This question already has answers here:
RSA encryption and decryption in Python
(7 answers)
Closed 7 years ago.
I have been using RSA Public/Private Key Pair to encrpyt data:
random_generator = Random.new().read
key = RSA.generate(1024, random_generator)
publickey = key.publickey()
and write it to a file. The probelm I am getting is when I read any file in bytes:
f = open('test','rb')
d = f.read()
enc_data = publickey.encrypt(d,32)
I am getting the encrypted data as a tuple
>>> type(enc_data)
>>> <class 'tuple'>
The problem is when I try to write the encrypted text in any newly created file I am not able to do it in any mode
o = open('out','wb') #same with 'w' mode
o.write(enc_data)
It displays the error:
Traceback (most recent call last):
File "<pyshell#103>", line 1, in <module>
o.write(enc_data)
TypeError: must be str, not tuple
How to get my encrypted data saved?
According to these docs, the encrypt function returns a tuple, where the second value is always None. I'm assuming this is to support backwards compatibility. Try:
enc_data, other = publickey.encrypt(d,32)
Then write enc_data (this is called "ciphertext")
In the future, it would be a good idea to explicitly say what library you are using. Also emcrytp...
Related
I want to hash some 4 digit numbers
but it gives me (object supporting the buffer API required) error
here's my code
import hashlib
import itertools as it
number=[0,1,2,3,4,5,6,7,8,9]
code = hashlib.sha256()
passwords = list(it.permutations(number, 4))
#hpass is hash password
for hpass in passwords :
code.update(passwords)
print(hpass)
and the output is
Traceback (most recent call last):
File "c:\Users\Parsa\Desktop\project\Untitled-2.py", line 11, in <module>
code.update(passwords)
TypeError: object supporting the buffer API required
the update function of hashlib.sha256 instance require the bytes-like object
Update the hash object with the bytes-like object.
https://docs.python.org/3/library/hashlib.html
and also it seems input passwords list at update
It is hard to know the intention of your code.
but I guess you wanna get a set of hashes by 4 digit numbers
if it is right try this.
import hashlib
import itertools as it
number=[0,1,2,3,4,5,6,7,8,9]
passwords = list(it.permutations(number, 4))
# hpass is hash password
for hpass in passwords :
encoded_hpass = ''.join(map(str, hpass)).encode('ascii')
code = hashlib.sha256()
code.update(encoded_hpass)
print(encoded_hpass)
print(code.digest())
Output
b'0123'
b'\x1b\xe2\xe4R\xb4mz\r\x96V\xbb\xb1\xf7h\xe8$\x8e\xba\x1bu\xba\xede\xf5\xd9\x9e\xaf\xa9H\x89\x9aj'
b'0124'
b'\x91\xb1\xe2#\xed\x10?)\x1c\x16v\\\xb2\x01\xa9\xe4\xf2\xc2?\xf4\x05pP\xb9\xfdxW\x1f7:\xce='
b'0125'
b'\x17\x9f\x91-Q]\xdb\x97\xa0\x8f\xee\xb4\xe3v\x99aH\xda;\xb7\xcb]\x97K\x81<\x8a\xfb\xdcaf+'
b'0126'
b'\x9d\xa4\x84d|\xdd\xd7\x98]\x9e\xf5\x06\xf9\xbd\x15\x80\xf5\xa8\xdc\x06R8\xdbp\x1b\xc5~\x08\xa3<\\\xa9'
b'0127'
b'h|\xdf<\xae\xaa\x88\x8b\x00\x0e\xdfJ\x01\xd1(\xe3\xb3 &\xb0O\xe2H\xaa0\xab/\xab\xa6\xd3#3'
b'0128'
b'\xee\xb9\xff>\xa6X,\xe2\xbf\x03\xb9\xbb\xff\x95\x88"\x90\xb8\xa8\xe5(\xa3\x91\xbc5i\x17\x92\x8fr\x1c\x06'
b'0129'
b'-\x90|u\xaa\xb2$\x85\x0bkv\xd1^/\xd4q$\x8e\xdfq]\xe8\xf7\x9d\xc8L-A\x1ff?\x88'
b'0132'
b"\xa7H\x02\x8b\x05\x18\xda\x98\xd8\xd2F\xe6\x1a8\x96\xa6w\x05\x97^'\xc3\xa0B\xb1E\r\xa9\\\xe3\x9bU"
b'0134'
....
I have the following JSON object which represents an RSA256 JWK which obtained from a website:
jwk = {
'e': 'AQAB',
'n': 'sAlE_mzYz-2jf_YpxulSJXv_2CGIquflNZWhXUaU1SkJm9P0riLAuzwK7WT5p0Ko3zmQHho70_7D9nqB01rA4ExrMIDKpprE0Qa7NAJN-kgZhd_A25HsdSfpOfpaLvR-mf9fuOTDPLRQCd5HnrjoQKjs3D_XfPmPnT_Ny5erviiky90GSfN9j2DP_5yeDprzWKF-EQ3EDdIWt3snr7AW8rzBcZ1ojyWxckLAeSKDerMXP-zVBUFJE9Kn60HZoGNvmATKaw8LwEbf8DGfrllgSLvhg7mDRMLlbcooQoWAFSfN7t7kFbPSOcvjrpx3Yw_KrEwBZXeUP3260ukmFOx8RQ',
}
Below is the Perl code showing how a public-key object from the Crypt library can be constructed from the above jwk:
use Crypt::OpenSSL::RSA;
use Crypt::OpenSSL::Bignum;
use MIME::Base64 qw/decode_base64url/;
sub public_key {
my $rsa = Crypt::OpenSSL::RSA->new_key_from_parameters(
Crypt::OpenSSL::Bignum->new_from_bin(decode_base64url($jwk->{n})),
Crypt::OpenSSL::Bignum->new_from_bin(decode_base64url($jwk->{e})),
);
return $rsa->get_public_key_x509_string;
}
Two Questions:
How can I translate the above code into Python? The code below failed.
Once I have the public key object in python, how can I use it to verify a JWT signed by the corresponding private key? Please post a snippet showing exactly how it can be done.
>>> from Crypto.PublicKey import RSA
>>> import base64
>>> public_key = RSA.construct((base64.b64decode(jwk['n']), base64.b64decode(jwk['e'])))
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "my-virtual-env/lib/python2.7/site-packages/Crypto/PublicKey/RSA.py", line 539, in construct
key = self._math.rsa_construct(*tup)
File "my-virtual-env/lib/python2.7/site-packages/Crypto/PublicKey/_slowmath.py", line 84, in rsa_construct
assert isinstance(n, long)
AssertionError
The error is raised because the RSA contructor is expecting 2 long integers and you are using two strings.
The solution is to convert the base64 decoded string into an hexadecimal integer.
from Crypto.PublicKey import RSA
import base64
n = int(base64.b64decode(jwk['n']).encode('hex'),16)
e = int(base64.b64decode(jwk['e']).encode('hex'),16)
e = long(e)
public_key = RSA.construct((n, e))
print(public_key)
Regarding the second question maybe you can use this method to verify the validity of an RSA signature.
I am trying to get a python program that decrypts some Base64-encoded, encrypted using AES-128 in ECB mode, text.
So, I am using this tutorial: http://docs.python-guide.org/en/latest/scenarios/crypto/ to get started.
It contains this code:
from Crypto.Cipher import AES
# Encryption
encryption_suite = AES.new('This is a key123', AES.MODE_CBC, 'This is an IV456')
cipher_text = encryption_suite.encrypt("A really secret message. Not for prying eyes.")
# Decryption
decryption_suite = AES.new('This is a key123', AES.MODE_CBC, 'This is an IV456')
plain_text = decryption_suite.decrypt(cipher_text)
I have copied the code into a aes_2.py file. And, I have run it using: sudo python3 aes_2.py
I get:
Traceback (most recent call last):
File "aes_2.py", line 21, in <module>
cipher_text = encryption_suite.encrypt("A really secret message. Not for prying eyes.")
File "/usr/local/lib/python3.5/dist-packages/Crypto/Cipher/blockalgo.py", line 244, in encrypt
return self._cipher.encrypt(plaintext)
ValueError: Input strings must be a multiple of 16 in length
EDIT 1
I have a file that I was told to decrypt. I was given a key and the file and some specs on the decryption. This site decrypts it: http://aesencryption.net/ when I enter the key, 128 Bit, and the text into the site.
For this code above. I have a couple questions. What should I put for 'This is an IV456' and how do I specify what Bit level it is in this code?
You're using AES.MODE_CBC which means that your input string i.e. 'This is a key123' must be a multiple of 16 bytes.
If you want to continue using this mode then you will need to pad your string. This git repo is a great example of AES encryption using padding in CBC mode.
I'm using python,flask.I'm doing encryption with AES. It works good, I encrypt and decrypt data easly .
To secure the encryption key i moved my encryption key from app form in config file. First I saved a variable in a config file,I declared ENCRYPTION_KEY in config.cfg .
[Encryption]
ENCRYPTION_KEY = b'\xbf\xc0\x85)\x10nc\x94\x02)j\xdf\xcb\xc4\x94\x9d(\x9e[EX\xc8\xd5\xbfI{\xa2$\x05(\xd5\x18'
and then on init file i declared:
app.config['ENCRYPTION_KEY'] = config.get('Encryption', 'ENCRYPTION_KEY')
I tried accessing it from key = flask.config['ENCRYPTION_KEY']. I print key in console just to be sure that the command works:
def encrypt_data(self, form_data):
key = current_app.config['ENCRYPTION_KEY']
print "KEY : " , key
cipher = AES.new(key)
//code...
And in console key is printed:
Now when i try to use this key from config file,i have an error message:
This message appears only because i moved that key in config file, because as I said before i used the same key for the same methods and it works perfectly?
Can anybody help me, why I'm getting this error?
Your use of the ConfigParser module is the cause of the problem. Given the config file shown:
>>> config.get('Encryption', 'ENCRYPTION_KEY')
"b'\\xbf\\xc0\\x85)\\x10nc\\x94\\x02)j\\xdf\\xcb\\xc4\\x94\\x9d(\\x9e[EX\\xc8\\xd5\\xbfI{\\xa2$\\x05(\\xd5\\x18'"
>>> len(config.get('Encryption', 'ENCRYPTION_KEY'))
92
you can see here that ConfigParser simply returns the value associated with the given config variable as text, not as a Python string. Because the config value contains backslash escape sequences, these backslashes are escaped with additional backslashes. This breaks the \x character sequences which then blow out to 4 characters.
The easiest way around this is to use Flask's config files:
config.cfg
ENCRYPTION_KEY = b'\xbf\xc0\x85)\x10nc\x94\x02)j\xdf\xcb\xc4\x94\x9d(\x9e[EX\xc8\xd5\xbfI{\xa2$\x05(\xd5\x18'
>>> import flask
>>> app = flask.Flask('test')
>>> app = flask.Flask('')
>>> app.config.from_pyfile('config.cfg')
True
>>> app.config['ENCRYPTION_KEY']
'\xbf\xc0\x85)\x10nc\x94\x02)j\xdf\xcb\xc4\x94\x9d(\x9e[EX\xc8\xd5\xbfI{\xa2$\x05(\xd5\x18'
>>> len(app.config['ENCRYPTION_KEY'])
32
If you do not want to use Flask's config files your options are (in order of preference):
Use ast.literal_eval() to safely convert the raw string into a Python string:
from ast import literal_eval
app.config['ENCRYPTION_KEY'] = literal_eval(config.get('Encryption', 'ENCRYPTION_KEY'))
Base64 encode the value in the config file, e.g.
[Encryption]
ENCRYPTION_KEY = v8CFKRBuY5QCKWrfy8SUnSieW0VYyNW/SXuiJAUo1Rg=
Then decode it when you access the key:
app.config['ENCRYPTION_KEY'] = config.get('Encryption', 'ENCRYPTION_KEY').decode('base64')
Use eval() to convert the raw string into a Python string:
app.config['ENCRYPTION_KEY'] = eval(config.get('Encryption', 'ENCRYPTION_KEY'))
although this is considered bad/dangerous practice and you would be better off using literal_eval() or base64 encoding.
Store the key as a binary value in the file: [Encryption]
ENCRYPTION_KEY = ¿À<85>)^Pnc<94>^B)jßËÄ<94><9d>(<9e>[EXÈÕ¿I{¢$^E(Õ^X
but that is very difficult to maintain.
Any idea how I can use the paramiko.RSAKey.from_private_key() function?
I know there is a from_private_key_file(), but I'm interested in using a function to parse a private key (like below) and use that private key for SSHClient.
Private key (sample):
-----BEGIN RSA PRIVATE KEY-----\nMIICXgIBAAKCAIEAmfgmlY95SHXhCeBNdkhSrsG4JVbqyew845yoZRX3wcS2/doz\niVQxgx0aiOwLi+/Rnkb3PLUIwoxb/LoD/W0YMS6/NSUMt+LdH+zsjeNF2iq4rDzU\nwDSqi27q/8u/egrK7H+9HNKEVXb/87utAAm3VTM9KqKaK3VuVFrNrnsDSuECAwEA\nAQKCAIBZn3y2KiGq8BLiMNJmO4sFdnW+Jm3cw8pdo17SGItzGxJ5iX3ePkfjzhkY\nAm5mMl6OBzj6+VX0CMeywIR6C/q8HwDYSmZcuU5v76/DoW5bI6xkPrroqEz6aRE5\nyN+2hf65RD3eoPATsdrP/kxiKjZg9uG9LhgIXyVwYFs1RcqewQJBAMCVJlEYXRio\neynUtyES9HNmUGUqHKmri1FZfO56/mFdG5ZXsKE48qURCAGVxI+goGQ4vtJIXB2J\nyTEr+5qYtE0CQQDMq9/iigk+XDOa9xGCbwxbLGdPawaEivezMVdPqVzH971L6kZ8\nhEnev1DqujgGCyR+QYPW1ZCXH05FY9CqWwrlAkATzYJyJlI0XebER2ZJVVyjnSq5\nLFpkLAqYY95P23/a3SsgC4ZTHbr9tEGhgBgFONwlUhx1HRGzy95PWxl1LSylAkBk\nwP93v8gJIM5urM27zfrhLxy0ZdVRji+d0N5QYuk/r19KbcvBJEZRFxE4W++UWgve\n81V5fqytGEYptpdUJXlZAkEArxZDiT1HXXGciIgzZbh53McogPCGHiKOOPSjpM41\npneDFVvwgezCWoDauxNDzu7Nl55qPJsmvfKZ+SKvCajrhQw==\n-----END RSA PRIVATE KEY-----\n
Code I wanted to run:
import paramiko
ssh = paramiko.SSHClient()
# how do I pass in the private_key, when my private_key (shown above) is in string?
mykey = paramiko.RSAKey.from_private_key(private_key)
ssh.connect('192.168.1.2', username = 'vinod', pkey = mykey)
Many thanks.
Lev's method worked for me:
>>> import paramiko
>>> f = open('/path/to/key.pem','r')
>>> s = f.read()
>>> import StringIO
>>> keyfile = StringIO.StringIO(s)
>>> mykey = paramiko.RSAKey.from_private_key(keyfile)
>>> ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
>>> ssh.connect('myserver.compute-1.amazonaws.com', username='ubuntu', pkey=mykey)
>>> stdin, stdout, stderr = ssh.exec_command('uptime')
>>> stdout.readlines()
[' 19:21:10 up 24 days, 42 min, 1 user, load average: 0.14, 0.06, 0.05\n']
This should do it:
import io
import paramiko
private_key_file = io.StringIO()
private_key_file.write('-----BEGIN RSA PRIVATE KEY-----\nlskjdflk\n...\n-----END RSA PRIVATE KEY-----\n')
private_key_file.seek(0)
private_key = paramiko.RSAKey.from_private_key(private_key_file)
from_private_key() apparently takes a file object:
from_private_key(cls, file_obj, password=None)
Create a key object by reading a private key from a file (or file-like) object. If the private key is encrypted and password is not None, the given password will be used to decrypt the key (otherwise PasswordRequiredException is thrown).
Parameters:
file_obj (file) - the file to read from
password (str) - an optional password to use to decrypt the key, if it's encrypted
Returns: PKey
a new key object based on the given private key
Raises:
IOError - if there was an error reading the key
PasswordRequiredException - if the private key file is encrypted, and password is None
SSHException - if the key file is invalid
So to feed it a key as a string you can use StringIO, something like:
private_key = StringIO.StringIO(key_string)
mykey = paramiko.RSAKey.from_private_key(private_key)
I have not tested this, though.
Here is where 'duck typing' comes in handy - it does not have to BE a duck (=file), it just has to BEHAVE like one.
A little experimentation shows that, any object that has a valid readlines() method is fine.
I faked it with:
def myfakefile(keystring):
myfakefile.readlines=lambda: keystring.split("\n")
return myfakefile
mykey = paramiko.RSAKey.from_private_key(myfakefile(keystring))
This is incredibly hacky, but it works.
What this does, is, when you call myfakefile(keystring), it creates myfakefile.readlines, which returns the (split) contents of keystrings.
Then, it returns the function.
The same function is passed to from_private_key. from_private_key, thinking it is a file, calls myfakefile.readlines(). This calls the newly created (lambda) function, which returns the sort of thing you would expect from file.readlines() - or, close enough, anyway.
Note that, saving the results will not work as expected:
k1=myfakefile(keystring1)
k2=myfakefile(keystring2)
# This will return keystring2, not keystring1!
paramkiko.RSAKey.from_private_keyfile(k1.readlines())
There are more robust methods of getting this to work as it should, but not worth the effort - just use StringIO if your needs are more complicated.
Very old question, but in case it helps some unfortunate soul: my sol'n to this problem was to generate a new key with default options, using
ssh-keygen -t rsa
My previous key was generated using
ssh-keygen -t rsa -b 4096 -a 100
which paramiko complained about as it did for OP.