`),
Refreshed documentation for RSA. epydoc does not generate documentation for private methods, and inherited ones are made more explicit.
2012-04-10 21:26:33 +02:00
it is recommended to use one of the standardized schemes instead (like
`Crypto.Cipher.PKCS1_v1_5` or `Crypto.Signature.PKCS1_v1_5`).
.. _RSA: http://en.wikipedia.org/wiki/RSA_%28algorithm%29
.. _ECRYPT: http://www.ecrypt.eu.org/documents/D.SPA.17.pdf
Clean up Crypto.PublicKey module This patch does a few things to simplify the public key classes (RSA, DSA and ElGamal): * It removes the Crypto.PublicKey.pubkey module. The 3 classes do not have an ancestor anymore. * Methods sign(), verify(), encrypt(), and decrypt() are removed. * Methods blind() and unblind() are removed. * Methods can_sign() and can_encrypt() are removed. * The 3 classes cannot be pickled anymore.
2014-06-16 21:42:39 +02:00
:sort: generate,construct,importKey
Added more documentation for the RSA module.
2011-01-21 18:54:53 +01:00
"""
RSA: Unify interface to GMP ("_fastmath") and pure python ("_slowmath") implementations This commit adds a new module called "_slowmath", which mirrors the RSA portions of _fastmath. A single, unified interface is layered on top of it. This should help avoid any inconsistencies between the _fastmath and the _slowmath code paths. Also, users no longer need to specify an empty second parameter ("K") to rsaObj.encrypt(), and specifying a non-empty second parameter results in a DeprecationWarning. Using the RSA primitive is now as simple as: from Crypto.PublicKey import RSA rsaObj = RSA.generate(2048) # randomly generate a 2048-bit RSA key (ciphertext,) = rsaObj.encrypt("message") Note that this is still just the RSA _primitive_. PKCS#1 padding will come later.
2008-09-18 21:42:28 -04:00
Clean up Crypto.PublicKey module This patch does a few things to simplify the public key classes (RSA, DSA and ElGamal): * It removes the Crypto.PublicKey.pubkey module. The 3 classes do not have an ancestor anymore. * Methods sign(), verify(), encrypt(), and decrypt() are removed. * Methods blind() and unblind() are removed. * Methods can_sign() and can_encrypt() are removed. * The 3 classes cannot be pickled anymore.
2014-06-16 21:42:39 +02:00
__all__ = ['generate', 'construct', 'importKey', 'RSAImplementation',
Added support for PKCS#8-encrypted private keys. The patch contains the following changes: - Private RSA keys can be imported/exported in encrypted form, protected according to PKCS#8 and: * PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC. * PBKDF2WithHMAC-SHA1AndAES128-CBC * PBKDF2WithHMAC-SHA1AndAES192-CBC * PBKDF2WithHMAC-SHA1AndAES256-CBC In addition to that, it is possible to import keys i the following weak formats: * pbeWithMD5AndDES-CBC * pbeWithSHA1AndRC2-CBC * pbeWithMD5AndRC2-CBC * pbeWithSHA1AndDES-CBC - The following new module (and 1 new package) are added: * Crypto.Util.Padding for simple padding/unpadding logic * Crypto.IO._PBES for PBE-related PKCS#5 logic * Crypto.IO.PEM for PEM wrapping/unwrapping * Crypto.IO.PKCS8 for PKCS#8 wrapping/unwrapping - All Object ID (OIDs) are now in dotted form to increase readability. - Add AES support to PEM format (decode only). The PEM module can decrypt messages protected with AES-CBC. - Update RSA import test cases. - Updated to PKCS8 test cases
2013-06-15 23:25:49 +02:00
'_RSAobj', 'oid' , 'algorithmIdentifier' ]
RSA: Unify interface to GMP ("_fastmath") and pure python ("_slowmath") implementations This commit adds a new module called "_slowmath", which mirrors the RSA portions of _fastmath. A single, unified interface is layered on top of it. This should help avoid any inconsistencies between the _fastmath and the _slowmath code paths. Also, users no longer need to specify an empty second parameter ("K") to rsaObj.encrypt(), and specifying a non-empty second parameter results in a DeprecationWarning. Using the RSA primitive is now as simple as: from Crypto.PublicKey import RSA rsaObj = RSA.generate(2048) # randomly generate a 2048-bit RSA key (ciphertext,) = rsaObj.encrypt("message") Note that this is still just the RSA _primitive_. PKCS#1 padding will come later.
2008-09-18 21:42:28 -04:00
Changes to allow pycrpyto to work on Python 3.x as well as 2.1 through 2.7
2010-12-28 16:26:52 -05:00
from Crypto.Util.py3compat import *
Added support for PKCS#8-encrypted private keys. The patch contains the following changes: - Private RSA keys can be imported/exported in encrypted form, protected according to PKCS#8 and: * PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC. * PBKDF2WithHMAC-SHA1AndAES128-CBC * PBKDF2WithHMAC-SHA1AndAES192-CBC * PBKDF2WithHMAC-SHA1AndAES256-CBC In addition to that, it is possible to import keys i the following weak formats: * pbeWithMD5AndDES-CBC * pbeWithSHA1AndRC2-CBC * pbeWithMD5AndRC2-CBC * pbeWithSHA1AndDES-CBC - The following new module (and 1 new package) are added: * Crypto.Util.Padding for simple padding/unpadding logic * Crypto.IO._PBES for PBE-related PKCS#5 logic * Crypto.IO.PEM for PEM wrapping/unwrapping * Crypto.IO.PKCS8 for PKCS#8 wrapping/unwrapping - All Object ID (OIDs) are now in dotted form to increase readability. - Add AES support to PEM format (decode only). The PEM module can decrypt messages protected with AES-CBC. - Update RSA import test cases. - Updated to PKCS8 test cases
2013-06-15 23:25:49 +02:00
Support for older versions of python This patch add support for older python 2.1/2.2 to the previous one (DER/PEM). Committer: Legrandin <gooksankoo@hoiptorrow.mailexpire.com>
2010-01-21 20:14:10 +01:00
import binascii
Add support for import of OpenSSH public keys
2011-09-21 00:01:36 +02:00
import struct
Add ability to export and import RSA keys in DER and PEM format. Typical usage for importing an RSA key: f = file("ssl.pem") key = RSA.importKey(f.read()) f.close() key.verify(hash, signature) Typical usage for exporting an RSA public key: key = RSA.generate(512, randfunc) f = file("ssl.der","w") f.write(key.publickey.exportKey('DER')) f.close() I confirm I am eligible for submitting code to pycrypto according to http://www.dlitz.net/software/pycrypto/submission-requirements/ fetched on 27 December 2009. Committer: Legrandin <gooksankoo@hoiptorrow.mailexpire.com>
2009-12-27 17:26:59 +01:00
Removed support for Python<2.4
2014-06-11 15:46:22 +02:00
from Crypto import Random
from Crypto.IO import PKCS8, PEM
Clean up Crypto.PublicKey module This patch does a few things to simplify the public key classes (RSA, DSA and ElGamal): * It removes the Crypto.PublicKey.pubkey module. The 3 classes do not have an ancestor anymore. * Methods sign(), verify(), encrypt(), and decrypt() are removed. * Methods blind() and unblind() are removed. * Methods can_sign() and can_encrypt() are removed. * The 3 classes cannot be pickled anymore.
2014-06-16 21:42:39 +02:00
from Crypto.PublicKey import _RSA, _slowmath
Add checks to verify correctness of RSA/DSA/ElGamal keys When the various components are assembled into an RSA, DSA or ElGamal key via the construct() method, we must verify as much as possible if the result is indeed a valid key.
2013-06-17 23:25:21 +02:00
from Crypto.Util.number import inverse, GCD, isPrime
Removed support for Python<2.4
2014-06-11 15:46:22 +02:00
from Crypto.Util.number import getRandomRange, bytes_to_long, long_to_bytes
from Crypto.Util.asn1 import (
DerNull,
DerSequence,
DerBitString,
Add ability to read in RSA keys from X.509 certs
2014-07-11 22:58:47 +02:00
DerInteger,
Removed support for Python<2.4
2014-06-11 15:46:22 +02:00
DerObjectId,
newDerSequence,
newDerBitString
)
FIX BUG 702835. When importing an DER RSA private key, u (that is, p^{-1} mod q) must be computed manually. RSA.importKey() also raises a more descriptive exception in case of an unknown key format.
2011-01-16 21:44:10 +01:00
RSA: Unify interface to GMP ("_fastmath") and pure python ("_slowmath") implementations This commit adds a new module called "_slowmath", which mirrors the RSA portions of _fastmath. A single, unified interface is layered on top of it. This should help avoid any inconsistencies between the _fastmath and the _slowmath code paths. Also, users no longer need to specify an empty second parameter ("K") to rsaObj.encrypt(), and specifying a non-empty second parameter results in a DeprecationWarning. Using the RSA primitive is now as simple as: from Crypto.PublicKey import RSA rsaObj = RSA.generate(2048) # randomly generate a 2048-bit RSA key (ciphertext,) = rsaObj.encrypt("message") Note that this is still just the RSA _primitive_. PKCS#1 padding will come later.
2008-09-18 21:42:28 -04:00
try:
from Crypto.PublicKey import _fastmath
except ImportError:
_fastmath = None
Clean up Crypto.PublicKey module This patch does a few things to simplify the public key classes (RSA, DSA and ElGamal): * It removes the Crypto.PublicKey.pubkey module. The 3 classes do not have an ancestor anymore. * Methods sign(), verify(), encrypt(), and decrypt() are removed. * Methods blind() and unblind() are removed. * Methods can_sign() and can_encrypt() are removed. * The 3 classes cannot be pickled anymore.
2014-06-16 21:42:39 +02:00
def _decode_der(obj_class, binstr):
Added support for PKCS#8-encrypted private keys. The patch contains the following changes: - Private RSA keys can be imported/exported in encrypted form, protected according to PKCS#8 and: * PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC. * PBKDF2WithHMAC-SHA1AndAES128-CBC * PBKDF2WithHMAC-SHA1AndAES192-CBC * PBKDF2WithHMAC-SHA1AndAES256-CBC In addition to that, it is possible to import keys i the following weak formats: * pbeWithMD5AndDES-CBC * pbeWithSHA1AndRC2-CBC * pbeWithMD5AndRC2-CBC * pbeWithSHA1AndDES-CBC - The following new module (and 1 new package) are added: * Crypto.Util.Padding for simple padding/unpadding logic * Crypto.IO._PBES for PBE-related PKCS#5 logic * Crypto.IO.PEM for PEM wrapping/unwrapping * Crypto.IO.PKCS8 for PKCS#8 wrapping/unwrapping - All Object ID (OIDs) are now in dotted form to increase readability. - Add AES support to PEM format (decode only). The PEM module can decrypt messages protected with AES-CBC. - Update RSA import test cases. - Updated to PKCS8 test cases
2013-06-15 23:25:49 +02:00
"""Instantiate a DER object class, decode a DER binary string in it, and
return the object."""
der = obj_class()
der.decode(binstr)
return der
Clean up Crypto.PublicKey module This patch does a few things to simplify the public key classes (RSA, DSA and ElGamal): * It removes the Crypto.PublicKey.pubkey module. The 3 classes do not have an ancestor anymore. * Methods sign(), verify(), encrypt(), and decrypt() are removed. * Methods blind() and unblind() are removed. * Methods can_sign() and can_encrypt() are removed. * The 3 classes cannot be pickled anymore.
2014-06-16 21:42:39 +02:00
class _RSAobj(object):
Refreshed documentation for RSA. epydoc does not generate documentation for private methods, and inherited ones are made more explicit.
2012-04-10 21:26:33 +02:00
"""Class defining an actual RSA key.
Added more documentation for the RSA module.
2011-01-21 18:54:53 +01:00
Refreshed documentation for RSA. epydoc does not generate documentation for private methods, and inherited ones are made more explicit.
2012-04-10 21:26:33 +02:00
:undocumented: __getstate__, __setstate__, __repr__, __getattr__
"""
Added more documentation for the RSA module.
2011-01-21 18:54:53 +01:00
#: Dictionary of RSA parameters.
#:
#: A public key will only have the following entries:
#:
#: - **n**, the modulus.
#: - **e**, the public exponent.
#:
#: A private key will also have:
#:
#: - **d**, the private exponent.
#: - **p**, the first factor of n.
#: - **q**, the second factor of n.
#: - **u**, the CRT coefficient (1/p) mod q.
Clean up Crypto.PublicKey module This patch does a few things to simplify the public key classes (RSA, DSA and ElGamal): * It removes the Crypto.PublicKey.pubkey module. The 3 classes do not have an ancestor anymore. * Methods sign(), verify(), encrypt(), and decrypt() are removed. * Methods blind() and unblind() are removed. * Methods can_sign() and can_encrypt() are removed. * The 3 classes cannot be pickled anymore.
2014-06-16 21:42:39 +02:00
_keydata = ['n', 'e', 'd', 'p', 'q', 'u']
RSA: Unify interface to GMP ("_fastmath") and pure python ("_slowmath") implementations This commit adds a new module called "_slowmath", which mirrors the RSA portions of _fastmath. A single, unified interface is layered on top of it. This should help avoid any inconsistencies between the _fastmath and the _slowmath code paths. Also, users no longer need to specify an empty second parameter ("K") to rsaObj.encrypt(), and specifying a non-empty second parameter results in a DeprecationWarning. Using the RSA primitive is now as simple as: from Crypto.PublicKey import RSA rsaObj = RSA.generate(2048) # randomly generate a 2048-bit RSA key (ciphertext,) = rsaObj.encrypt("message") Note that this is still just the RSA _primitive_. PKCS#1 padding will come later.
2008-09-18 21:42:28 -04:00
Avoid timing attacks: Do blinded RSA by default Thanks to Geremy Condra (and others) for pointing out the timing vulnerability.
2011-02-21 21:11:21 -05:00
def __init__(self, implementation, key, randfunc=None):
RSA: Unify interface to GMP ("_fastmath") and pure python ("_slowmath") implementations This commit adds a new module called "_slowmath", which mirrors the RSA portions of _fastmath. A single, unified interface is layered on top of it. This should help avoid any inconsistencies between the _fastmath and the _slowmath code paths. Also, users no longer need to specify an empty second parameter ("K") to rsaObj.encrypt(), and specifying a non-empty second parameter results in a DeprecationWarning. Using the RSA primitive is now as simple as: from Crypto.PublicKey import RSA rsaObj = RSA.generate(2048) # randomly generate a 2048-bit RSA key (ciphertext,) = rsaObj.encrypt("message") Note that this is still just the RSA _primitive_. PKCS#1 padding will come later.
2008-09-18 21:42:28 -04:00
self.implementation = implementation
self.key = key
Avoid timing attacks: Do blinded RSA by default Thanks to Geremy Condra (and others) for pointing out the timing vulnerability.
2011-02-21 21:11:21 -05:00
if randfunc is None:
randfunc = Random.new().read
self._randfunc = randfunc
RSA: Unify interface to GMP ("_fastmath") and pure python ("_slowmath") implementations This commit adds a new module called "_slowmath", which mirrors the RSA portions of _fastmath. A single, unified interface is layered on top of it. This should help avoid any inconsistencies between the _fastmath and the _slowmath code paths. Also, users no longer need to specify an empty second parameter ("K") to rsaObj.encrypt(), and specifying a non-empty second parameter results in a DeprecationWarning. Using the RSA primitive is now as simple as: from Crypto.PublicKey import RSA rsaObj = RSA.generate(2048) # randomly generate a 2048-bit RSA key (ciphertext,) = rsaObj.encrypt("message") Note that this is still just the RSA _primitive_. PKCS#1 padding will come later.
2008-09-18 21:42:28 -04:00
def __getattr__(self, attrname):
Clean up Crypto.PublicKey module This patch does a few things to simplify the public key classes (RSA, DSA and ElGamal): * It removes the Crypto.PublicKey.pubkey module. The 3 classes do not have an ancestor anymore. * Methods sign(), verify(), encrypt(), and decrypt() are removed. * Methods blind() and unblind() are removed. * Methods can_sign() and can_encrypt() are removed. * The 3 classes cannot be pickled anymore.
2014-06-16 21:42:39 +02:00
if attrname in self._keydata:
RSA: Unify interface to GMP ("_fastmath") and pure python ("_slowmath") implementations This commit adds a new module called "_slowmath", which mirrors the RSA portions of _fastmath. A single, unified interface is layered on top of it. This should help avoid any inconsistencies between the _fastmath and the _slowmath code paths. Also, users no longer need to specify an empty second parameter ("K") to rsaObj.encrypt(), and specifying a non-empty second parameter results in a DeprecationWarning. Using the RSA primitive is now as simple as: from Crypto.PublicKey import RSA rsaObj = RSA.generate(2048) # randomly generate a 2048-bit RSA key (ciphertext,) = rsaObj.encrypt("message") Note that this is still just the RSA _primitive_. PKCS#1 padding will come later.
2008-09-18 21:42:28 -04:00
# For backward compatibility, allow the user to get (not set) the
# RSA key parameters directly from this object.
return getattr(self.key, attrname)
else:
raise AttributeError("%s object has no %r attribute" % (self.__class__.__name__, attrname,))
Clean up Crypto.PublicKey module This patch does a few things to simplify the public key classes (RSA, DSA and ElGamal): * It removes the Crypto.PublicKey.pubkey module. The 3 classes do not have an ancestor anymore. * Methods sign(), verify(), encrypt(), and decrypt() are removed. * Methods blind() and unblind() are removed. * Methods can_sign() and can_encrypt() are removed. * The 3 classes cannot be pickled anymore.
2014-06-16 21:42:39 +02:00
def _encrypt(self, plaintext):
if not 0 < plaintext < self.n:
Extended fix for the RSA boundary check
2014-05-07 12:20:46 +02:00
raise ValueError("Plaintext too large")
Clean up Crypto.PublicKey module This patch does a few things to simplify the public key classes (RSA, DSA and ElGamal): * It removes the Crypto.PublicKey.pubkey module. The 3 classes do not have an ancestor anymore. * Methods sign(), verify(), encrypt(), and decrypt() are removed. * Methods blind() and unblind() are removed. * Methods can_sign() and can_encrypt() are removed. * The 3 classes cannot be pickled anymore.
2014-06-16 21:42:39 +02:00
return self.key._encrypt(long(plaintext))
Avoid timing attacks: Do blinded RSA by default Thanks to Geremy Condra (and others) for pointing out the timing vulnerability.
2011-02-21 21:11:21 -05:00
Clean up Crypto.PublicKey module This patch does a few things to simplify the public key classes (RSA, DSA and ElGamal): * It removes the Crypto.PublicKey.pubkey module. The 3 classes do not have an ancestor anymore. * Methods sign(), verify(), encrypt(), and decrypt() are removed. * Methods blind() and unblind() are removed. * Methods can_sign() and can_encrypt() are removed. * The 3 classes cannot be pickled anymore.
2014-06-16 21:42:39 +02:00
def _decrypt(self, ciphertext):
Extended fix for the RSA boundary check
2014-05-07 12:20:46 +02:00
if not 0 < ciphertext < self.n:
raise ValueError("Ciphertext too large")
Avoid timing attacks: Do blinded RSA by default Thanks to Geremy Condra (and others) for pointing out the timing vulnerability.
2011-02-21 21:11:21 -05:00
# Blinded RSA decryption (to prevent timing attacks):
# Step 1: Generate random secret blinding factor r, such that 0 < r < n-1
r = getRandomRange(1, self.key.n-1, randfunc=self._randfunc)
# Step 2: Compute c' = c * r**e mod n
Clean up Crypto.PublicKey module This patch does a few things to simplify the public key classes (RSA, DSA and ElGamal): * It removes the Crypto.PublicKey.pubkey module. The 3 classes do not have an ancestor anymore. * Methods sign(), verify(), encrypt(), and decrypt() are removed. * Methods blind() and unblind() are removed. * Methods can_sign() and can_encrypt() are removed. * The 3 classes cannot be pickled anymore.
2014-06-16 21:42:39 +02:00
cp = self.key._blind(long(ciphertext), r)
Avoid timing attacks: Do blinded RSA by default Thanks to Geremy Condra (and others) for pointing out the timing vulnerability.
2011-02-21 21:11:21 -05:00
# Step 3: Compute m' = c'**d mod n (ordinary RSA decryption)
mp = self.key._decrypt(cp)
# Step 4: Compute m = m**(r-1) mod n
return self.key._unblind(mp, r)
RSA: Unify interface to GMP ("_fastmath") and pure python ("_slowmath") implementations This commit adds a new module called "_slowmath", which mirrors the RSA portions of _fastmath. A single, unified interface is layered on top of it. This should help avoid any inconsistencies between the _fastmath and the _slowmath code paths. Also, users no longer need to specify an empty second parameter ("K") to rsaObj.encrypt(), and specifying a non-empty second parameter results in a DeprecationWarning. Using the RSA primitive is now as simple as: from Crypto.PublicKey import RSA rsaObj = RSA.generate(2048) # randomly generate a 2048-bit RSA key (ciphertext,) = rsaObj.encrypt("message") Note that this is still just the RSA _primitive_. PKCS#1 padding will come later.
2008-09-18 21:42:28 -04:00
def has_private(self):
return self.key.has_private()
def size(self):
return self.key.size()
Clean up Crypto.PublicKey module This patch does a few things to simplify the public key classes (RSA, DSA and ElGamal): * It removes the Crypto.PublicKey.pubkey module. The 3 classes do not have an ancestor anymore. * Methods sign(), verify(), encrypt(), and decrypt() are removed. * Methods blind() and unblind() are removed. * Methods can_sign() and can_encrypt() are removed. * The 3 classes cannot be pickled anymore.
2014-06-16 21:42:39 +02:00
def publickey(self):
return self.implementation.construct((self.key.n, self.key.e))
RSA: Unify interface to GMP ("_fastmath") and pure python ("_slowmath") implementations This commit adds a new module called "_slowmath", which mirrors the RSA portions of _fastmath. A single, unified interface is layered on top of it. This should help avoid any inconsistencies between the _fastmath and the _slowmath code paths. Also, users no longer need to specify an empty second parameter ("K") to rsaObj.encrypt(), and specifying a non-empty second parameter results in a DeprecationWarning. Using the RSA primitive is now as simple as: from Crypto.PublicKey import RSA rsaObj = RSA.generate(2048) # randomly generate a 2048-bit RSA key (ciphertext,) = rsaObj.encrypt("message") Note that this is still just the RSA _primitive_. PKCS#1 padding will come later.
2008-09-18 21:42:28 -04:00
Clean up Crypto.PublicKey module This patch does a few things to simplify the public key classes (RSA, DSA and ElGamal): * It removes the Crypto.PublicKey.pubkey module. The 3 classes do not have an ancestor anymore. * Methods sign(), verify(), encrypt(), and decrypt() are removed. * Methods blind() and unblind() are removed. * Methods can_sign() and can_encrypt() are removed. * The 3 classes cannot be pickled anymore.
2014-06-16 21:42:39 +02:00
def __eq__(self, other):
if bool(self.has_private()) != bool(other.has_private()):
return False
RSA: Unify interface to GMP ("_fastmath") and pure python ("_slowmath") implementations This commit adds a new module called "_slowmath", which mirrors the RSA portions of _fastmath. A single, unified interface is layered on top of it. This should help avoid any inconsistencies between the _fastmath and the _slowmath code paths. Also, users no longer need to specify an empty second parameter ("K") to rsaObj.encrypt(), and specifying a non-empty second parameter results in a DeprecationWarning. Using the RSA primitive is now as simple as: from Crypto.PublicKey import RSA rsaObj = RSA.generate(2048) # randomly generate a 2048-bit RSA key (ciphertext,) = rsaObj.encrypt("message") Note that this is still just the RSA _primitive_. PKCS#1 padding will come later.
2008-09-18 21:42:28 -04:00
Clean up Crypto.PublicKey module This patch does a few things to simplify the public key classes (RSA, DSA and ElGamal): * It removes the Crypto.PublicKey.pubkey module. The 3 classes do not have an ancestor anymore. * Methods sign(), verify(), encrypt(), and decrypt() are removed. * Methods blind() and unblind() are removed. * Methods can_sign() and can_encrypt() are removed. * The 3 classes cannot be pickled anymore.
2014-06-16 21:42:39 +02:00
result = True
for comp in self._keydata:
result = result and (getattr(self.key, comp, None) ==
getattr(other.key, comp, None))
return result
RSA: Unify interface to GMP ("_fastmath") and pure python ("_slowmath") implementations This commit adds a new module called "_slowmath", which mirrors the RSA portions of _fastmath. A single, unified interface is layered on top of it. This should help avoid any inconsistencies between the _fastmath and the _slowmath code paths. Also, users no longer need to specify an empty second parameter ("K") to rsaObj.encrypt(), and specifying a non-empty second parameter results in a DeprecationWarning. Using the RSA primitive is now as simple as: from Crypto.PublicKey import RSA rsaObj = RSA.generate(2048) # randomly generate a 2048-bit RSA key (ciphertext,) = rsaObj.encrypt("message") Note that this is still just the RSA _primitive_. PKCS#1 padding will come later.
2008-09-18 21:42:28 -04:00
Clean up Crypto.PublicKey module This patch does a few things to simplify the public key classes (RSA, DSA and ElGamal): * It removes the Crypto.PublicKey.pubkey module. The 3 classes do not have an ancestor anymore. * Methods sign(), verify(), encrypt(), and decrypt() are removed. * Methods blind() and unblind() are removed. * Methods can_sign() and can_encrypt() are removed. * The 3 classes cannot be pickled anymore.
2014-06-16 21:42:39 +02:00
def __ne__(self, other):
return not self.__eq__(other)
RSA: Unify interface to GMP ("_fastmath") and pure python ("_slowmath") implementations This commit adds a new module called "_slowmath", which mirrors the RSA portions of _fastmath. A single, unified interface is layered on top of it. This should help avoid any inconsistencies between the _fastmath and the _slowmath code paths. Also, users no longer need to specify an empty second parameter ("K") to rsaObj.encrypt(), and specifying a non-empty second parameter results in a DeprecationWarning. Using the RSA primitive is now as simple as: from Crypto.PublicKey import RSA rsaObj = RSA.generate(2048) # randomly generate a 2048-bit RSA key (ciphertext,) = rsaObj.encrypt("message") Note that this is still just the RSA _primitive_. PKCS#1 padding will come later.
2008-09-18 21:42:28 -04:00
def __getstate__(self):
Clean up Crypto.PublicKey module This patch does a few things to simplify the public key classes (RSA, DSA and ElGamal): * It removes the Crypto.PublicKey.pubkey module. The 3 classes do not have an ancestor anymore. * Methods sign(), verify(), encrypt(), and decrypt() are removed. * Methods blind() and unblind() are removed. * Methods can_sign() and can_encrypt() are removed. * The 3 classes cannot be pickled anymore.
2014-06-16 21:42:39 +02:00
# RSA key is not pickable
from pickle import PicklingError
raise PicklingError
RSA: Unify interface to GMP ("_fastmath") and pure python ("_slowmath") implementations This commit adds a new module called "_slowmath", which mirrors the RSA portions of _fastmath. A single, unified interface is layered on top of it. This should help avoid any inconsistencies between the _fastmath and the _slowmath code paths. Also, users no longer need to specify an empty second parameter ("K") to rsaObj.encrypt(), and specifying a non-empty second parameter results in a DeprecationWarning. Using the RSA primitive is now as simple as: from Crypto.PublicKey import RSA rsaObj = RSA.generate(2048) # randomly generate a 2048-bit RSA key (ciphertext,) = rsaObj.encrypt("message") Note that this is still just the RSA _primitive_. PKCS#1 padding will come later.
2008-09-18 21:42:28 -04:00
def __repr__(self):
attrs = []
Clean up Crypto.PublicKey module This patch does a few things to simplify the public key classes (RSA, DSA and ElGamal): * It removes the Crypto.PublicKey.pubkey module. The 3 classes do not have an ancestor anymore. * Methods sign(), verify(), encrypt(), and decrypt() are removed. * Methods blind() and unblind() are removed. * Methods can_sign() and can_encrypt() are removed. * The 3 classes cannot be pickled anymore.
2014-06-16 21:42:39 +02:00
for k in self._keydata:
RSA: Unify interface to GMP ("_fastmath") and pure python ("_slowmath") implementations This commit adds a new module called "_slowmath", which mirrors the RSA portions of _fastmath. A single, unified interface is layered on top of it. This should help avoid any inconsistencies between the _fastmath and the _slowmath code paths. Also, users no longer need to specify an empty second parameter ("K") to rsaObj.encrypt(), and specifying a non-empty second parameter results in a DeprecationWarning. Using the RSA primitive is now as simple as: from Crypto.PublicKey import RSA rsaObj = RSA.generate(2048) # randomly generate a 2048-bit RSA key (ciphertext,) = rsaObj.encrypt("message") Note that this is still just the RSA _primitive_. PKCS#1 padding will come later.
2008-09-18 21:42:28 -04:00
if k == 'n':
attrs.append("n(%d)" % (self.size()+1,))
elif hasattr(self.key, k):
attrs.append(k)
if self.has_private():
attrs.append("private")
Changes to allow pycrpyto to work on Python 3.x as well as 2.1 through 2.7
2010-12-28 16:26:52 -05:00
# PY3K: This is meant to be text, do not change to bytes (data)
RSA: Unify interface to GMP ("_fastmath") and pure python ("_slowmath") implementations This commit adds a new module called "_slowmath", which mirrors the RSA portions of _fastmath. A single, unified interface is layered on top of it. This should help avoid any inconsistencies between the _fastmath and the _slowmath code paths. Also, users no longer need to specify an empty second parameter ("K") to rsaObj.encrypt(), and specifying a non-empty second parameter results in a DeprecationWarning. Using the RSA primitive is now as simple as: from Crypto.PublicKey import RSA rsaObj = RSA.generate(2048) # randomly generate a 2048-bit RSA key (ciphertext,) = rsaObj.encrypt("message") Note that this is still just the RSA _primitive_. PKCS#1 padding will come later.
2008-09-18 21:42:28 -04:00
return "<%s @0x%x %s>" % (self.__class__.__name__, id(self), ",".join(attrs))
Added support for PKCS#8-encrypted private keys. The patch contains the following changes: - Private RSA keys can be imported/exported in encrypted form, protected according to PKCS#8 and: * PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC. * PBKDF2WithHMAC-SHA1AndAES128-CBC * PBKDF2WithHMAC-SHA1AndAES192-CBC * PBKDF2WithHMAC-SHA1AndAES256-CBC In addition to that, it is possible to import keys i the following weak formats: * pbeWithMD5AndDES-CBC * pbeWithSHA1AndRC2-CBC * pbeWithMD5AndRC2-CBC * pbeWithSHA1AndDES-CBC - The following new module (and 1 new package) are added: * Crypto.Util.Padding for simple padding/unpadding logic * Crypto.IO._PBES for PBE-related PKCS#5 logic * Crypto.IO.PEM for PEM wrapping/unwrapping * Crypto.IO.PKCS8 for PKCS#8 wrapping/unwrapping - All Object ID (OIDs) are now in dotted form to increase readability. - Add AES support to PEM format (decode only). The PEM module can decrypt messages protected with AES-CBC. - Update RSA import test cases. - Updated to PKCS8 test cases
2013-06-15 23:25:49 +02:00
def exportKey(self, format='PEM', passphrase=None, pkcs=1, protection=None):
Added more documentation for the RSA module.
2011-01-21 18:54:53 +01:00
"""Export this RSA key.
Added support for PKCS#8-encrypted private keys. The patch contains the following changes: - Private RSA keys can be imported/exported in encrypted form, protected according to PKCS#8 and: * PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC. * PBKDF2WithHMAC-SHA1AndAES128-CBC * PBKDF2WithHMAC-SHA1AndAES192-CBC * PBKDF2WithHMAC-SHA1AndAES256-CBC In addition to that, it is possible to import keys i the following weak formats: * pbeWithMD5AndDES-CBC * pbeWithSHA1AndRC2-CBC * pbeWithMD5AndRC2-CBC * pbeWithSHA1AndDES-CBC - The following new module (and 1 new package) are added: * Crypto.Util.Padding for simple padding/unpadding logic * Crypto.IO._PBES for PBE-related PKCS#5 logic * Crypto.IO.PEM for PEM wrapping/unwrapping * Crypto.IO.PKCS8 for PKCS#8 wrapping/unwrapping - All Object ID (OIDs) are now in dotted form to increase readability. - Add AES support to PEM format (decode only). The PEM module can decrypt messages protected with AES-CBC. - Update RSA import test cases. - Updated to PKCS8 test cases
2013-06-15 23:25:49 +02:00
:Parameters:
format : string
The format to use for wrapping the key:
Pure tab-to-space conversion with :retab in vim.
2011-01-16 22:05:54 +01:00
Added support for PKCS#8-encrypted private keys. The patch contains the following changes: - Private RSA keys can be imported/exported in encrypted form, protected according to PKCS#8 and: * PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC. * PBKDF2WithHMAC-SHA1AndAES128-CBC * PBKDF2WithHMAC-SHA1AndAES192-CBC * PBKDF2WithHMAC-SHA1AndAES256-CBC In addition to that, it is possible to import keys i the following weak formats: * pbeWithMD5AndDES-CBC * pbeWithSHA1AndRC2-CBC * pbeWithMD5AndRC2-CBC * pbeWithSHA1AndDES-CBC - The following new module (and 1 new package) are added: * Crypto.Util.Padding for simple padding/unpadding logic * Crypto.IO._PBES for PBE-related PKCS#5 logic * Crypto.IO.PEM for PEM wrapping/unwrapping * Crypto.IO.PKCS8 for PKCS#8 wrapping/unwrapping - All Object ID (OIDs) are now in dotted form to increase readability. - Add AES support to PEM format (decode only). The PEM module can decrypt messages protected with AES-CBC. - Update RSA import test cases. - Updated to PKCS8 test cases
2013-06-15 23:25:49 +02:00
- *'DER'*. Binary encoding.
Polished the Crypto.PublicKey page.Added hyperlinks to RFCs.
2012-04-12 23:16:52 +02:00
- *'PEM'*. Textual encoding, done according to `RFC1421`_/`RFC1423`_.
Added support for export and import of unencrypted PKCS#8 keys (with tests). FIX: Certain public exponents were not correctly exported in OpenSSH keys.
2011-10-10 08:11:31 +02:00
- *'OpenSSH'*. Textual encoding, done according to OpenSSH specification.
Only suitable for public keys (not private keys).
Added more documentation for the RSA module.
2011-01-21 18:54:53 +01:00
Added support for PKCS#8-encrypted private keys. The patch contains the following changes: - Private RSA keys can be imported/exported in encrypted form, protected according to PKCS#8 and: * PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC. * PBKDF2WithHMAC-SHA1AndAES128-CBC * PBKDF2WithHMAC-SHA1AndAES192-CBC * PBKDF2WithHMAC-SHA1AndAES256-CBC In addition to that, it is possible to import keys i the following weak formats: * pbeWithMD5AndDES-CBC * pbeWithSHA1AndRC2-CBC * pbeWithMD5AndRC2-CBC * pbeWithSHA1AndDES-CBC - The following new module (and 1 new package) are added: * Crypto.Util.Padding for simple padding/unpadding logic * Crypto.IO._PBES for PBE-related PKCS#5 logic * Crypto.IO.PEM for PEM wrapping/unwrapping * Crypto.IO.PKCS8 for PKCS#8 wrapping/unwrapping - All Object ID (OIDs) are now in dotted form to increase readability. - Add AES support to PEM format (decode only). The PEM module can decrypt messages protected with AES-CBC. - Update RSA import test cases. - Updated to PKCS8 test cases
2013-06-15 23:25:49 +02:00
passphrase : string
For private keys only. The pass phrase used for deriving the encryption
key.
pkcs : integer
For *DER* and *PEM* format only.
The PKCS standard to follow for assembling the components of the key.
You have two choices:
- **1** (default): the public key is embedded into
an X.509 ``SubjectPublicKeyInfo`` DER SEQUENCE.
The private key is embedded into a `PKCS#1`_
``RSAPrivateKey`` DER SEQUENCE.
- **8**: the private key is embedded into a `PKCS#8`_
``PrivateKeyInfo`` DER SEQUENCE. This value cannot be used
for public keys.
protection : string
The encryption scheme to use for protecting the private key.
If ``None`` (default), the behavior depends on ``format``:
- For *DER*, the *PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC*
scheme is used. The following operations are performed:
1. A 16 byte Triple DES key is derived from the passphrase
using `Crypto.Protocol.KDF.PBKDF2` with 8 bytes salt,
and 1 000 iterations of `Crypto.Hash.HMAC`.
2. The private key is encrypted using CBC.
3. The encrypted key is encoded according to PKCS#8.
Added support for pass phrase and DES/3DES encrypted PEM keys, for both import and export.
2011-10-03 23:33:11 +02:00
Added support for PKCS#8-encrypted private keys. The patch contains the following changes: - Private RSA keys can be imported/exported in encrypted form, protected according to PKCS#8 and: * PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC. * PBKDF2WithHMAC-SHA1AndAES128-CBC * PBKDF2WithHMAC-SHA1AndAES192-CBC * PBKDF2WithHMAC-SHA1AndAES256-CBC In addition to that, it is possible to import keys i the following weak formats: * pbeWithMD5AndDES-CBC * pbeWithSHA1AndRC2-CBC * pbeWithMD5AndRC2-CBC * pbeWithSHA1AndDES-CBC - The following new module (and 1 new package) are added: * Crypto.Util.Padding for simple padding/unpadding logic * Crypto.IO._PBES for PBE-related PKCS#5 logic * Crypto.IO.PEM for PEM wrapping/unwrapping * Crypto.IO.PKCS8 for PKCS#8 wrapping/unwrapping - All Object ID (OIDs) are now in dotted form to increase readability. - Add AES support to PEM format (decode only). The PEM module can decrypt messages protected with AES-CBC. - Update RSA import test cases. - Updated to PKCS8 test cases
2013-06-15 23:25:49 +02:00
- For *PEM*, the obsolete PEM encryption scheme is used.
It is based on MD5 for key derivation, and Triple DES for encryption.
Clarification of how RSA keys can be imported/exported
2012-05-18 15:26:58 +02:00
Added support for PKCS#8-encrypted private keys. The patch contains the following changes: - Private RSA keys can be imported/exported in encrypted form, protected according to PKCS#8 and: * PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC. * PBKDF2WithHMAC-SHA1AndAES128-CBC * PBKDF2WithHMAC-SHA1AndAES192-CBC * PBKDF2WithHMAC-SHA1AndAES256-CBC In addition to that, it is possible to import keys i the following weak formats: * pbeWithMD5AndDES-CBC * pbeWithSHA1AndRC2-CBC * pbeWithMD5AndRC2-CBC * pbeWithSHA1AndDES-CBC - The following new module (and 1 new package) are added: * Crypto.Util.Padding for simple padding/unpadding logic * Crypto.IO._PBES for PBE-related PKCS#5 logic * Crypto.IO.PEM for PEM wrapping/unwrapping * Crypto.IO.PKCS8 for PKCS#8 wrapping/unwrapping - All Object ID (OIDs) are now in dotted form to increase readability. - Add AES support to PEM format (decode only). The PEM module can decrypt messages protected with AES-CBC. - Update RSA import test cases. - Updated to PKCS8 test cases
2013-06-15 23:25:49 +02:00
Specifying a value for ``protection`` is only meaningful for PKCS#8
(that is, ``pkcs=8``) and only if a pass phrase is present too.
Clarification of how RSA keys can be imported/exported
2012-05-18 15:26:58 +02:00
Added support for PKCS#8-encrypted private keys. The patch contains the following changes: - Private RSA keys can be imported/exported in encrypted form, protected according to PKCS#8 and: * PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC. * PBKDF2WithHMAC-SHA1AndAES128-CBC * PBKDF2WithHMAC-SHA1AndAES192-CBC * PBKDF2WithHMAC-SHA1AndAES256-CBC In addition to that, it is possible to import keys i the following weak formats: * pbeWithMD5AndDES-CBC * pbeWithSHA1AndRC2-CBC * pbeWithMD5AndRC2-CBC * pbeWithSHA1AndDES-CBC - The following new module (and 1 new package) are added: * Crypto.Util.Padding for simple padding/unpadding logic * Crypto.IO._PBES for PBE-related PKCS#5 logic * Crypto.IO.PEM for PEM wrapping/unwrapping * Crypto.IO.PKCS8 for PKCS#8 wrapping/unwrapping - All Object ID (OIDs) are now in dotted form to increase readability. - Add AES support to PEM format (decode only). The PEM module can decrypt messages protected with AES-CBC. - Update RSA import test cases. - Updated to PKCS8 test cases
2013-06-15 23:25:49 +02:00
The supported schemes for PKCS#8 are listed in the
`Crypto.IO.PKCS8` module (see ``wrap_algo`` parameter).
Added support for export and import of unencrypted PKCS#8 keys (with tests). FIX: Certain public exponents were not correctly exported in OpenSSH keys.
2011-10-10 08:11:31 +02:00
Added support for PKCS#8-encrypted private keys. The patch contains the following changes: - Private RSA keys can be imported/exported in encrypted form, protected according to PKCS#8 and: * PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC. * PBKDF2WithHMAC-SHA1AndAES128-CBC * PBKDF2WithHMAC-SHA1AndAES192-CBC * PBKDF2WithHMAC-SHA1AndAES256-CBC In addition to that, it is possible to import keys i the following weak formats: * pbeWithMD5AndDES-CBC * pbeWithSHA1AndRC2-CBC * pbeWithMD5AndRC2-CBC * pbeWithSHA1AndDES-CBC - The following new module (and 1 new package) are added: * Crypto.Util.Padding for simple padding/unpadding logic * Crypto.IO._PBES for PBE-related PKCS#5 logic * Crypto.IO.PEM for PEM wrapping/unwrapping * Crypto.IO.PKCS8 for PKCS#8 wrapping/unwrapping - All Object ID (OIDs) are now in dotted form to increase readability. - Add AES support to PEM format (decode only). The PEM module can decrypt messages protected with AES-CBC. - Update RSA import test cases. - Updated to PKCS8 test cases
2013-06-15 23:25:49 +02:00
:Return: A byte string with the encoded public or private half
of the key.
Added more documentation for the RSA module.
2011-01-21 18:54:53 +01:00
:Raise ValueError:
Added support for PKCS#8-encrypted private keys. The patch contains the following changes: - Private RSA keys can be imported/exported in encrypted form, protected according to PKCS#8 and: * PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC. * PBKDF2WithHMAC-SHA1AndAES128-CBC * PBKDF2WithHMAC-SHA1AndAES192-CBC * PBKDF2WithHMAC-SHA1AndAES256-CBC In addition to that, it is possible to import keys i the following weak formats: * pbeWithMD5AndDES-CBC * pbeWithSHA1AndRC2-CBC * pbeWithMD5AndRC2-CBC * pbeWithSHA1AndDES-CBC - The following new module (and 1 new package) are added: * Crypto.Util.Padding for simple padding/unpadding logic * Crypto.IO._PBES for PBE-related PKCS#5 logic * Crypto.IO.PEM for PEM wrapping/unwrapping * Crypto.IO.PKCS8 for PKCS#8 wrapping/unwrapping - All Object ID (OIDs) are now in dotted form to increase readability. - Add AES support to PEM format (decode only). The PEM module can decrypt messages protected with AES-CBC. - Update RSA import test cases. - Updated to PKCS8 test cases
2013-06-15 23:25:49 +02:00
When the format is unknown or when you try to encrypt a private
key with *DER* format and PKCS#1.
:attention:
If you don't provide a pass phrase, the private key will be
exported in the clear!
Polished the Crypto.PublicKey page.Added hyperlinks to RFCs.
2012-04-12 23:16:52 +02:00
Clarification of how RSA keys can be imported/exported
2012-05-18 15:26:58 +02:00
.. _RFC1421: http://www.ietf.org/rfc/rfc1421.txt
.. _RFC1423: http://www.ietf.org/rfc/rfc1423.txt
.. _`PKCS#1`: http://www.ietf.org/rfc/rfc3447.txt
.. _`PKCS#8`: http://www.ietf.org/rfc/rfc5208.txt
Pure tab-to-space conversion with :retab in vim.
2011-01-16 22:05:54 +01:00
"""
Merged from upstream (py3k support) and modified so that all unit tests pass.
2011-10-18 23:20:26 +02:00
if passphrase is not None:
passphrase = tobytes(passphrase)
Added support for export of public RSA keys in OpenSSH format
2011-09-21 20:54:17 +02:00
if format=='OpenSSH':
eb = long_to_bytes(self.e)
nb = long_to_bytes(self.n)
Merged from upstream (py3k support) and modified so that all unit tests pass.
2011-10-18 23:20:26 +02:00
if bord(eb[0]) & 0x80: eb=bchr(0x00)+eb
if bord(nb[0]) & 0x80: nb=bchr(0x00)+nb
Return a byte string if format is set to OpenSSH. RSA.exportKey claims to return a byte string, so really return one.
2012-05-28 13:19:22 +02:00
keyparts = [ b('ssh-rsa'), eb, nb ]
keystring = b('').join([ struct.pack(">I",len(kp))+kp for kp in keyparts])
return b('ssh-rsa ')+binascii.b2a_base64(keystring)[:-1]
Added support for export of public RSA keys in OpenSSH format
2011-09-21 20:54:17 +02:00
Added support for export and import of unencrypted PKCS#8 keys (with tests). FIX: Certain public exponents were not correctly exported in OpenSSH keys.
2011-10-10 08:11:31 +02:00
# DER format is always used, even in case of PEM, which simply
# encodes it into BASE64.
Pure tab-to-space conversion with :retab in vim.
2011-01-16 22:05:54 +01:00
if self.has_private():
Added support for PKCS#8-encrypted private keys. The patch contains the following changes: - Private RSA keys can be imported/exported in encrypted form, protected according to PKCS#8 and: * PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC. * PBKDF2WithHMAC-SHA1AndAES128-CBC * PBKDF2WithHMAC-SHA1AndAES192-CBC * PBKDF2WithHMAC-SHA1AndAES256-CBC In addition to that, it is possible to import keys i the following weak formats: * pbeWithMD5AndDES-CBC * pbeWithSHA1AndRC2-CBC * pbeWithMD5AndRC2-CBC * pbeWithSHA1AndDES-CBC - The following new module (and 1 new package) are added: * Crypto.Util.Padding for simple padding/unpadding logic * Crypto.IO._PBES for PBE-related PKCS#5 logic * Crypto.IO.PEM for PEM wrapping/unwrapping * Crypto.IO.PKCS8 for PKCS#8 wrapping/unwrapping - All Object ID (OIDs) are now in dotted form to increase readability. - Add AES support to PEM format (decode only). The PEM module can decrypt messages protected with AES-CBC. - Update RSA import test cases. - Updated to PKCS8 test cases
2013-06-15 23:25:49 +02:00
binary_key = newDerSequence(
0,
self.n,
self.e,
self.d,
self.p,
self.q,
self.d % (self.p-1),
self.d % (self.q-1),
inverse(self.q, self.p)
).encode()
if pkcs==1:
keyType = 'RSA PRIVATE'
if format=='DER' and passphrase:
raise ValueError("PKCS#1 private key cannot be encrypted")
else: # PKCS#8
if format=='PEM' and protection is None:
keyType = 'PRIVATE'
binary_key = PKCS8.wrap(binary_key, oid, None)
else:
keyType = 'ENCRYPTED PRIVATE'
if not protection:
protection = 'PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC'
binary_key = PKCS8.wrap(binary_key, oid, passphrase, protection)
passphrase = None
Pure tab-to-space conversion with :retab in vim.
2011-01-16 22:05:54 +01:00
else:
Added support for PKCS#8-encrypted private keys. The patch contains the following changes: - Private RSA keys can be imported/exported in encrypted form, protected according to PKCS#8 and: * PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC. * PBKDF2WithHMAC-SHA1AndAES128-CBC * PBKDF2WithHMAC-SHA1AndAES192-CBC * PBKDF2WithHMAC-SHA1AndAES256-CBC In addition to that, it is possible to import keys i the following weak formats: * pbeWithMD5AndDES-CBC * pbeWithSHA1AndRC2-CBC * pbeWithMD5AndRC2-CBC * pbeWithSHA1AndDES-CBC - The following new module (and 1 new package) are added: * Crypto.Util.Padding for simple padding/unpadding logic * Crypto.IO._PBES for PBE-related PKCS#5 logic * Crypto.IO.PEM for PEM wrapping/unwrapping * Crypto.IO.PKCS8 for PKCS#8 wrapping/unwrapping - All Object ID (OIDs) are now in dotted form to increase readability. - Add AES support to PEM format (decode only). The PEM module can decrypt messages protected with AES-CBC. - Update RSA import test cases. - Updated to PKCS8 test cases
2013-06-15 23:25:49 +02:00
keyType = "RSA PUBLIC"
binary_key = newDerSequence(
algorithmIdentifier,
newDerBitString(
newDerSequence( self.n, self.e )
)
).encode()
Pure tab-to-space conversion with :retab in vim.
2011-01-16 22:05:54 +01:00
if format=='DER':
Added support for PKCS#8-encrypted private keys. The patch contains the following changes: - Private RSA keys can be imported/exported in encrypted form, protected according to PKCS#8 and: * PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC. * PBKDF2WithHMAC-SHA1AndAES128-CBC * PBKDF2WithHMAC-SHA1AndAES192-CBC * PBKDF2WithHMAC-SHA1AndAES256-CBC In addition to that, it is possible to import keys i the following weak formats: * pbeWithMD5AndDES-CBC * pbeWithSHA1AndRC2-CBC * pbeWithMD5AndRC2-CBC * pbeWithSHA1AndDES-CBC - The following new module (and 1 new package) are added: * Crypto.Util.Padding for simple padding/unpadding logic * Crypto.IO._PBES for PBE-related PKCS#5 logic * Crypto.IO.PEM for PEM wrapping/unwrapping * Crypto.IO.PKCS8 for PKCS#8 wrapping/unwrapping - All Object ID (OIDs) are now in dotted form to increase readability. - Add AES support to PEM format (decode only). The PEM module can decrypt messages protected with AES-CBC. - Update RSA import test cases. - Updated to PKCS8 test cases
2013-06-15 23:25:49 +02:00
return binary_key
Pure tab-to-space conversion with :retab in vim.
2011-01-16 22:05:54 +01:00
if format=='PEM':
Added support for PKCS#8-encrypted private keys. The patch contains the following changes: - Private RSA keys can be imported/exported in encrypted form, protected according to PKCS#8 and: * PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC. * PBKDF2WithHMAC-SHA1AndAES128-CBC * PBKDF2WithHMAC-SHA1AndAES192-CBC * PBKDF2WithHMAC-SHA1AndAES256-CBC In addition to that, it is possible to import keys i the following weak formats: * pbeWithMD5AndDES-CBC * pbeWithSHA1AndRC2-CBC * pbeWithMD5AndRC2-CBC * pbeWithSHA1AndDES-CBC - The following new module (and 1 new package) are added: * Crypto.Util.Padding for simple padding/unpadding logic * Crypto.IO._PBES for PBE-related PKCS#5 logic * Crypto.IO.PEM for PEM wrapping/unwrapping * Crypto.IO.PKCS8 for PKCS#8 wrapping/unwrapping - All Object ID (OIDs) are now in dotted form to increase readability. - Add AES support to PEM format (decode only). The PEM module can decrypt messages protected with AES-CBC. - Update RSA import test cases. - Updated to PKCS8 test cases
2013-06-15 23:25:49 +02:00
pem_str = PEM.encode(binary_key, keyType+" KEY", passphrase, self._randfunc)
return tobytes(pem_str)
Raise a ValueError as documented. Also add a test case for it.
2012-05-28 13:27:42 +02:00
raise ValueError("Unknown key format '%s'. Cannot export the RSA key." % format)
Add ability to export and import RSA keys in DER and PEM format. Typical usage for importing an RSA key: f = file("ssl.pem") key = RSA.importKey(f.read()) f.close() key.verify(hash, signature) Typical usage for exporting an RSA public key: key = RSA.generate(512, randfunc) f = file("ssl.der","w") f.write(key.publickey.exportKey('DER')) f.close() I confirm I am eligible for submitting code to pycrypto according to http://www.dlitz.net/software/pycrypto/submission-requirements/ fetched on 27 December 2009. Committer: Legrandin <gooksankoo@hoiptorrow.mailexpire.com>
2009-12-27 17:26:59 +01:00
RSA: Unify interface to GMP ("_fastmath") and pure python ("_slowmath") implementations This commit adds a new module called "_slowmath", which mirrors the RSA portions of _fastmath. A single, unified interface is layered on top of it. This should help avoid any inconsistencies between the _fastmath and the _slowmath code paths. Also, users no longer need to specify an empty second parameter ("K") to rsaObj.encrypt(), and specifying a non-empty second parameter results in a DeprecationWarning. Using the RSA primitive is now as simple as: from Crypto.PublicKey import RSA rsaObj = RSA.generate(2048) # randomly generate a 2048-bit RSA key (ciphertext,) = rsaObj.encrypt("message") Note that this is still just the RSA _primitive_. PKCS#1 padding will come later.
2008-09-18 21:42:28 -04:00
class RSAImplementation(object):
Added more documentation for the RSA module.
2011-01-21 18:54:53 +01:00
"""
An RSA key factory.
Refreshed documentation for DSA. Minor fixes in RSA documentation.
2012-04-12 00:49:32 +02:00
This class is only internally used to implement the methods of the `Crypto.PublicKey.RSA` module.
Added more documentation for the RSA module.
2011-01-21 18:54:53 +01:00
:sort: __init__,generate,construct,importKey
:undocumented: _g*, _i*
"""
RSA: Unify interface to GMP ("_fastmath") and pure python ("_slowmath") implementations This commit adds a new module called "_slowmath", which mirrors the RSA portions of _fastmath. A single, unified interface is layered on top of it. This should help avoid any inconsistencies between the _fastmath and the _slowmath code paths. Also, users no longer need to specify an empty second parameter ("K") to rsaObj.encrypt(), and specifying a non-empty second parameter results in a DeprecationWarning. Using the RSA primitive is now as simple as: from Crypto.PublicKey import RSA rsaObj = RSA.generate(2048) # randomly generate a 2048-bit RSA key (ciphertext,) = rsaObj.encrypt("message") Note that this is still just the RSA _primitive_. PKCS#1 padding will come later.
2008-09-18 21:42:28 -04:00
def __init__(self, **kwargs):
Added more documentation for the RSA module.
2011-01-21 18:54:53 +01:00
"""Create a new RSA key factory.
:Keywords:
use_fast_math : bool
Specify which mathematic library to use:
- *None* (default). Use fastest math available.
- *True* . Use fast math.
- *False* . Use slow math.
default_randfunc : callable
Specify how to collect random data:
- *None* (default). Use Random.new().read().
Refreshed documentation for DSA. Minor fixes in RSA documentation.
2012-04-12 00:49:32 +02:00
- not *None* . Use the specified function directly.
Added more documentation for the RSA module.
2011-01-21 18:54:53 +01:00
:Raise RuntimeError:
When **use_fast_math** =True but fast math is not available.
"""
RSA: Unify interface to GMP ("_fastmath") and pure python ("_slowmath") implementations This commit adds a new module called "_slowmath", which mirrors the RSA portions of _fastmath. A single, unified interface is layered on top of it. This should help avoid any inconsistencies between the _fastmath and the _slowmath code paths. Also, users no longer need to specify an empty second parameter ("K") to rsaObj.encrypt(), and specifying a non-empty second parameter results in a DeprecationWarning. Using the RSA primitive is now as simple as: from Crypto.PublicKey import RSA rsaObj = RSA.generate(2048) # randomly generate a 2048-bit RSA key (ciphertext,) = rsaObj.encrypt("message") Note that this is still just the RSA _primitive_. PKCS#1 padding will come later.
2008-09-18 21:42:28 -04:00
use_fast_math = kwargs.get('use_fast_math', None)
if use_fast_math is None: # Automatic
if _fastmath is not None:
self._math = _fastmath
else:
self._math = _slowmath
elif use_fast_math: # Explicitly select fast math
if _fastmath is not None:
self._math = _fastmath
else:
raise RuntimeError("fast math module not available")
else: # Explicitly select slow math
self._math = _slowmath
self._default_randfunc = kwargs.get('default_randfunc', None)
self._current_randfunc = None
def _get_randfunc(self, randfunc):
if randfunc is not None:
return randfunc
elif self._current_randfunc is None:
self._current_randfunc = Random.new().read
return self._current_randfunc
Allow RSA to be generated with an arbitary public exponent e. Small fix to importKey documentation (ASN.1 structure names were incorrect for public keys). Factors of an RSA private key are computed from private exponent d (both slowmath and fastmath).
2011-01-17 21:17:19 +01:00
def generate(self, bits, randfunc=None, progress_func=None, e=65537):
Refreshed documentation for RSA. epydoc does not generate documentation for private methods, and inherited ones are made more explicit.
2012-04-10 21:26:33 +02:00
"""Randomly generate a fresh, new RSA key.
Added more documentation for the RSA module.
2011-01-21 18:54:53 +01:00
:Parameters:
bits : int
Key length, or size (in bits) of the RSA modulus.
It must be a multiple of 256, and no smaller than 1024.
Refreshed documentation for DSA. Minor fixes in RSA documentation.
2012-04-12 00:49:32 +02:00
Added more documentation for the RSA module.
2011-01-21 18:54:53 +01:00
randfunc : callable
Random number generation function; it should accept
a single integer N and return a string of random data
N bytes long.
Refreshed documentation for DSA. Minor fixes in RSA documentation.
2012-04-12 00:49:32 +02:00
If not specified, a new one will be instantiated
from ``Crypto.Random``.
Added more documentation for the RSA module.
2011-01-21 18:54:53 +01:00
progress_func : callable
Optional function that will be called with a short string
containing the key parameter currently being generated;
it's useful for interactive applications where a user is
waiting for a key to be generated.
Refreshed documentation for DSA. Minor fixes in RSA documentation.
2012-04-12 00:49:32 +02:00
Added more documentation for the RSA module.
2011-01-21 18:54:53 +01:00
e : int
Public RSA exponent. It must be an odd positive integer.
It is typically a small number with very few ones in its
binary representation.
The default value 65537 (= ``0b10000000000000001`` ) is a safe
choice: other common values are 5, 7, 17, and 257.
:attention: You should always use a cryptographically secure random number generator,
such as the one defined in the ``Crypto.Random`` module; **don't** just use the
current time and the ``random`` module.
:attention: Exponent 3 is also widely used, but it requires very special care when padding
the message.
Refreshed documentation for RSA. epydoc does not generate documentation for private methods, and inherited ones are made more explicit.
2012-04-10 21:26:33 +02:00
:Return: An RSA key object (`_RSAobj`).
Added more documentation for the RSA module.
2011-01-21 18:54:53 +01:00
:Raise ValueError:
When **bits** is too little or not a multiple of 256, or when
**e** is not odd or smaller than 2.
"""
Make RSA.generate raise a more user-friendly exception message when the user tries to generate a bogus-length key. Before this change, doing RSA.generate(128*5) would raise an exception saying: "bits must be multiple of 128 and > 512" This was because getStrongPrime was raising the exception when trying to generate 320-bit primes (which is correct behaviour). Now, we raise a more friendly error message: "RSA modulus length must be a multiple of 256 and > 1024"
2010-08-27 00:13:44 -04:00
if bits < 1024 or (bits & 0xff) != 0:
FIX BUG 702835. When importing an DER RSA private key, u (that is, p^{-1} mod q) must be computed manually. RSA.importKey() also raises a more descriptive exception in case of an unknown key format.
2011-01-16 21:44:10 +01:00
raise ValueError("RSA modulus length must be a multiple of 256 and >= 1024")
Added more documentation for the RSA module.
2011-01-21 18:54:53 +01:00
if e%2==0 or e<3:
raise ValueError("RSA public exponent must be a positive, odd integer larger than 2.")
RSA: Unify interface to GMP ("_fastmath") and pure python ("_slowmath") implementations This commit adds a new module called "_slowmath", which mirrors the RSA portions of _fastmath. A single, unified interface is layered on top of it. This should help avoid any inconsistencies between the _fastmath and the _slowmath code paths. Also, users no longer need to specify an empty second parameter ("K") to rsaObj.encrypt(), and specifying a non-empty second parameter results in a DeprecationWarning. Using the RSA primitive is now as simple as: from Crypto.PublicKey import RSA rsaObj = RSA.generate(2048) # randomly generate a 2048-bit RSA key (ciphertext,) = rsaObj.encrypt("message") Note that this is still just the RSA _primitive_. PKCS#1 padding will come later.
2008-09-18 21:42:28 -04:00
rf = self._get_randfunc(randfunc)
Allow RSA to be generated with an arbitary public exponent e. Small fix to importKey documentation (ASN.1 structure names were incorrect for public keys). Factors of an RSA private key are computed from private exponent d (both slowmath and fastmath).
2011-01-17 21:17:19 +01:00
obj = _RSA.generate_py(bits, rf, progress_func, e) # TODO: Don't use legacy _RSA module
RSA: Unify interface to GMP ("_fastmath") and pure python ("_slowmath") implementations This commit adds a new module called "_slowmath", which mirrors the RSA portions of _fastmath. A single, unified interface is layered on top of it. This should help avoid any inconsistencies between the _fastmath and the _slowmath code paths. Also, users no longer need to specify an empty second parameter ("K") to rsaObj.encrypt(), and specifying a non-empty second parameter results in a DeprecationWarning. Using the RSA primitive is now as simple as: from Crypto.PublicKey import RSA rsaObj = RSA.generate(2048) # randomly generate a 2048-bit RSA key (ciphertext,) = rsaObj.encrypt("message") Note that this is still just the RSA _primitive_. PKCS#1 padding will come later.
2008-09-18 21:42:28 -04:00
key = self._math.rsa_construct(obj.n, obj.e, obj.d, obj.p, obj.q, obj.u)
return _RSAobj(self, key)
Removed support for Python<2.4
2014-06-11 15:46:22 +02:00
def construct(self, tup, consistency_check=True):
Refreshed documentation for RSA. epydoc does not generate documentation for private methods, and inherited ones are made more explicit.
2012-04-10 21:26:33 +02:00
"""Construct an RSA key from a tuple of valid RSA components.
Added more documentation for the RSA module.
2011-01-21 18:54:53 +01:00
The modulus **n** must be the product of two primes.
The public exponent **e** must be odd and larger than 1.
In case of a private key, the following equations must apply:
- e != 1
- p*q = n
- e*d = 1 mod (p-1)(q-1)
- p*u = 1 mod q
:Parameters:
tup : tuple
Removed support for Python<2.4
2014-06-11 15:46:22 +02:00
A tuple of long integers, with at least 2 and no
more than 6 items. The items come in the following order:
1. RSA modulus (n).
2. Public exponent (e).
3. Private exponent (d). Only required if the key is private.
4. First factor of n (p). Optional, but factor q must also
be present.
5. Second factor of n (q). Optional.
6. CRT coefficient, (1/p) mod q (u). Optional.
consistency_check : boolean
If *True*, the library will verify that the provided components
fulfil the main RSA properties.
Add checks to verify correctness of RSA/DSA/ElGamal keys When the various components are assembled into an RSA, DSA or ElGamal key via the construct() method, we must verify as much as possible if the result is indeed a valid key.
2013-06-17 23:25:21 +02:00
:Raise ValueError:
When the key being imported fails the most basic RSA validity checks.
Refreshed documentation for RSA. epydoc does not generate documentation for private methods, and inherited ones are made more explicit.
2012-04-10 21:26:33 +02:00
:Return: An RSA key object (`_RSAobj`).
Added more documentation for the RSA module.
2011-01-21 18:54:53 +01:00
"""
Add checks to verify correctness of RSA/DSA/ElGamal keys When the various components are assembled into an RSA, DSA or ElGamal key via the construct() method, we must verify as much as possible if the result is indeed a valid key.
2013-06-17 23:25:21 +02:00
Clean up Crypto.PublicKey module This patch does a few things to simplify the public key classes (RSA, DSA and ElGamal): * It removes the Crypto.PublicKey.pubkey module. The 3 classes do not have an ancestor anymore. * Methods sign(), verify(), encrypt(), and decrypt() are removed. * Methods blind() and unblind() are removed. * Methods can_sign() and can_encrypt() are removed. * The 3 classes cannot be pickled anymore.
2014-06-16 21:42:39 +02:00
key = self._math.rsa_construct(*map(long, tup))
Add checks to verify correctness of RSA/DSA/ElGamal keys When the various components are assembled into an RSA, DSA or ElGamal key via the construct() method, we must verify as much as possible if the result is indeed a valid key.
2013-06-17 23:25:21 +02:00
Removed support for Python<2.4
2014-06-11 15:46:22 +02:00
fmt_error = False
if consistency_check:
# Modulus and public exponent must be coprime
fmt_error = key.e<=1 or key.e>=key.n
fmt_error |= GCD(key.n, key.e)!=1
# For RSA, modulus must be odd
fmt_error |= not key.n&1
if not fmt_error and hasattr(key, 'd'):
# Modulus and private exponent must be coprime
fmt_error = key.d<=1 or key.d>=key.n
fmt_error |= GCD(key.n, key.d)!=1
# Modulus must be product of 2 primes
fmt_error |= (key.p*key.q != key.n)
fmt_error |= not isPrime(key.p)
fmt_error |= not isPrime(key.q)
# See Carmichael theorem
phi = (key.p-1)*(key.q-1)
lcm = phi // GCD(key.p-1, key.q-1)
fmt_error |= (key.e*key.d % lcm)!=1
if hasattr(key, 'u'):
# CRT coefficient
fmt_error |= key.u<=1 or key.u>=key.q
fmt_error |= (key.p*key.u % key.q)!=1
else:
fmt_error = True
Add checks to verify correctness of RSA/DSA/ElGamal keys When the various components are assembled into an RSA, DSA or ElGamal key via the construct() method, we must verify as much as possible if the result is indeed a valid key.
2013-06-17 23:25:21 +02:00
if fmt_error:
raise ValueError("Invalid RSA key components")
RSA: Unify interface to GMP ("_fastmath") and pure python ("_slowmath") implementations This commit adds a new module called "_slowmath", which mirrors the RSA portions of _fastmath. A single, unified interface is layered on top of it. This should help avoid any inconsistencies between the _fastmath and the _slowmath code paths. Also, users no longer need to specify an empty second parameter ("K") to rsaObj.encrypt(), and specifying a non-empty second parameter results in a DeprecationWarning. Using the RSA primitive is now as simple as: from Crypto.PublicKey import RSA rsaObj = RSA.generate(2048) # randomly generate a 2048-bit RSA key (ciphertext,) = rsaObj.encrypt("message") Note that this is still just the RSA _primitive_. PKCS#1 padding will come later.
2008-09-18 21:42:28 -04:00
return _RSAobj(self, key)
Added support for PKCS#8-encrypted private keys. The patch contains the following changes: - Private RSA keys can be imported/exported in encrypted form, protected according to PKCS#8 and: * PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC. * PBKDF2WithHMAC-SHA1AndAES128-CBC * PBKDF2WithHMAC-SHA1AndAES192-CBC * PBKDF2WithHMAC-SHA1AndAES256-CBC In addition to that, it is possible to import keys i the following weak formats: * pbeWithMD5AndDES-CBC * pbeWithSHA1AndRC2-CBC * pbeWithMD5AndRC2-CBC * pbeWithSHA1AndDES-CBC - The following new module (and 1 new package) are added: * Crypto.Util.Padding for simple padding/unpadding logic * Crypto.IO._PBES for PBE-related PKCS#5 logic * Crypto.IO.PEM for PEM wrapping/unwrapping * Crypto.IO.PKCS8 for PKCS#8 wrapping/unwrapping - All Object ID (OIDs) are now in dotted form to increase readability. - Add AES support to PEM format (decode only). The PEM module can decrypt messages protected with AES-CBC. - Update RSA import test cases. - Updated to PKCS8 test cases
2013-06-15 23:25:49 +02:00
def _importKeyDER(self, extern_key, passphrase=None):
Added more documentation for the RSA module.
2011-01-21 18:54:53 +01:00
"""Import an RSA key (public or private half), encoded in DER form."""
Added support for export and import of unencrypted PKCS#8 keys (with tests). FIX: Certain public exponents were not correctly exported in OpenSSH keys.
2011-10-10 08:11:31 +02:00
try:
Clean up Crypto.PublicKey module This patch does a few things to simplify the public key classes (RSA, DSA and ElGamal): * It removes the Crypto.PublicKey.pubkey module. The 3 classes do not have an ancestor anymore. * Methods sign(), verify(), encrypt(), and decrypt() are removed. * Methods blind() and unblind() are removed. * Methods can_sign() and can_encrypt() are removed. * The 3 classes cannot be pickled anymore.
2014-06-16 21:42:39 +02:00
der = _decode_der(DerSequence, extern_key)
Added support for export and import of unencrypted PKCS#8 keys (with tests). FIX: Certain public exponents were not correctly exported in OpenSSH keys.
2011-10-10 08:11:31 +02:00
# Try PKCS#1 first, for a private key
Added support for PKCS#8-encrypted private keys. The patch contains the following changes: - Private RSA keys can be imported/exported in encrypted form, protected according to PKCS#8 and: * PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC. * PBKDF2WithHMAC-SHA1AndAES128-CBC * PBKDF2WithHMAC-SHA1AndAES192-CBC * PBKDF2WithHMAC-SHA1AndAES256-CBC In addition to that, it is possible to import keys i the following weak formats: * pbeWithMD5AndDES-CBC * pbeWithSHA1AndRC2-CBC * pbeWithMD5AndRC2-CBC * pbeWithSHA1AndDES-CBC - The following new module (and 1 new package) are added: * Crypto.Util.Padding for simple padding/unpadding logic * Crypto.IO._PBES for PBE-related PKCS#5 logic * Crypto.IO.PEM for PEM wrapping/unwrapping * Crypto.IO.PKCS8 for PKCS#8 wrapping/unwrapping - All Object ID (OIDs) are now in dotted form to increase readability. - Add AES support to PEM format (decode only). The PEM module can decrypt messages protected with AES-CBC. - Update RSA import test cases. - Updated to PKCS8 test cases
2013-06-15 23:25:49 +02:00
if len(der) == 9 and der.hasOnlyInts() and der[0] == 0:
Pure tab-to-space conversion with :retab in vim.
2011-01-16 22:05:54 +01:00
# ASN.1 RSAPrivateKey element
Added support for PKCS#8-encrypted private keys. The patch contains the following changes: - Private RSA keys can be imported/exported in encrypted form, protected according to PKCS#8 and: * PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC. * PBKDF2WithHMAC-SHA1AndAES128-CBC * PBKDF2WithHMAC-SHA1AndAES192-CBC * PBKDF2WithHMAC-SHA1AndAES256-CBC In addition to that, it is possible to import keys i the following weak formats: * pbeWithMD5AndDES-CBC * pbeWithSHA1AndRC2-CBC * pbeWithMD5AndRC2-CBC * pbeWithSHA1AndDES-CBC - The following new module (and 1 new package) are added: * Crypto.Util.Padding for simple padding/unpadding logic * Crypto.IO._PBES for PBE-related PKCS#5 logic * Crypto.IO.PEM for PEM wrapping/unwrapping * Crypto.IO.PKCS8 for PKCS#8 wrapping/unwrapping - All Object ID (OIDs) are now in dotted form to increase readability. - Add AES support to PEM format (decode only). The PEM module can decrypt messages protected with AES-CBC. - Update RSA import test cases. - Updated to PKCS8 test cases
2013-06-15 23:25:49 +02:00
del der[6:] # Remove d mod (p-1),
# d mod (q-1), and
# q^{-1} mod p
der.append(inverse(der[4], der[5])) # Add p^{-1} mod q
Pure tab-to-space conversion with :retab in vim.
2011-01-16 22:05:54 +01:00
del der[0] # Remove version
return self.construct(der[:])
Added support for export and import of unencrypted PKCS#8 keys (with tests). FIX: Certain public exponents were not correctly exported in OpenSSH keys.
2011-10-10 08:11:31 +02:00
# Keep on trying PKCS#1, but now for a public key
Added support for PKCS#8-encrypted private keys. The patch contains the following changes: - Private RSA keys can be imported/exported in encrypted form, protected according to PKCS#8 and: * PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC. * PBKDF2WithHMAC-SHA1AndAES128-CBC * PBKDF2WithHMAC-SHA1AndAES192-CBC * PBKDF2WithHMAC-SHA1AndAES256-CBC In addition to that, it is possible to import keys i the following weak formats: * pbeWithMD5AndDES-CBC * pbeWithSHA1AndRC2-CBC * pbeWithMD5AndRC2-CBC * pbeWithSHA1AndDES-CBC - The following new module (and 1 new package) are added: * Crypto.Util.Padding for simple padding/unpadding logic * Crypto.IO._PBES for PBE-related PKCS#5 logic * Crypto.IO.PEM for PEM wrapping/unwrapping * Crypto.IO.PKCS8 for PKCS#8 wrapping/unwrapping - All Object ID (OIDs) are now in dotted form to increase readability. - Add AES support to PEM format (decode only). The PEM module can decrypt messages protected with AES-CBC. - Update RSA import test cases. - Updated to PKCS8 test cases
2013-06-15 23:25:49 +02:00
if len(der) == 2:
try:
# The DER object is an RSAPublicKey SEQUENCE with
# two elements
if der.hasOnlyInts():
return self.construct(der[:])
# The DER object is a SubjectPublicKeyInfo SEQUENCE
# with two elements: an 'algorithmIdentifier' and a
# 'subjectPublicKey'BIT STRING.
# 'algorithmIdentifier' takes the value given at the
# module level.
# 'subjectPublicKey' encapsulates the actual ASN.1
# RSAPublicKey element.
if der[0] == algorithmIdentifier:
Clean up Crypto.PublicKey module This patch does a few things to simplify the public key classes (RSA, DSA and ElGamal): * It removes the Crypto.PublicKey.pubkey module. The 3 classes do not have an ancestor anymore. * Methods sign(), verify(), encrypt(), and decrypt() are removed. * Methods blind() and unblind() are removed. * Methods can_sign() and can_encrypt() are removed. * The 3 classes cannot be pickled anymore.
2014-06-16 21:42:39 +02:00
bitmap = _decode_der(DerBitString, der[1])
rsaPub = _decode_der(DerSequence, bitmap.value)
Added support for PKCS#8-encrypted private keys. The patch contains the following changes: - Private RSA keys can be imported/exported in encrypted form, protected according to PKCS#8 and: * PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC. * PBKDF2WithHMAC-SHA1AndAES128-CBC * PBKDF2WithHMAC-SHA1AndAES192-CBC * PBKDF2WithHMAC-SHA1AndAES256-CBC In addition to that, it is possible to import keys i the following weak formats: * pbeWithMD5AndDES-CBC * pbeWithSHA1AndRC2-CBC * pbeWithMD5AndRC2-CBC * pbeWithSHA1AndDES-CBC - The following new module (and 1 new package) are added: * Crypto.Util.Padding for simple padding/unpadding logic * Crypto.IO._PBES for PBE-related PKCS#5 logic * Crypto.IO.PEM for PEM wrapping/unwrapping * Crypto.IO.PKCS8 for PKCS#8 wrapping/unwrapping - All Object ID (OIDs) are now in dotted form to increase readability. - Add AES support to PEM format (decode only). The PEM module can decrypt messages protected with AES-CBC. - Update RSA import test cases. - Updated to PKCS8 test cases
2013-06-15 23:25:49 +02:00
if len(rsaPub) == 2 and rsaPub.hasOnlyInts():
return self.construct(rsaPub[:])
except (ValueError, EOFError):
pass
Add ability to read in RSA keys from X.509 certs
2014-07-11 22:58:47 +02:00
# Try to see if this is an X.509 certificate
# (Certificate ASN.1 # type)
if len(der) == 3:
try:
# The public key is in tbsCertificate.subjectPublicKeyInfo
x509_tbs_cert = _decode_der(DerSequence, der[0])
index = -1
try:
# The first element of tbsCertificate may be
# the serial number for v1 certificates
_ = x509_tbs_cert[0] + 1
index = 5
except TypeError:
x509_version = DerInteger(explicit=0)
x509_version.decode(x509_tbs_cert[0])
index = 6
if index in (5, 6):
return self._importKeyDER(x509_tbs_cert[index])
except (TypeError, IndexError, ValueError, EOFError):
pass
Added support for PKCS#8-encrypted private keys. The patch contains the following changes: - Private RSA keys can be imported/exported in encrypted form, protected according to PKCS#8 and: * PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC. * PBKDF2WithHMAC-SHA1AndAES128-CBC * PBKDF2WithHMAC-SHA1AndAES192-CBC * PBKDF2WithHMAC-SHA1AndAES256-CBC In addition to that, it is possible to import keys i the following weak formats: * pbeWithMD5AndDES-CBC * pbeWithSHA1AndRC2-CBC * pbeWithMD5AndRC2-CBC * pbeWithSHA1AndDES-CBC - The following new module (and 1 new package) are added: * Crypto.Util.Padding for simple padding/unpadding logic * Crypto.IO._PBES for PBE-related PKCS#5 logic * Crypto.IO.PEM for PEM wrapping/unwrapping * Crypto.IO.PKCS8 for PKCS#8 wrapping/unwrapping - All Object ID (OIDs) are now in dotted form to increase readability. - Add AES support to PEM format (decode only). The PEM module can decrypt messages protected with AES-CBC. - Update RSA import test cases. - Updated to PKCS8 test cases
2013-06-15 23:25:49 +02:00
# Try PKCS#8 (possibly encrypted)
k = PKCS8.unwrap(extern_key, passphrase)
if k[0] == oid:
return self._importKeyDER(k[1], passphrase)
except (ValueError, EOFError):
Added support for export and import of unencrypted PKCS#8 keys (with tests). FIX: Certain public exponents were not correctly exported in OpenSSH keys.
2011-10-10 08:11:31 +02:00
pass
Pure tab-to-space conversion with :retab in vim.
2011-01-16 22:05:54 +01:00
raise ValueError("RSA key format is not supported")
Add ability to export and import RSA keys in DER and PEM format. Typical usage for importing an RSA key: f = file("ssl.pem") key = RSA.importKey(f.read()) f.close() key.verify(hash, signature) Typical usage for exporting an RSA public key: key = RSA.generate(512, randfunc) f = file("ssl.der","w") f.write(key.publickey.exportKey('DER')) f.close() I confirm I am eligible for submitting code to pycrypto according to http://www.dlitz.net/software/pycrypto/submission-requirements/ fetched on 27 December 2009. Committer: Legrandin <gooksankoo@hoiptorrow.mailexpire.com>
2009-12-27 17:26:59 +01:00
Added support for PKCS#8-encrypted private keys. The patch contains the following changes: - Private RSA keys can be imported/exported in encrypted form, protected according to PKCS#8 and: * PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC. * PBKDF2WithHMAC-SHA1AndAES128-CBC * PBKDF2WithHMAC-SHA1AndAES192-CBC * PBKDF2WithHMAC-SHA1AndAES256-CBC In addition to that, it is possible to import keys i the following weak formats: * pbeWithMD5AndDES-CBC * pbeWithSHA1AndRC2-CBC * pbeWithMD5AndRC2-CBC * pbeWithSHA1AndDES-CBC - The following new module (and 1 new package) are added: * Crypto.Util.Padding for simple padding/unpadding logic * Crypto.IO._PBES for PBE-related PKCS#5 logic * Crypto.IO.PEM for PEM wrapping/unwrapping * Crypto.IO.PKCS8 for PKCS#8 wrapping/unwrapping - All Object ID (OIDs) are now in dotted form to increase readability. - Add AES support to PEM format (decode only). The PEM module can decrypt messages protected with AES-CBC. - Update RSA import test cases. - Updated to PKCS8 test cases
2013-06-15 23:25:49 +02:00
def importKey(self, extern_key, passphrase=None):
"""Import an RSA key (public or private half), encoded in standard
form.
Added more documentation for the RSA module.
2011-01-21 18:54:53 +01:00
Added support for PKCS#8-encrypted private keys. The patch contains the following changes: - Private RSA keys can be imported/exported in encrypted form, protected according to PKCS#8 and: * PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC. * PBKDF2WithHMAC-SHA1AndAES128-CBC * PBKDF2WithHMAC-SHA1AndAES192-CBC * PBKDF2WithHMAC-SHA1AndAES256-CBC In addition to that, it is possible to import keys i the following weak formats: * pbeWithMD5AndDES-CBC * pbeWithSHA1AndRC2-CBC * pbeWithMD5AndRC2-CBC * pbeWithSHA1AndDES-CBC - The following new module (and 1 new package) are added: * Crypto.Util.Padding for simple padding/unpadding logic * Crypto.IO._PBES for PBE-related PKCS#5 logic * Crypto.IO.PEM for PEM wrapping/unwrapping * Crypto.IO.PKCS8 for PKCS#8 wrapping/unwrapping - All Object ID (OIDs) are now in dotted form to increase readability. - Add AES support to PEM format (decode only). The PEM module can decrypt messages protected with AES-CBC. - Update RSA import test cases. - Updated to PKCS8 test cases
2013-06-15 23:25:49 +02:00
:Parameter extern_key:
Added more documentation for the RSA module.
2011-01-21 18:54:53 +01:00
The RSA key to import, encoded as a string.
Add ability to export and import RSA keys in DER and PEM format. Typical usage for importing an RSA key: f = file("ssl.pem") key = RSA.importKey(f.read()) f.close() key.verify(hash, signature) Typical usage for exporting an RSA public key: key = RSA.generate(512, randfunc) f = file("ssl.der","w") f.write(key.publickey.exportKey('DER')) f.close() I confirm I am eligible for submitting code to pycrypto according to http://www.dlitz.net/software/pycrypto/submission-requirements/ fetched on 27 December 2009. Committer: Legrandin <gooksankoo@hoiptorrow.mailexpire.com>
2009-12-27 17:26:59 +01:00
Add ability to import RSAPublicKey objects (encoded in DER or PEM)
2012-05-18 20:44:42 +02:00
An RSA public key can be in any of the following formats:
Added support for export and import of unencrypted PKCS#8 keys (with tests). FIX: Certain public exponents were not correctly exported in OpenSSH keys.
2011-10-10 08:11:31 +02:00
Added support for PKCS#8-encrypted private keys. The patch contains the following changes: - Private RSA keys can be imported/exported in encrypted form, protected according to PKCS#8 and: * PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC. * PBKDF2WithHMAC-SHA1AndAES128-CBC * PBKDF2WithHMAC-SHA1AndAES192-CBC * PBKDF2WithHMAC-SHA1AndAES256-CBC In addition to that, it is possible to import keys i the following weak formats: * pbeWithMD5AndDES-CBC * pbeWithSHA1AndRC2-CBC * pbeWithMD5AndRC2-CBC * pbeWithSHA1AndDES-CBC - The following new module (and 1 new package) are added: * Crypto.Util.Padding for simple padding/unpadding logic * Crypto.IO._PBES for PBE-related PKCS#5 logic * Crypto.IO.PEM for PEM wrapping/unwrapping * Crypto.IO.PKCS8 for PKCS#8 wrapping/unwrapping - All Object ID (OIDs) are now in dotted form to increase readability. - Add AES support to PEM format (decode only). The PEM module can decrypt messages protected with AES-CBC. - Update RSA import test cases. - Updated to PKCS8 test cases
2013-06-15 23:25:49 +02:00
- X.509 ``subjectPublicKeyInfo`` DER SEQUENCE (binary or PEM
encoding)
- `PKCS#1`_ ``RSAPublicKey`` DER SEQUENCE (binary or PEM encoding)
Add ability to import RSAPublicKey objects (encoded in DER or PEM)
2012-05-18 20:44:42 +02:00
- OpenSSH (textual public key only)
An RSA private key can be in any of the following formats:
Added support for PKCS#8-encrypted private keys. The patch contains the following changes: - Private RSA keys can be imported/exported in encrypted form, protected according to PKCS#8 and: * PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC. * PBKDF2WithHMAC-SHA1AndAES128-CBC * PBKDF2WithHMAC-SHA1AndAES192-CBC * PBKDF2WithHMAC-SHA1AndAES256-CBC In addition to that, it is possible to import keys i the following weak formats: * pbeWithMD5AndDES-CBC * pbeWithSHA1AndRC2-CBC * pbeWithMD5AndRC2-CBC * pbeWithSHA1AndDES-CBC - The following new module (and 1 new package) are added: * Crypto.Util.Padding for simple padding/unpadding logic * Crypto.IO._PBES for PBE-related PKCS#5 logic * Crypto.IO.PEM for PEM wrapping/unwrapping * Crypto.IO.PKCS8 for PKCS#8 wrapping/unwrapping - All Object ID (OIDs) are now in dotted form to increase readability. - Add AES support to PEM format (decode only). The PEM module can decrypt messages protected with AES-CBC. - Update RSA import test cases. - Updated to PKCS8 test cases
2013-06-15 23:25:49 +02:00
- PKCS#1 ``RSAPrivateKey`` DER SEQUENCE (binary or PEM encoding)
- `PKCS#8`_ ``PrivateKeyInfo`` or ``EncryptedPrivateKeyInfo``
DER SEQUENCE (binary or PEM encoding)
Added support for export and import of unencrypted PKCS#8 keys (with tests). FIX: Certain public exponents were not correctly exported in OpenSSH keys.
2011-10-10 08:11:31 +02:00
- OpenSSH (textual public key only)
Clarification of how RSA keys can be imported/exported
2012-05-18 15:26:58 +02:00
For details about the PEM encoding, see `RFC1421`_/`RFC1423`_.
Added support for PKCS#8-encrypted private keys. The patch contains the following changes: - Private RSA keys can be imported/exported in encrypted form, protected according to PKCS#8 and: * PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC. * PBKDF2WithHMAC-SHA1AndAES128-CBC * PBKDF2WithHMAC-SHA1AndAES192-CBC * PBKDF2WithHMAC-SHA1AndAES256-CBC In addition to that, it is possible to import keys i the following weak formats: * pbeWithMD5AndDES-CBC * pbeWithSHA1AndRC2-CBC * pbeWithMD5AndRC2-CBC * pbeWithSHA1AndDES-CBC - The following new module (and 1 new package) are added: * Crypto.Util.Padding for simple padding/unpadding logic * Crypto.IO._PBES for PBE-related PKCS#5 logic * Crypto.IO.PEM for PEM wrapping/unwrapping * Crypto.IO.PKCS8 for PKCS#8 wrapping/unwrapping - All Object ID (OIDs) are now in dotted form to increase readability. - Add AES support to PEM format (decode only). The PEM module can decrypt messages protected with AES-CBC. - Update RSA import test cases. - Updated to PKCS8 test cases
2013-06-15 23:25:49 +02:00
The private key may be encrypted by means of a certain pass phrase
either at the PEM level or at the PKCS#8 level.
:Type extern_key: string
FIX BUG 702835. When importing an DER RSA private key, u (that is, p^{-1} mod q) must be computed manually. RSA.importKey() also raises a more descriptive exception in case of an unknown key format.
2011-01-16 21:44:10 +01:00
Added support for pass phrase and DES/3DES encrypted PEM keys, for both import and export.
2011-10-03 23:33:11 +02:00
:Parameter passphrase:
Added support for PKCS#8-encrypted private keys. The patch contains the following changes: - Private RSA keys can be imported/exported in encrypted form, protected according to PKCS#8 and: * PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC. * PBKDF2WithHMAC-SHA1AndAES128-CBC * PBKDF2WithHMAC-SHA1AndAES192-CBC * PBKDF2WithHMAC-SHA1AndAES256-CBC In addition to that, it is possible to import keys i the following weak formats: * pbeWithMD5AndDES-CBC * pbeWithSHA1AndRC2-CBC * pbeWithMD5AndRC2-CBC * pbeWithSHA1AndDES-CBC - The following new module (and 1 new package) are added: * Crypto.Util.Padding for simple padding/unpadding logic * Crypto.IO._PBES for PBE-related PKCS#5 logic * Crypto.IO.PEM for PEM wrapping/unwrapping * Crypto.IO.PKCS8 for PKCS#8 wrapping/unwrapping - All Object ID (OIDs) are now in dotted form to increase readability. - Add AES support to PEM format (decode only). The PEM module can decrypt messages protected with AES-CBC. - Update RSA import test cases. - Updated to PKCS8 test cases
2013-06-15 23:25:49 +02:00
In case of an encrypted private key, this is the pass phrase from
which the decryption key is derived.
Added support for pass phrase and DES/3DES encrypted PEM keys, for both import and export.
2011-10-03 23:33:11 +02:00
:Type passphrase: string
Added support for PKCS#8-encrypted private keys. The patch contains the following changes: - Private RSA keys can be imported/exported in encrypted form, protected according to PKCS#8 and: * PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC. * PBKDF2WithHMAC-SHA1AndAES128-CBC * PBKDF2WithHMAC-SHA1AndAES192-CBC * PBKDF2WithHMAC-SHA1AndAES256-CBC In addition to that, it is possible to import keys i the following weak formats: * pbeWithMD5AndDES-CBC * pbeWithSHA1AndRC2-CBC * pbeWithMD5AndRC2-CBC * pbeWithSHA1AndDES-CBC - The following new module (and 1 new package) are added: * Crypto.Util.Padding for simple padding/unpadding logic * Crypto.IO._PBES for PBE-related PKCS#5 logic * Crypto.IO.PEM for PEM wrapping/unwrapping * Crypto.IO.PKCS8 for PKCS#8 wrapping/unwrapping - All Object ID (OIDs) are now in dotted form to increase readability. - Add AES support to PEM format (decode only). The PEM module can decrypt messages protected with AES-CBC. - Update RSA import test cases. - Updated to PKCS8 test cases
2013-06-15 23:25:49 +02:00
Refreshed documentation for RSA. epydoc does not generate documentation for private methods, and inherited ones are made more explicit.
2012-04-10 21:26:33 +02:00
:Return: An RSA key object (`_RSAobj`).
Added support for pass phrase and DES/3DES encrypted PEM keys, for both import and export.
2011-10-03 23:33:11 +02:00
:Raise ValueError/IndexError/TypeError:
Added support for PKCS#8-encrypted private keys. The patch contains the following changes: - Private RSA keys can be imported/exported in encrypted form, protected according to PKCS#8 and: * PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC. * PBKDF2WithHMAC-SHA1AndAES128-CBC * PBKDF2WithHMAC-SHA1AndAES192-CBC * PBKDF2WithHMAC-SHA1AndAES256-CBC In addition to that, it is possible to import keys i the following weak formats: * pbeWithMD5AndDES-CBC * pbeWithSHA1AndRC2-CBC * pbeWithMD5AndRC2-CBC * pbeWithSHA1AndDES-CBC - The following new module (and 1 new package) are added: * Crypto.Util.Padding for simple padding/unpadding logic * Crypto.IO._PBES for PBE-related PKCS#5 logic * Crypto.IO.PEM for PEM wrapping/unwrapping * Crypto.IO.PKCS8 for PKCS#8 wrapping/unwrapping - All Object ID (OIDs) are now in dotted form to increase readability. - Add AES support to PEM format (decode only). The PEM module can decrypt messages protected with AES-CBC. - Update RSA import test cases. - Updated to PKCS8 test cases
2013-06-15 23:25:49 +02:00
When the given key cannot be parsed (possibly because the pass
phrase is wrong).
Polished the Crypto.PublicKey page.Added hyperlinks to RFCs.
2012-04-12 23:16:52 +02:00
.. _RFC1421: http://www.ietf.org/rfc/rfc1421.txt
.. _RFC1423: http://www.ietf.org/rfc/rfc1423.txt
Clarification of how RSA keys can be imported/exported
2012-05-18 15:26:58 +02:00
.. _`PKCS#1`: http://www.ietf.org/rfc/rfc3447.txt
.. _`PKCS#8`: http://www.ietf.org/rfc/rfc5208.txt
Pure tab-to-space conversion with :retab in vim.
2011-01-16 22:05:54 +01:00
"""
Added support for PKCS#8-encrypted private keys. The patch contains the following changes: - Private RSA keys can be imported/exported in encrypted form, protected according to PKCS#8 and: * PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC. * PBKDF2WithHMAC-SHA1AndAES128-CBC * PBKDF2WithHMAC-SHA1AndAES192-CBC * PBKDF2WithHMAC-SHA1AndAES256-CBC In addition to that, it is possible to import keys i the following weak formats: * pbeWithMD5AndDES-CBC * pbeWithSHA1AndRC2-CBC * pbeWithMD5AndRC2-CBC * pbeWithSHA1AndDES-CBC - The following new module (and 1 new package) are added: * Crypto.Util.Padding for simple padding/unpadding logic * Crypto.IO._PBES for PBE-related PKCS#5 logic * Crypto.IO.PEM for PEM wrapping/unwrapping * Crypto.IO.PKCS8 for PKCS#8 wrapping/unwrapping - All Object ID (OIDs) are now in dotted form to increase readability. - Add AES support to PEM format (decode only). The PEM module can decrypt messages protected with AES-CBC. - Update RSA import test cases. - Updated to PKCS8 test cases
2013-06-15 23:25:49 +02:00
extern_key = tobytes(extern_key)
Merged from upstream (py3k support) and modified so that all unit tests pass.
2011-10-18 23:20:26 +02:00
if passphrase is not None:
passphrase = tobytes(passphrase)
Added support for PKCS#8-encrypted private keys. The patch contains the following changes: - Private RSA keys can be imported/exported in encrypted form, protected according to PKCS#8 and: * PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC. * PBKDF2WithHMAC-SHA1AndAES128-CBC * PBKDF2WithHMAC-SHA1AndAES192-CBC * PBKDF2WithHMAC-SHA1AndAES256-CBC In addition to that, it is possible to import keys i the following weak formats: * pbeWithMD5AndDES-CBC * pbeWithSHA1AndRC2-CBC * pbeWithMD5AndRC2-CBC * pbeWithSHA1AndDES-CBC - The following new module (and 1 new package) are added: * Crypto.Util.Padding for simple padding/unpadding logic * Crypto.IO._PBES for PBE-related PKCS#5 logic * Crypto.IO.PEM for PEM wrapping/unwrapping * Crypto.IO.PKCS8 for PKCS#8 wrapping/unwrapping - All Object ID (OIDs) are now in dotted form to increase readability. - Add AES support to PEM format (decode only). The PEM module can decrypt messages protected with AES-CBC. - Update RSA import test cases. - Updated to PKCS8 test cases
2013-06-15 23:25:49 +02:00
if extern_key.startswith(b('-----')):
# This is probably a PEM encoded key.
(der, marker, enc_flag) = PEM.decode(tostr(extern_key), passphrase)
if enc_flag:
passphrase = None
return self._importKeyDER(der, passphrase)
if extern_key.startswith(b('ssh-rsa ')):
Add support for import of OpenSSH public keys
2011-09-21 00:01:36 +02:00
# This is probably an OpenSSH key
Added support for PKCS#8-encrypted private keys. The patch contains the following changes: - Private RSA keys can be imported/exported in encrypted form, protected according to PKCS#8 and: * PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC. * PBKDF2WithHMAC-SHA1AndAES128-CBC * PBKDF2WithHMAC-SHA1AndAES192-CBC * PBKDF2WithHMAC-SHA1AndAES256-CBC In addition to that, it is possible to import keys i the following weak formats: * pbeWithMD5AndDES-CBC * pbeWithSHA1AndRC2-CBC * pbeWithMD5AndRC2-CBC * pbeWithSHA1AndDES-CBC - The following new module (and 1 new package) are added: * Crypto.Util.Padding for simple padding/unpadding logic * Crypto.IO._PBES for PBE-related PKCS#5 logic * Crypto.IO.PEM for PEM wrapping/unwrapping * Crypto.IO.PKCS8 for PKCS#8 wrapping/unwrapping - All Object ID (OIDs) are now in dotted form to increase readability. - Add AES support to PEM format (decode only). The PEM module can decrypt messages protected with AES-CBC. - Update RSA import test cases. - Updated to PKCS8 test cases
2013-06-15 23:25:49 +02:00
keystring = binascii.a2b_base64(extern_key.split(b(' '))[1])
Add support for import of OpenSSH public keys
2011-09-21 00:01:36 +02:00
keyparts = []
Added support for PKCS#8-encrypted private keys. The patch contains the following changes: - Private RSA keys can be imported/exported in encrypted form, protected according to PKCS#8 and: * PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC. * PBKDF2WithHMAC-SHA1AndAES128-CBC * PBKDF2WithHMAC-SHA1AndAES192-CBC * PBKDF2WithHMAC-SHA1AndAES256-CBC In addition to that, it is possible to import keys i the following weak formats: * pbeWithMD5AndDES-CBC * pbeWithSHA1AndRC2-CBC * pbeWithMD5AndRC2-CBC * pbeWithSHA1AndDES-CBC - The following new module (and 1 new package) are added: * Crypto.Util.Padding for simple padding/unpadding logic * Crypto.IO._PBES for PBE-related PKCS#5 logic * Crypto.IO.PEM for PEM wrapping/unwrapping * Crypto.IO.PKCS8 for PKCS#8 wrapping/unwrapping - All Object ID (OIDs) are now in dotted form to increase readability. - Add AES support to PEM format (decode only). The PEM module can decrypt messages protected with AES-CBC. - Update RSA import test cases. - Updated to PKCS8 test cases
2013-06-15 23:25:49 +02:00
while len(keystring) > 4:
l = struct.unpack(">I", keystring[:4])[0]
keyparts.append(keystring[4:4 + l])
keystring = keystring[4 + l:]
Add support for import of OpenSSH public keys
2011-09-21 00:01:36 +02:00
e = bytes_to_long(keyparts[1])
n = bytes_to_long(keyparts[2])
return self.construct([n, e])
Added support for PKCS#8-encrypted private keys. The patch contains the following changes: - Private RSA keys can be imported/exported in encrypted form, protected according to PKCS#8 and: * PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC. * PBKDF2WithHMAC-SHA1AndAES128-CBC * PBKDF2WithHMAC-SHA1AndAES192-CBC * PBKDF2WithHMAC-SHA1AndAES256-CBC In addition to that, it is possible to import keys i the following weak formats: * pbeWithMD5AndDES-CBC * pbeWithSHA1AndRC2-CBC * pbeWithMD5AndRC2-CBC * pbeWithSHA1AndDES-CBC - The following new module (and 1 new package) are added: * Crypto.Util.Padding for simple padding/unpadding logic * Crypto.IO._PBES for PBE-related PKCS#5 logic * Crypto.IO.PEM for PEM wrapping/unwrapping * Crypto.IO.PKCS8 for PKCS#8 wrapping/unwrapping - All Object ID (OIDs) are now in dotted form to increase readability. - Add AES support to PEM format (decode only). The PEM module can decrypt messages protected with AES-CBC. - Update RSA import test cases. - Updated to PKCS8 test cases
2013-06-15 23:25:49 +02:00
if bord(extern_key[0]) == 0x30:
Pure tab-to-space conversion with :retab in vim.
2011-01-16 22:05:54 +01:00
# This is probably a DER encoded key
Added support for PKCS#8-encrypted private keys. The patch contains the following changes: - Private RSA keys can be imported/exported in encrypted form, protected according to PKCS#8 and: * PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC. * PBKDF2WithHMAC-SHA1AndAES128-CBC * PBKDF2WithHMAC-SHA1AndAES192-CBC * PBKDF2WithHMAC-SHA1AndAES256-CBC In addition to that, it is possible to import keys i the following weak formats: * pbeWithMD5AndDES-CBC * pbeWithSHA1AndRC2-CBC * pbeWithMD5AndRC2-CBC * pbeWithSHA1AndDES-CBC - The following new module (and 1 new package) are added: * Crypto.Util.Padding for simple padding/unpadding logic * Crypto.IO._PBES for PBE-related PKCS#5 logic * Crypto.IO.PEM for PEM wrapping/unwrapping * Crypto.IO.PKCS8 for PKCS#8 wrapping/unwrapping - All Object ID (OIDs) are now in dotted form to increase readability. - Add AES support to PEM format (decode only). The PEM module can decrypt messages protected with AES-CBC. - Update RSA import test cases. - Updated to PKCS8 test cases
2013-06-15 23:25:49 +02:00
return self._importKeyDER(extern_key, passphrase)
Pure tab-to-space conversion with :retab in vim.
2011-01-16 22:05:54 +01:00
raise ValueError("RSA key format is not supported")
Add ability to export and import RSA keys in DER and PEM format. Typical usage for importing an RSA key: f = file("ssl.pem") key = RSA.importKey(f.read()) f.close() key.verify(hash, signature) Typical usage for exporting an RSA public key: key = RSA.generate(512, randfunc) f = file("ssl.der","w") f.write(key.publickey.exportKey('DER')) f.close() I confirm I am eligible for submitting code to pycrypto according to http://www.dlitz.net/software/pycrypto/submission-requirements/ fetched on 27 December 2009. Committer: Legrandin <gooksankoo@hoiptorrow.mailexpire.com>
2009-12-27 17:26:59 +01:00
Added support for PKCS#8-encrypted private keys. The patch contains the following changes: - Private RSA keys can be imported/exported in encrypted form, protected according to PKCS#8 and: * PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC. * PBKDF2WithHMAC-SHA1AndAES128-CBC * PBKDF2WithHMAC-SHA1AndAES192-CBC * PBKDF2WithHMAC-SHA1AndAES256-CBC In addition to that, it is possible to import keys i the following weak formats: * pbeWithMD5AndDES-CBC * pbeWithSHA1AndRC2-CBC * pbeWithMD5AndRC2-CBC * pbeWithSHA1AndDES-CBC - The following new module (and 1 new package) are added: * Crypto.Util.Padding for simple padding/unpadding logic * Crypto.IO._PBES for PBE-related PKCS#5 logic * Crypto.IO.PEM for PEM wrapping/unwrapping * Crypto.IO.PKCS8 for PKCS#8 wrapping/unwrapping - All Object ID (OIDs) are now in dotted form to increase readability. - Add AES support to PEM format (decode only). The PEM module can decrypt messages protected with AES-CBC. - Update RSA import test cases. - Updated to PKCS8 test cases
2013-06-15 23:25:49 +02:00
#: `Object ID`_ for the RSA encryption algorithm. This OID often indicates
#: a generic RSA key, even when such key will be actually used for digital
#: signatures.
#:
#: .. _`Object ID`: http://www.alvestrand.no/objectid/1.2.840.113549.1.1.1.html
oid = "1.2.840.113549.1.1.1"
#: This is the standard DER object that qualifies a cryptographic algorithm
#: in ASN.1-based data structures (e.g. X.509 certificates).
Added support for export and import of unencrypted PKCS#8 keys (with tests). FIX: Certain public exponents were not correctly exported in OpenSSH keys.
2011-10-10 08:11:31 +02:00
algorithmIdentifier = DerSequence(
Added support for PKCS#8-encrypted private keys. The patch contains the following changes: - Private RSA keys can be imported/exported in encrypted form, protected according to PKCS#8 and: * PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC. * PBKDF2WithHMAC-SHA1AndAES128-CBC * PBKDF2WithHMAC-SHA1AndAES192-CBC * PBKDF2WithHMAC-SHA1AndAES256-CBC In addition to that, it is possible to import keys i the following weak formats: * pbeWithMD5AndDES-CBC * pbeWithSHA1AndRC2-CBC * pbeWithMD5AndRC2-CBC * pbeWithSHA1AndDES-CBC - The following new module (and 1 new package) are added: * Crypto.Util.Padding for simple padding/unpadding logic * Crypto.IO._PBES for PBE-related PKCS#5 logic * Crypto.IO.PEM for PEM wrapping/unwrapping * Crypto.IO.PKCS8 for PKCS#8 wrapping/unwrapping - All Object ID (OIDs) are now in dotted form to increase readability. - Add AES support to PEM format (decode only). The PEM module can decrypt messages protected with AES-CBC. - Update RSA import test cases. - Updated to PKCS8 test cases
2013-06-15 23:25:49 +02:00
[DerObjectId(oid).encode(), # algorithm field
DerNull().encode()] # parameters field
Added support for export and import of unencrypted PKCS#8 keys (with tests). FIX: Certain public exponents were not correctly exported in OpenSSH keys.
2011-10-10 08:11:31 +02:00
).encode()
Add checks to verify correctness of RSA/DSA/ElGamal keys When the various components are assembled into an RSA, DSA or ElGamal key via the construct() method, we must verify as much as possible if the result is indeed a valid key.
2013-06-17 23:25:21 +02:00
RSA: Unify interface to GMP ("_fastmath") and pure python ("_slowmath") implementations This commit adds a new module called "_slowmath", which mirrors the RSA portions of _fastmath. A single, unified interface is layered on top of it. This should help avoid any inconsistencies between the _fastmath and the _slowmath code paths. Also, users no longer need to specify an empty second parameter ("K") to rsaObj.encrypt(), and specifying a non-empty second parameter results in a DeprecationWarning. Using the RSA primitive is now as simple as: from Crypto.PublicKey import RSA rsaObj = RSA.generate(2048) # randomly generate a 2048-bit RSA key (ciphertext,) = rsaObj.encrypt("message") Note that this is still just the RSA _primitive_. PKCS#1 padding will come later.
2008-09-18 21:42:28 -04:00
_impl = RSAImplementation()
Added more documentation for the RSA module.
2011-01-21 18:54:53 +01:00
#:
#: Randomly generate a fresh, new RSA key object.
#:
#: See `RSAImplementation.generate`.
#:
RSA: Unify interface to GMP ("_fastmath") and pure python ("_slowmath") implementations This commit adds a new module called "_slowmath", which mirrors the RSA portions of _fastmath. A single, unified interface is layered on top of it. This should help avoid any inconsistencies between the _fastmath and the _slowmath code paths. Also, users no longer need to specify an empty second parameter ("K") to rsaObj.encrypt(), and specifying a non-empty second parameter results in a DeprecationWarning. Using the RSA primitive is now as simple as: from Crypto.PublicKey import RSA rsaObj = RSA.generate(2048) # randomly generate a 2048-bit RSA key (ciphertext,) = rsaObj.encrypt("message") Note that this is still just the RSA _primitive_. PKCS#1 padding will come later.
2008-09-18 21:42:28 -04:00
generate = _impl.generate
Added more documentation for the RSA module.
2011-01-21 18:54:53 +01:00
#:
#: Construct an RSA key object from a tuple of valid RSA components.
#:
#: See `RSAImplementation.construct`.
#:
RSA: Unify interface to GMP ("_fastmath") and pure python ("_slowmath") implementations This commit adds a new module called "_slowmath", which mirrors the RSA portions of _fastmath. A single, unified interface is layered on top of it. This should help avoid any inconsistencies between the _fastmath and the _slowmath code paths. Also, users no longer need to specify an empty second parameter ("K") to rsaObj.encrypt(), and specifying a non-empty second parameter results in a DeprecationWarning. Using the RSA primitive is now as simple as: from Crypto.PublicKey import RSA rsaObj = RSA.generate(2048) # randomly generate a 2048-bit RSA key (ciphertext,) = rsaObj.encrypt("message") Note that this is still just the RSA _primitive_. PKCS#1 padding will come later.
2008-09-18 21:42:28 -04:00
construct = _impl.construct
Added more documentation for the RSA module.
2011-01-21 18:54:53 +01:00
#:
#: Import an RSA key (public or private half), encoded in standard form.
#:
#: See `RSAImplementation.importKey`.
#:
Add ability to export and import RSA keys in DER and PEM format. Typical usage for importing an RSA key: f = file("ssl.pem") key = RSA.importKey(f.read()) f.close() key.verify(hash, signature) Typical usage for exporting an RSA public key: key = RSA.generate(512, randfunc) f = file("ssl.der","w") f.write(key.publickey.exportKey('DER')) f.close() I confirm I am eligible for submitting code to pycrypto according to http://www.dlitz.net/software/pycrypto/submission-requirements/ fetched on 27 December 2009. Committer: Legrandin <gooksankoo@hoiptorrow.mailexpire.com>
2009-12-27 17:26:59 +01:00
importKey = _impl.importKey
RSA: Unify interface to GMP ("_fastmath") and pure python ("_slowmath") implementations This commit adds a new module called "_slowmath", which mirrors the RSA portions of _fastmath. A single, unified interface is layered on top of it. This should help avoid any inconsistencies between the _fastmath and the _slowmath code paths. Also, users no longer need to specify an empty second parameter ("K") to rsaObj.encrypt(), and specifying a non-empty second parameter results in a DeprecationWarning. Using the RSA primitive is now as simple as: from Crypto.PublicKey import RSA rsaObj = RSA.generate(2048) # randomly generate a 2048-bit RSA key (ciphertext,) = rsaObj.encrypt("message") Note that this is still just the RSA _primitive_. PKCS#1 padding will come later.
2008-09-18 21:42:28 -04:00
# vim:set ts=4 sw=4 sts=4 expandtab:
Reference in a new issue Copy permalink