Generating Cryptography Keys in Python
March 27, 2012 at 09:18 AM | categories: Python, SSL, Howto | View CommentsPyOpenSSL may seem like the obvious option when working with cryptography keys in Python but i have found it to have some short coming such as the inability to save both the public and private key in a key pair.
M2Crypto on the other hand allows you to save both keys to either a file or store it in a buffer which is useful if you want to save the keys say to a database.
Examples of M2Crypto usage are hard to come by, hope my few examples will save someone else the effort of searching.
Examples
Generate Key pair in memory
import os from M2Crypto import Rand, RSA, BIO KEY_LENGTH = 1024 def blank_callback(): "Replace the default dashes" return # Random seed Rand.rand_seed (os.urandom (KEY_LENGTH)) # Generate key pair key = RSA.gen_key (KEY_LENGTH, 65537, blank_callback) # Create memory buffers pri_mem = BIO.MemoryBuffer() pub_mem = BIO.MemoryBuffer() # Save keys to buffers key.save_key_bio(pri_mem, None) key.save_pub_key_bio(pub_mem) # Get keys public_key = pub_mem.getvalue() private_key = pri_mem.getvalue()
Generate Key pair to file
from M2Crypto import Rand, RSA KEY_LENGTH = 1024 def blank_callback(): "Replace the default dashes" return # Random seed Rand.rand_seed (os.urandom (KEY_LENGTH)) # Generate key pair key = RSA.gen_key (KEY_LENGTH, 65537, blank_callback) # Non encrypted key key.save_key('user-private.pem', None) # Use a pass phrase to encrypt key #key.save_key('user-private.pem') key.save_pub_key('user-public.pem')
Encrypt a text using a public key
from M2Crypto import RSA # Load the recipients public key writer = RSA.load_pub_key('user-public.pem') # Encrypt the message cipher = writer.public_encrypt('Secret message', RSA.pkcs1_oaep_padding) # store the encrypted message msg = cipher.encode('base64')
Signing a message
from M2Crypto import RSA, EVP # load private key mykey = RSA.load_key('user-private.pem') # generate a digest thedigest = EVP.MessageDigest('sha1') # update the cipher text thedigest.update(cipher) #sign the message signature = mykey.sign_rsassa_pss(thedigest.digest()) # display the signature print signature.encode('base64')
Decrypt a message
from M2Crypto import RSA mykey = RSA.load_key ('user-private.pem') plaintext = mykey.private_decrypt(cipher, RSA.pkcs1_oaep_padding)
Verify a message
from M2Crypto import RSA, EVP senderkey = RSA.load_pub_key('sender-public.pem') thedigest = EVP.MessageDigest('sha1') thedigest.update(cipher) senderkey.verify_rsassa_pss(thedigest.digest(), signature) == 1
References
blog comments powered by Disqus
About
I am a Sysadmin and programmer, passionate about Open source software A few notable projects i am associated with are:
Contact
topdog at fedoraproject.organdrew at topdog.za.net
Follow me on Twitter
Latest blog posts
Categories
- Book review (rss) (10)
- CCSP (rss) (1)
- Centos (rss) (16)
- Certification (rss) (1)
- Cisco (rss) (1)
- CouchDB (rss) (1)
- Cyrus (rss) (2)
- DHCP (rss) (2)
- DKIM (rss) (2)
- DLNA (rss) (2)
- DNS (rss) (2)
- Domainkeys (rss) (1)
- Email (rss) (11)
- Exim (rss) (7)
- Fedora (rss) (1)
- Horde (rss) (2)
- Howto (rss) (29)
- IPSEC (rss) (6)
- IPv6 (rss) (1)
- Kickstart (rss) (1)
- Links (rss) (2)
- Linux (rss) (25)
- Mac OS X (rss) (6)
- Markdown (rss) (1)
- Mediaplayer (rss) (2)
- PHP (rss) (1)
- PS3 (rss) (2)
- Postfix (rss) (6)
- Projects (rss) (1)
- PyMYSK (rss) (14)
- Python (rss) (19)
- RHEL (rss) (7)
- SSL (rss) (2)
- Security (rss) (13)
- Sysadmin (rss) (16)
- Tips (rss) (28)
- Ubuntu (rss) (2)
- Unix (rss) (4)
Archives
- February 2014 (1)
- December 2013 (1)
- September 2013 (1)
- March 2013 (1)
- February 2013 (2)
- January 2013 (4)
- November 2012 (3)
- October 2012 (2)
- September 2012 (5)
- August 2012 (7)
- July 2012 (1)
- June 2012 (2)
- May 2012 (9)
- April 2012 (17)
- March 2012 (4)
- August 2010 (1)
- March 2009 (4)
- January 2009 (2)
- August 2008 (1)
- June 2008 (1)
- March 2008 (1)
- February 2008 (2)
- January 2008 (1)
