def get_or_gen_key(ctx, account_key_path, new_account_key_size):
account_key_path = os.path.expanduser(account_key_path)
if os.path.exists(account_key_path):
logger.debug('opening existing account key %s', account_key_path)
with open(account_key_path, 'rb') as key_file:
key_contents = key_file.read()
try:
try:
account_key = jose.JWKRSA(key=serialization.load_pem_private_key(key_contents, None,
default_backend()))
except TypeError: # password required
password = click.prompt('Password for %s' % account_key_path, hide_input=True, default=None)
key = serialization.load_pem_private_key(key_contents, password.encode('utf-8'), default_backend())
account_key = jose.JWKRSA(key=key)
except ValueError as e:
logger.error('could not open key %s: %s', account_key_path, e)
ctx.exit(1)
else:
logger.warn('no account key found; creating a new %d bit key in %s', new_account_key_size, account_key_path)
account_key = jose.JWKRSA(key=rsa.generate_private_key(
public_exponent=65537,
key_size=new_account_key_size,
backend=default_backend()))
try:
os.makedirs(os.path.dirname(account_key_path), 0o750)
except os.error:
pass # dir already exists
encryption_algorithm = ask_for_password_or_no_crypto(account_key_path)
with open(account_key_path, 'wb') as key_file:
key_file.write(account_key.key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.PKCS8,
encryption_algorithm=encryption_algorithm
))
return account_key
评论列表
文章目录
