Python PKCS1_OAEP.new方法代码示例

# 需要导入模块: from Cryptodome.Cipher import PKCS1_OAEP [as 别名]
# 或者: from Cryptodome.Cipher.PKCS1_OAEP import new [as 别名]
def encrypt(self, plaintext, esn):
        """
        Encrypt the given Plaintext with the encryption key
        :param plaintext:
        :return: Serialized JSON String of the encryption Envelope
        """
        init_vector = get_random_bytes(16)
        cipher = AES.new(self.encryption_key, AES.MODE_CBC, init_vector)
        ciphertext = base64.standard_b64encode(
            cipher.encrypt(Padding.pad(plaintext.encode('utf-8'), 16))).decode('utf-8')
        encryption_envelope = {
            'ciphertext': ciphertext,
            'keyid': '_'.join((esn, str(self.sequence_number))),
            'sha256': 'AA==',
            'iv': base64.standard_b64encode(init_vector).decode('utf-8')
        }
        return json.dumps(encryption_envelope) 

# 需要导入模块: from Cryptodome.Cipher import PKCS1_OAEP [as 别名]
# 或者: from Cryptodome.Cipher.PKCS1_OAEP import new [as 别名]
def decrypt_password(user_conf):
    cipher_text = user_conf["password"]
    encrypted_aes_session_key = user_conf["aes_session_key"]
    cipher_aes_nonce = user_conf["cipher_aes_nonce"]
    tag = user_conf["tag"]

    # Read private key
    with open(os.path.join(os.environ["AZTK_WORKING_DIR"], "id_rsa"), encoding="UTF-8") as f:
        private_key = RSA.import_key(f.read())
    # Decrypt the session key with the public RSA key
    cipher_rsa = PKCS1_OAEP.new(private_key)
    session_key = cipher_rsa.decrypt(encrypted_aes_session_key)

    # Decrypt the data with the AES session key
    cipher_aes = AES.new(session_key, AES.MODE_EAX, cipher_aes_nonce)
    password = cipher_aes.decrypt_and_verify(cipher_text, tag)
    return password.decode("utf-8") 

# 需要导入模块: from Cryptodome.Cipher import PKCS1_OAEP [as 别名]
# 或者: from Cryptodome.Cipher.PKCS1_OAEP import new [as 别名]
def parse_SHAR(chunk, encryption_key, rsa_key):
    # TODO: Fake some data and make a test
    io = BytesIO(chunk.payload)
    id = read_item(io)
    encrypted_key = decode_hex(read_item(io))
    encrypted_name = read_item(io)
    skip_item(io, 2)
    key = read_item(io)

    # Shared folder encryption key might come already in pre-decrypted form,
    # where it's only AES encrypted with the regular encryption key.
    # When the key is blank, then there's a RSA encrypted key, which has to
    # be decrypted first before use.
    if not key:
        key = decode_hex(PKCS1_OAEP.new(rsa_key).decrypt(encrypted_key))
    else:
        key = decode_hex(decode_aes256_plain_auto(key, encryption_key))

    name = decode_aes256_base64_auto(encrypted_name, key)

    # TODO: Return an object, not a dict
    return {'id': id, 'name': name, 'encryption_key': key} 

# 需要导入模块: from Cryptodome.Cipher import PKCS1_OAEP [as 别名]
# 或者: from Cryptodome.Cipher.PKCS1_OAEP import new [as 别名]
def decode_aes256(cipher, iv, data, encryption_key):
    """
    Decrypt AES-256 bytes.
    Allowed ciphers are: :ecb, :cbc.
    If for :ecb iv is not used and should be set to "".
    """
    if cipher == 'cbc':
        aes = AES.new(encryption_key, AES.MODE_CBC, iv)
    elif cipher == 'ecb':
        aes = AES.new(encryption_key, AES.MODE_ECB)
    else:
        raise ValueError('Unknown AES mode')
    d = aes.decrypt(data)
    # http://passingcuriosity.com/2009/aes-encryption-in-python-with-m2crypto/
    unpad = lambda s: s[0:-ord(d[-1:])]
    return unpad(d) 

# 需要导入模块: from Cryptodome.Cipher import PKCS1_OAEP [as 别名]
# 或者: from Cryptodome.Cipher.PKCS1_OAEP import new [as 别名]
def encrypt_file(public_key, src_file, dest_file):
  try:
    with open(src_file) as f:
      rsa_key = RSA.import_key(open(public_key).read())
      session_key = get_random_bytes(16)
      # Encrypt session key
      cipher_rsa = PKCS1_OAEP.new(rsa_key)
      encrypted_session_key = cipher_rsa.encrypt(session_key)
      # Encrypt data
      cipher_aes = AES.new(session_key, AES.MODE_EAX)
      ciphertext, tag = cipher_aes.encrypt_and_digest(f.read().encode("utf-8"))
  except Exception as e:
    print("Unable to encrypt file: {}".format(src_file))
    raise e

  try:
    with open(dest_file, "wb") as f:
      for x in (encrypted_session_key, cipher_aes.nonce, tag, ciphertext):
        f.write(x)
  except Exception as e:
    print("Unable to write output file {}".format(dest_file))
    raise e 

# 需要导入模块: from Cryptodome.Cipher import PKCS1_OAEP [as 别名]
# 或者: from Cryptodome.Cipher.PKCS1_OAEP import new [as 别名]
def testEncrypt1(self):
                # Verify encryption using all test vectors
                for test in self._testData:
                        # Build the key
                        comps = [ int(rws(test[0][x]),16) for x in ('n','e') ]
                        key = RSA.construct(comps)
                        # RNG that takes its random numbers from a pool given
                        # at initialization
                        class randGen:
                            def __init__(self, data):
                                self.data = data
                                self.idx = 0
                            def __call__(self, N):
                                r = self.data[self.idx:N]
                                self.idx += N
                                return r
                        # The real test
                        cipher = PKCS.new(key, test[4], randfunc=randGen(t2b(test[3])))
                        ct = cipher.encrypt(t2b(test[1]))
                        self.assertEqual(ct, t2b(test[2])) 

# 需要导入模块: from Cryptodome.Cipher import PKCS1_OAEP [as 别名]
# 或者: from Cryptodome.Cipher.PKCS1_OAEP import new [as 别名]
def testEncryptDecrypt2(self):
                # Helper function to monitor what's requested from RNG
                global asked
                def localRng(N):
                    global asked
                    asked += N
                    return self.rng(N)
                # Verify that OAEP is friendly to all hashes
                for hashmod in (MD2,MD5,SHA1,SHA256,RIPEMD160):
                    # Verify that encrypt() asks for as many random bytes
                    # as the hash output size
                    asked = 0
                    pt = self.rng(40)
                    cipher = PKCS.new(self.key1024, hashmod, randfunc=localRng)
                    ct = cipher.encrypt(pt)
                    self.assertEqual(cipher.decrypt(ct), pt)
                    self.assertEqual(asked, hashmod.digest_size) 

# 需要导入模块: from Cryptodome.Cipher import PKCS1_OAEP [as 别名]
# 或者: from Cryptodome.Cipher.PKCS1_OAEP import new [as 别名]
def testEncrypt1(self):
                # Verify encryption using all test vectors
                for test in self._testData:
                        # Build the key
                        comps = [ long(rws(test[0][x]),16) for x in ('n','e') ]
                        key = RSA.construct(comps)
                        # RNG that takes its random numbers from a pool given
                        # at initialization
                        class randGen:
                            def __init__(self, data):
                                self.data = data
                                self.idx = 0
                            def __call__(self, N):
                                r = self.data[self.idx:N]
                                self.idx += N
                                return r
                        # The real test
                        cipher = PKCS.new(key, test[4], randfunc=randGen(t2b(test[3])))
                        ct = cipher.encrypt(t2b(test[1]))
                        self.assertEqual(ct, t2b(test[2])) 

# 需要导入模块: from Cryptodome.Cipher import PKCS1_OAEP [as 别名]
# 或者: from Cryptodome.Cipher.PKCS1_OAEP import new [as 别名]
def parse_key_response(self, headerdata):
        # Init Decryption
        enc_key = headerdata['keyresponsedata']['keydata']['encryptionkey']
        hmac_key = headerdata['keyresponsedata']['keydata']['hmackey']
        encrypted_encryption_key = base64.standard_b64decode(enc_key)
        encrypted_sign_key = base64.standard_b64decode(hmac_key)
        cipher_rsa = PKCS1_OAEP.new(self.rsa_key)

        # Decrypt encryption key
        cipher_raw = cipher_rsa.decrypt(encrypted_encryption_key)
        encryption_key_data = json.JSONDecoder().decode(cipher_raw.decode())
        self.encryption_key = self.__base64key_decode(encryption_key_data['k'])

        # Decrypt sign key
        sign_key_raw = cipher_rsa.decrypt(encrypted_sign_key)
        sign_key_data = json.JSONDecoder().decode(sign_key_raw.decode())
        self.sign_key = self.__base64key_decode(sign_key_data['k']) 

# 需要导入模块: from Cryptodome.Cipher import PKCS1_OAEP [as 别名]
# 或者: from Cryptodome.Cipher.PKCS1_OAEP import new [as 别名]
def encrypt(self, data, esn, sequence_number):
        """
        Encrypt the given Plaintext with the encryption key
        :param plaintext:
        :return: Serialized JSON String of the encryption Envelope
        """
        iv = get_random_bytes(16)
        encryption_envelope = {
                'ciphertext': '',
                'keyid': esn + '_' + str(sequence_number),
                'sha256': 'AA==',
                'iv': base64.standard_b64encode(iv).decode('ascii')
        }
        # Padd the plaintext
        plaintext = Padding.pad(data.encode('utf-8'), 16)
        # Encrypt the text
        cipher = AES.new(self.encryption_key, AES.MODE_CBC, iv)
        citext = cipher.encrypt(plaintext)
        encryption_envelope['ciphertext'] = base64.standard_b64encode(citext).decode('ascii')

        return encryption_envelope; 

# 需要导入模块: from Cryptodome.Cipher import PKCS1_OAEP [as 别名]
# 或者: from Cryptodome.Cipher.PKCS1_OAEP import new [as 别名]
def load_crypto_session(self, msl_data=None):
        try:
            self.encryption_key = base64.standard_b64decode(
                msl_data['encryption_key'])
            self.sign_key = base64.standard_b64decode(
                msl_data['sign_key'])
            if not self.encryption_key or not self.sign_key:
                raise MSLError('Missing encryption_key or sign_key')
            self.rsa_key = RSA.importKey(
                base64.standard_b64decode(msl_data['rsa_key']))
        except Exception:  # pylint: disable=broad-except
            common.debug('Generating new RSA keys')
            self.rsa_key = RSA.generate(2048)
            self.encryption_key = None
            self.sign_key = None 

# 需要导入模块: from Cryptodome.Cipher import PKCS1_OAEP [as 别名]
# 或者: from Cryptodome.Cipher.PKCS1_OAEP import new [as 别名]
def decrypt(self, init_vector, ciphertext):
        """Decrypt a ciphertext"""
        cipher = AES.new(self.encryption_key, AES.MODE_CBC, init_vector)
        return Padding.unpad(cipher.decrypt(ciphertext), 16) 

# 需要导入模块: from Cryptodome.Cipher import PKCS1_OAEP [as 别名]
# 或者: from Cryptodome.Cipher.PKCS1_OAEP import new [as 别名]
def sign(self, message):
        """Sign a message"""
        return base64.standard_b64encode(
            HMAC.new(self.sign_key, message.encode('utf-8'), SHA256).digest()).decode('utf-8') 

# 需要导入模块: from Cryptodome.Cipher import PKCS1_OAEP [as 别名]
# 或者: from Cryptodome.Cipher.PKCS1_OAEP import new [as 别名]
def _init_keys(self, key_response_data):
        cipher = PKCS1_OAEP.new(self.rsa_key)
        encrypted_encryption_key = base64.standard_b64decode(
            key_response_data['keydata']['encryptionkey'])
        encrypted_sign_key = base64.standard_b64decode(
            key_response_data['keydata']['hmackey'])
        self.encryption_key = _decrypt_key(encrypted_encryption_key, cipher)
        self.sign_key = _decrypt_key(encrypted_sign_key, cipher) 

# 需要导入模块: from Cryptodome.Cipher import PKCS1_OAEP [as 别名]
# 或者: from Cryptodome.Cipher.PKCS1_OAEP import new [as 别名]
def generate_session_key(hmac_secret=b''):
    """
    :param hmac_secret: optional HMAC
    :type hmac_secret: :class:`bytes`
    :return: (session_key, encrypted_session_key) tuple
    :rtype: :class:`tuple`
    """
    session_key = random_bytes(32)
    encrypted_session_key = PKCS1_OAEP.new(UniverseKey.Public, SHA1)\
                                      .encrypt(session_key + hmac_secret)

    return (session_key, encrypted_session_key)