本文整理汇总了Python中cryptography.hazmat.primitives.asymmetric.padding.MGF1属性的典型用法代码示例。如果您正苦于以下问题:Python padding.MGF1属性的具体用法?Python padding.MGF1怎么用?Python padding.MGF1使用的例子?那么恭喜您, 这里精选的属性代码示例或许可以为您提供帮助。您也可以进一步了解该属性所在类cryptography.hazmat.primitives.asymmetric.padding的用法示例。
在下文中一共展示了padding.MGF1属性的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: rsa_encrypt
# 需要导入模块: from cryptography.hazmat.primitives.asymmetric import padding [as 别名]
# 或者: from cryptography.hazmat.primitives.asymmetric.padding import MGF1 [as 别名]
def rsa_encrypt(data, pem, b64_encode=True):
"""
rsa 加密
:param data: 待加密字符串/binary
:param pem: RSA public key 内容/binary
:param b64_encode: 是否对输出进行 base64 encode
:return: 如果 b64_encode=True 的话,返回加密并 base64 处理后的 string;否则返回加密后的 binary
"""
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import padding
encoded_data = to_binary(data)
pem = to_binary(pem)
public_key = serialization.load_pem_public_key(pem, backend=default_backend())
encrypted_data = public_key.encrypt(
encoded_data, padding=padding.OAEP(mgf=padding.MGF1(hashes.SHA1()), algorithm=hashes.SHA1(), label=None,),
)
if b64_encode:
encrypted_data = base64.b64encode(encrypted_data).decode("utf-8")
return encrypted_data 示例2: rsa_decrypt
# 需要导入模块: from cryptography.hazmat.primitives.asymmetric import padding [as 别名]
# 或者: from cryptography.hazmat.primitives.asymmetric.padding import MGF1 [as 别名]
def rsa_decrypt(encrypted_data, pem, password=None):
"""
rsa 解密
:param encrypted_data: 待解密 bytes
:param pem: RSA private key 内容/binary
:param password: RSA private key pass phrase
:return: 解密后的 binary
"""
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import padding
encrypted_data = to_binary(encrypted_data)
pem = to_binary(pem)
private_key = serialization.load_pem_private_key(pem, password, backend=default_backend())
data = private_key.decrypt(
encrypted_data, padding=padding.OAEP(mgf=padding.MGF1(hashes.SHA1()), algorithm=hashes.SHA1(), label=None,),
)
return data 示例3: test_create_key_pair_encryption
# 需要导入模块: from cryptography.hazmat.primitives.asymmetric import padding [as 别名]
# 或者: from cryptography.hazmat.primitives.asymmetric.padding import MGF1 [as 别名]
def test_create_key_pair_encryption(self):
private_key_uuid, public_key_uuid = self.key_mgr.create_key_pair(
self.context, 'RSA', 2048)
private_key = self.key_mgr.get(self.context, private_key_uuid)
public_key = self.key_mgr.get(self.context, public_key_uuid)
crypto_private_key = get_cryptography_private_key(private_key)
crypto_public_key = get_cryptography_public_key(public_key)
message = b'secret plaintext'
ciphertext = crypto_public_key.encrypt(
message,
padding.OAEP(
mgf=padding.MGF1(algorithm=hashes.SHA1()),
algorithm=hashes.SHA1(),
label=None))
plaintext = crypto_private_key.decrypt(
ciphertext,
padding.OAEP(
mgf=padding.MGF1(algorithm=hashes.SHA1()),
algorithm=hashes.SHA1(),
label=None))
self.assertEqual(message, plaintext) 示例4: sign
# 需要导入模块: from cryptography.hazmat.primitives.asymmetric import padding [as 别名]
# 或者: from cryptography.hazmat.primitives.asymmetric.padding import MGF1 [as 别名]
def sign(self, s):
"""
Create a signature of the string s
:param s: String to sign
:type s: str
:return: The hexlified and versioned signature of the string
:rtype: str
"""
if not self.private:
log.info('Could not sign message {0!s}, no private key!'.format(s))
# TODO: should we throw an exception in this case?
return ''
signature = self.private.sign(
to_bytes(s),
asym_padding.PSS(
mgf=asym_padding.MGF1(hashes.SHA256()),
salt_length=asym_padding.PSS.MAX_LENGTH),
hashes.SHA256())
res = ':'.join([self.sig_ver, hexlify_and_unicode(signature)])
return res 示例5: sha2_rsa_encrypt
# 需要导入模块: from cryptography.hazmat.primitives.asymmetric import padding [as 别名]
# 或者: from cryptography.hazmat.primitives.asymmetric.padding import MGF1 [as 别名]
def sha2_rsa_encrypt(password, salt, public_key):
"""Encrypt password with salt and public_key.
Used for sha256_password and caching_sha2_password.
"""
if not _have_cryptography:
raise RuntimeError("cryptography is required for sha256_password or caching_sha2_password")
message = _xor_password(password + b'\0', salt)
rsa_key = serialization.load_pem_public_key(public_key, default_backend())
return rsa_key.encrypt(
message,
padding.OAEP(
mgf=padding.MGF1(algorithm=hashes.SHA1()),
algorithm=hashes.SHA1(),
label=None,
),
) 示例6: rsa_verify
# 需要导入模块: from cryptography.hazmat.primitives.asymmetric import padding [as 别名]
# 或者: from cryptography.hazmat.primitives.asymmetric.padding import MGF1 [as 别名]
def rsa_verify(public_key, message, signature):
""" RSA verify message """
try:
public_key.verify(
base64.b64decode(signature),
message,
padding.PSS(
mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH
),
hashes.SHA256()
)
except exceptions.InvalidSignature:
return False
except Exception as e:
raise e
return True 示例7: _get_padding
# 需要导入模块: from cryptography.hazmat.primitives.asymmetric import padding [as 别名]
# 或者: from cryptography.hazmat.primitives.asymmetric.padding import MGF1 [as 别名]
def _get_padding(padStr, mgf=padding.MGF1, h=hashes.SHA256, label=None):
if padStr == "pkcs":
return padding.PKCS1v15()
elif padStr == "pss":
# Can't find where this is written, but we have to use the digest
# size instead of the automatic padding.PSS.MAX_LENGTH.
return padding.PSS(mgf=mgf(h), salt_length=h.digest_size)
elif padStr == "oaep":
return padding.OAEP(mgf=mgf(h), algorithm=h, label=label)
else:
warning("Key.encrypt(): Unknown padding type (%s)", padStr)
return None
#####################################################################
# Asymmetric Cryptography wrappers
#####################################################################
# Make sure that default values are consistent across the whole TLS module,
# lest they be explicitly set to None between cert.py and pkcs1.py. 示例8: getFileSignature
# 需要导入模块: from cryptography.hazmat.primitives.asymmetric import padding [as 别名]
# 或者: from cryptography.hazmat.primitives.asymmetric.padding import MGF1 [as 别名]
def getFileSignature(cls, filename: str, private_key: RSAPrivateKey) -> Optional[str]:
"""Creates the signature for the (hash of the) provided file, given a private key.
:param filename: The file to be signed.
:param private_key: The private key used for signing.
:return: The signature if successful, 'None' otherwise.
"""
file_hash = cls.getFileHash(filename)
if file_hash is None:
return None
try:
file_hash_bytes = base64.b64decode(file_hash)
signature_bytes = private_key.sign(
file_hash_bytes,
padding.PSS(mgf = padding.MGF1(cls.__hash_algorithm), salt_length = padding.PSS.MAX_LENGTH),
Prehashed(cls.__hash_algorithm)
)
return base64.b64encode(signature_bytes).decode("utf-8")
except: # Yes, we do really want this on _every_ exception that might occur.
Logger.logException("e", "Couldn't sign '{0}', no signature generated.".format(filename))
return None 示例9: _verifyFile
# 需要导入模块: from cryptography.hazmat.primitives.asymmetric import padding [as 别名]
# 或者: from cryptography.hazmat.primitives.asymmetric.padding import MGF1 [as 别名]
def _verifyFile(self, filename: str, signature: str) -> bool:
if self._public_key is None:
return False
file_hash = TrustBasics.getFileHash(filename)
if file_hash is None:
return False
try:
signature_bytes = base64.b64decode(signature)
file_hash_bytes = base64.b64decode(file_hash)
self._public_key.verify(
signature_bytes,
file_hash_bytes,
padding.PSS(mgf = padding.MGF1(TrustBasics.getHashAlgorithm()), salt_length = padding.PSS.MAX_LENGTH),
Prehashed(TrustBasics.getHashAlgorithm())
)
return True
except: # Yes, we do really want this on _every_ exception that might occur.
self._violation_handler("Couldn't verify '{0}' with supplied signature.".format(filename))
return False 示例10: encryptClientPrivKey
# 需要导入模块: from cryptography.hazmat.primitives.asymmetric import padding [as 别名]
# 或者: from cryptography.hazmat.primitives.asymmetric.padding import MGF1 [as 别名]
def encryptClientPrivKey(priv_key):
"""Encrypt the Clients private key (given as a str) with the servers public key"""
with open(_helper.path('res/server.public.key'), "rb") as key_file:
public_key = serialization.load_ssh_public_key(
key_file.read(),
backend=default_backend()
)
key_file.close()
cipher = public_key.encrypt(
bytes(priv_key, 'utf-8'),
padding.OAEP(
mgf=padding.MGF1(algorithm=hashes.SHA256()),
algorithm=hashes.SHA1(),
label=None
)
)
_helper.info("Private Client Key is encrypted")
return cipher 示例11: decryptCPriv
# 需要导入模块: from cryptography.hazmat.primitives.asymmetric import padding [as 别名]
# 或者: from cryptography.hazmat.primitives.asymmetric.padding import MGF1 [as 别名]
def decryptCPriv(server_priv, client_private_enc_key_filename):
"Decrypts the clients private key with the servers private key"
with open(client_private_enc_key_filename, 'rb') as x:
to_encrypt = x.read()
x.close()
to_encrypt = to_encrypt.decode('utf-8')
to_encrypt = base64.b64decode(to_encrypt)
to_encrypt = bytes(to_encrypt)
clear_key = server_priv.decrypt(
to_encrypt,
padding.OAEP(
mgf=padding.MGF1(algorithm=hashes.SHA256()),
algorithm=hashes.SHA1(),
label=None
)
)
return clear_key 示例12: update
# 需要导入模块: from cryptography.hazmat.primitives.asymmetric import padding [as 别名]
# 或者: from cryptography.hazmat.primitives.asymmetric.padding import MGF1 [as 别名]
def update(self, data):
ret = b""
if self.cipher is None:
key = os.urandom(16)
nonce = os.urandom(16)
auth_key = os.urandom(32)
self.cipher = Cipher(algorithms.AES(key), modes.CTR(nonce), backend=default_backend()).encryptor()
self.authenticator = HMAC(auth_key, SHA256(), backend=default_backend())
pad = padding.OAEP(mgf=padding.MGF1(algorithm=SHA1()),
algorithm=SHA1(),
label=None)
cipherkey = self.rsa_public_key.encrypt(key + nonce + auth_key, pad)
ret = FILEMAGIC + struct.pack(">H", len(cipherkey)) + cipherkey
cur = self.cipher.update(data)
self.authenticator.update(cur)
if ret:
return ret + cur
else:
return cur 示例13: process_header
# 需要导入模块: from cryptography.hazmat.primitives.asymmetric import padding [as 别名]
# 或者: from cryptography.hazmat.primitives.asymmetric.padding import MGF1 [as 别名]
def process_header(self, data):
if self._cipher_key_len is None:
if data[0:6] != FILEMAGIC:
raise EncryptorError("Invalid magic bytes")
self._cipher_key_len = struct.unpack(">H", data[6:8])[0]
else:
pad = padding.OAEP(mgf=padding.MGF1(algorithm=SHA1()),
algorithm=SHA1(),
label=None)
try:
plainkey = self.rsa_private_key.decrypt(data, pad)
except AssertionError:
raise EncryptorError("Decrypting key data failed")
if len(plainkey) != 64:
raise EncryptorError("Integrity check failed")
key = plainkey[0:16]
nonce = plainkey[16:32]
auth_key = plainkey[32:64]
self._header_size = 8 + len(data)
self.cipher = Cipher(algorithms.AES(key), modes.CTR(nonce), backend=default_backend()).decryptor()
self.authenticator = HMAC(auth_key, SHA256(), backend=default_backend()) 示例14: verify
# 需要导入模块: from cryptography.hazmat.primitives.asymmetric import padding [as 别名]
# 或者: from cryptography.hazmat.primitives.asymmetric.padding import MGF1 [as 别名]
def verify(self, msg, key, sig):
verifier = key.verifier(
sig,
padding.PSS(
mgf=padding.MGF1(self.hash_alg()),
salt_length=self.hash_alg.digest_size
),
self.hash_alg()
)
verifier.update(msg)
try:
verifier.verify()
return True
except InvalidSignature:
return False 示例15: sign
# 需要导入模块: from cryptography.hazmat.primitives.asymmetric import padding [as 别名]
# 或者: from cryptography.hazmat.primitives.asymmetric.padding import MGF1 [as 别名]
def sign(self, msg, key):
return key.sign(
msg,
padding.PSS(
mgf=padding.MGF1(self.hash_alg()),
salt_length=self.hash_alg.digest_size
),
self.hash_alg()
)