本文整理汇总了Python中cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey方法的典型用法代码示例。如果您正苦于以下问题:Python dsa.DSAPrivateKey方法的具体用法?Python dsa.DSAPrivateKey怎么用?Python dsa.DSAPrivateKey使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类cryptography.hazmat.primitives.asymmetric.dsa的用法示例。
在下文中一共展示了dsa.DSAPrivateKey方法的6个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: from_cryptography_key
# 需要导入模块: from cryptography.hazmat.primitives.asymmetric import dsa [as 别名]
# 或者: from cryptography.hazmat.primitives.asymmetric.dsa import DSAPrivateKey [as 别名]
def from_cryptography_key(cls, crypto_key):
"""
Construct based on a ``cryptography`` *crypto_key*.
:param crypto_key: A ``cryptography`` key.
:type crypto_key: One of ``cryptography``'s `key interfaces`_.
:rtype: PKey
.. versionadded:: 16.1.0
"""
pkey = cls()
if not isinstance(crypto_key, (rsa.RSAPublicKey, rsa.RSAPrivateKey,
dsa.DSAPublicKey, dsa.DSAPrivateKey)):
raise TypeError("Unsupported key type")
pkey._pkey = crypto_key._evp_pkey
if isinstance(crypto_key, (rsa.RSAPublicKey, dsa.DSAPublicKey)):
pkey._only_public = True
pkey._initialized = True
return pkey 示例2: type
# 需要导入模块: from cryptography.hazmat.primitives.asymmetric import dsa [as 别名]
# 或者: from cryptography.hazmat.primitives.asymmetric.dsa import DSAPrivateKey [as 别名]
def type(self):
"""
Return the type of the object we wrap. Currently this can only be
'RSA', 'DSA', or 'EC'.
@rtype: L{str}
@raises RuntimeError: If the object type is unknown.
"""
if isinstance(
self._keyObject, (rsa.RSAPublicKey, rsa.RSAPrivateKey)):
return 'RSA'
elif isinstance(
self._keyObject, (dsa.DSAPublicKey, dsa.DSAPrivateKey)):
return 'DSA'
elif isinstance(
self._keyObject, (ec.EllipticCurvePublicKey, ec.EllipticCurvePrivateKey)):
return 'EC'
else:
raise RuntimeError(
'unknown type of object: %r' % (self._keyObject,)) 示例3: cache_crls
# 需要导入模块: from cryptography.hazmat.primitives.asymmetric import dsa [as 别名]
# 或者: from cryptography.hazmat.primitives.asymmetric.dsa import DSAPrivateKey [as 别名]
def cache_crls(self, password=None, algorithm=None):
password = password or self.get_password()
ca_key = self.key(password)
if isinstance(ca_key, dsa.DSAPrivateKey) and algorithm is None:
algorithm = hashes.SHA1()
for name, config in ca_settings.CA_CRL_PROFILES.items():
overrides = config.get('OVERRIDES', {}).get(self.serial, {})
if overrides.get('skip'):
continue
algorithm = algorithm or parse_hash_algorithm(overrides.get('algorithm', config.get('algorithm')))
expires = overrides.get('expires', config.get('expires', 86400))
scope = overrides.get('scope', config.get('scope'))
full_name = overrides.get('full_name', config.get('full_name'))
relative_name = overrides.get('relative_name', config.get('relative_name'))
encodings = overrides.get('encodings', config.get('encodings', ['DER', ]))
crl = None # only compute crl when it is actually needed
for encoding in encodings:
encoding = parse_encoding(encoding)
cache_key = get_crl_cache_key(self.serial, algorithm, encoding, scope=scope)
if expires >= 600: # pragma: no branch
# for longer expiries we substract a random value so that regular CRL regeneration is
# distributed a bit
cache_expires = expires - random.randint(1, 5) * 60
if cache.get(cache_key) is None:
if crl is None:
crl = self.get_crl(expires=expires, algorithm=algorithm, password=password,
scope=scope, full_name=full_name, relative_name=relative_name)
encoded_crl = crl.public_bytes(encoding)
cache.set(cache_key, encoded_crl, cache_expires) 示例4: sign_data
# 需要导入模块: from cryptography.hazmat.primitives.asymmetric import dsa [as 别名]
# 或者: from cryptography.hazmat.primitives.asymmetric.dsa import DSAPrivateKey [as 别名]
def sign_data(self, data):
from OpenSSL import crypto
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import dsa, rsa
from cryptography.hazmat.primitives.asymmetric import ec
from cryptography.hazmat.primitives.serialization import load_pem_private_key
private_key_str = self.get_private_key()
# The pyOpenSSL sign operation seems broken and corrupts memory, atleast for EC, so let's use
# the cryptography package instead
# try:
# private_key = OpenSSL.crypto.load_privatekey(OpenSSL.crypto.FILETYPE_PEM,
# private_key_str, '')
# signature = OpenSSL.crypto.sign(private_key,
# data,
# "sha256")
# except Exception as err:
# _log.error("Failed to sign data, err={}".format(err))
# raise
try:
private_key = load_pem_private_key(private_key_str, password=None, backend=default_backend())
if isinstance(private_key, ec.EllipticCurvePrivateKey):
signature = private_key.sign(data, ec.ECDSA(hashes.SHA256()))
elif isinstance(private_key, rsa.RSAPrivateKey):
signature = sign_with_rsa_key(private_key, message)
elif isinstance(private_key, dsa.DSAPrivateKey):
signature = sign_with_dsa_key(private_key, message)
else:
raise TypeError
except Exception as err:
_log.error("Failed to sign data, err={}".format(err))
raise
return signature 示例5: data
# 需要导入模块: from cryptography.hazmat.primitives.asymmetric import dsa [as 别名]
# 或者: from cryptography.hazmat.primitives.asymmetric.dsa import DSAPrivateKey [as 别名]
def data(self):
"""
Return the values of the public key as a dictionary.
@rtype: L{dict}
"""
if isinstance(self._keyObject, rsa.RSAPublicKey):
numbers = self._keyObject.public_numbers()
return {
"n": numbers.n,
"e": numbers.e,
}
elif isinstance(self._keyObject, rsa.RSAPrivateKey):
numbers = self._keyObject.private_numbers()
return {
"n": numbers.public_numbers.n,
"e": numbers.public_numbers.e,
"d": numbers.d,
"p": numbers.p,
"q": numbers.q,
# Use a trick: iqmp is q^-1 % p, u is p^-1 % q
"u": rsa.rsa_crt_iqmp(numbers.q, numbers.p),
}
elif isinstance(self._keyObject, dsa.DSAPublicKey):
numbers = self._keyObject.public_numbers()
return {
"y": numbers.y,
"g": numbers.parameter_numbers.g,
"p": numbers.parameter_numbers.p,
"q": numbers.parameter_numbers.q,
}
elif isinstance(self._keyObject, dsa.DSAPrivateKey):
numbers = self._keyObject.private_numbers()
return {
"x": numbers.x,
"y": numbers.public_numbers.y,
"g": numbers.public_numbers.parameter_numbers.g,
"p": numbers.public_numbers.parameter_numbers.p,
"q": numbers.public_numbers.parameter_numbers.q,
}
elif isinstance(self._keyObject, ec.EllipticCurvePublicKey):
numbers = self._keyObject.public_numbers()
return {
"x": numbers.x,
"y": numbers.y,
"curve": self.sshType(),
}
elif isinstance(self._keyObject, ec.EllipticCurvePrivateKey):
numbers = self._keyObject.private_numbers()
return {
"x": numbers.public_numbers.x,
"y": numbers.public_numbers.y,
"privateValue": numbers.private_value,
"curve": self.sshType(),
}
else:
raise RuntimeError("Unexpected key type: %s" % (self._keyObject,)) 示例6: test_arguments
# 需要导入模块: from cryptography.hazmat.primitives.asymmetric import dsa [as 别名]
# 或者: from cryptography.hazmat.primitives.asymmetric.dsa import DSAPrivateKey [as 别名]
def test_arguments(self):
with self.assertSignal(pre_create_ca) as pre, self.assertSignal(post_create_ca) as post:
out, err = self.init_ca(
algorithm=hashes.SHA1(),
key_type='DSA',
key_size=1024,
expires=self.expires(720),
pathlen=3,
issuer_url='http://issuer.ca.example.com',
issuer_alt_name={'value': ['http://ian.ca.example.com']},
crl_url=['http://crl.example.com'],
ocsp_url='http://ocsp.example.com',
ca_issuer_url='http://ca.issuer.ca.example.com',
permit_name=['DNS:.com'],
exclude_name=['DNS:.net'],
)
self.assertTrue(pre.called)
self.assertEqual(out, '')
self.assertEqual(err, '')
ca = CertificateAuthority.objects.first()
self.assertPostCreateCa(post, ca)
self.assertPrivateKey(ca)
self.assertSerial(ca.serial)
ca.full_clean() # assert e.g. max_length in serials
self.assertSignature([ca], ca)
self.assertEqual(ca.name_constraints, NameConstraints({'value': {
'permitted': ['DNS:.com'],
'excluded': ['DNS:.net']
}}))
# test the private key
key = ca.key(None)
self.assertIsInstance(key, dsa.DSAPrivateKey)
self.assertEqual(key.key_size, 1024)
self.assertTrue(isinstance(ca.x509.signature_hash_algorithm, hashes.SHA1))
self.assertTrue(isinstance(ca.x509.public_key(), dsa.DSAPublicKey))
self.assertIsNone(ca.crl_distribution_points)
self.assertEqual(ca.authority_information_access, AuthorityInformationAccess(
{'value': {'issuers': ['URI:http://ca.issuer.ca.example.com']}}))
self.assertEqual(ca.name_constraints, NameConstraints({'value': {
'permitted': ['DNS:.com'],
'excluded': ['DNS:.net']
}}))
self.assertEqual(ca.pathlen, 3)
self.assertEqual(ca.max_pathlen, 3)
self.assertTrue(ca.allows_intermediate_ca)
self.assertEqual(ca.issuer_url, 'http://issuer.ca.example.com')
self.assertEqual(ca.issuer_alt_name, 'URI:http://ian.ca.example.com')
self.assertEqual(ca.crl_url, 'http://crl.example.com')
self.assertEqual(ca.ocsp_url, 'http://ocsp.example.com')
self.assertIssuer(ca, ca)
self.assertAuthorityKeyIdentifier(ca, ca)