def sign(self, msg):
"""Create signature for message
Taken from https://github.com/madeddie/python-bunq - Thanks!
:param msg: data to be signed, usually action, headers and body
:type msg: str
"""
return base64.b64encode(
self.privkey_pem.sign(
msg.encode(),
padding.PKCS1v15(),
hashes.SHA256()
)
).decode()
python类PKCS1v15()的实例源码
def verify(self, buffer, alg, signature):
sig_alg = hash_.rsa_signature_algorithm_by_name(alg)
verifier = self.key.verifier(
signature,
padding.PKCS1v15(),
sig_alg.hasher()
)
while True:
d = buffer.read(1024).encode()
if not d:
break
verifier.update(d)
try:
verifier.verify()
except Exception as e:
raise e
return True
def sign_request(key, header, protected_header, payload):
"""
Creates a JSON Web Signature for the request header and payload using the
specified account key.
"""
protected = jose_b64(json.dumps(protected_header).encode('utf8'))
payload = jose_b64(json.dumps(payload).encode('utf8'))
signer = key.signer(padding.PKCS1v15(), hashes.SHA256())
signer.update(protected.encode('ascii'))
signer.update(b'.')
signer.update(payload.encode('ascii'))
return json.dumps({
'header': header,
'protected': protected,
'payload': payload,
'signature': jose_b64(signer.finalize()),
})
def sign_data(self, data: bytes) -> bytes:
"""
CA ???? DATA ??
:param data: ?? ?? ??
:return: ??
"""
if isinstance(self.__ca_pri, ec.EllipticCurvePrivateKeyWithSerialization):
signer = self.__ca_pri.signer(ec.ECDSA(hashes.SHA256()))
signer.update(data)
return signer.finalize()
elif isinstance(self.__ca_pri, rsa.RSAPrivateKeyWithSerialization):
return self.__ca_pri.sign(
data,
padding.PKCS1v15(),
hashes.SHA256()
)
else:
logging.debug("Unknown PrivateKey Type : %s", type(self.__ca_pri))
return None
def get_channel(self):
#first get a token we need to sign in order to prove we are who we say we are
r = requests.get(str(self.base_link_uri) + "/get_device_token", params={"UUID": self.uuid, })
token = r.json()["token"]
# get the private Key
with open(CloudLinkSettings.PRIVATE_KEY_LOCATION,'r') as key_file:
private_key = serialization.load_pem_private_key(key_file.read(),
password=CloudLinkSettings.PRIVATE_KEY_PASSPHRASE,
backend=default_backend())
# sign the token with our private key
signer = private_key.signer(padding.PKCS1v15(), hashes.SHA256())
signer.update(bytes(token))
signature = signer.finalize()
# get the randomly assigned channel for my UUID
r = requests.get(str(self.base_link_uri) + "/get_device_group",
params={"UUID": self.uuid, "signature": b64encode(signature), "format": "PKCS1_v1_5"})
if r.ok:
self.channel_uri = r.json()["channel"]
elif r.status_code == 400:
raise Exception("UUID or Token not registered with Cloud.")
elif r.status_code == 403:
raise Exception("Signature didn't verify correctly. Bad private key or signature.")
def sign(self, msg):
"""Create signature for message
Taken from https://github.com/madeddie/python-bunq - Thanks!
:param msg: data to be signed, usually action, headers and body
:type msg: str
"""
return base64.b64encode(
self.privkey_pem.sign(
msg.encode(),
padding.PKCS1v15(),
hashes.SHA256()
)
).decode()
def verify_ssh_sig(self, data, msg):
if msg.get_text() != 'ssh-rsa':
return False
key = self.key
if isinstance(key, rsa.RSAPrivateKey):
key = key.public_key()
verifier = key.verifier(
signature=msg.get_binary(),
padding=padding.PKCS1v15(),
algorithm=hashes.SHA1(),
)
verifier.update(data)
try:
verifier.verify()
except InvalidSignature:
return False
else:
return True
def verify_ssh_sig(self, data, msg):
if msg.get_text() != 'ssh-rsa':
return False
key = self.key
if isinstance(key, rsa.RSAPrivateKey):
key = key.public_key()
verifier = key.verifier(
signature=msg.get_binary(),
padding=padding.PKCS1v15(),
algorithm=hashes.SHA1(),
)
verifier.update(data)
try:
verifier.verify()
except InvalidSignature:
return False
else:
return True
def encrypt(pubkey, password):
"""Encrypt password using given RSA public key and encode it with base64.
The encrypted password can only be decrypted by someone with the
private key (in this case, only Travis).
"""
key = load_key(pubkey)
encrypted_password = key.encrypt(password, PKCS1v15())
return base64.b64encode(encrypted_password)
def encrypt(pubkey, password):
"""Encrypt password using given RSA public key and encode it with base64.
The encrypted password can only be decrypted by someone with the
private key (in this case, only Travis).
"""
key = load_key(pubkey)
encrypted_password = key.encrypt(password, PKCS1v15())
return base64.b64encode(encrypted_password)
def encrypt(pubkey, password):
"""Encrypt password using given RSA public key and encode it with base64.
The encrypted password can only be decrypted by someone with the
private key (in this case, only Travis).
"""
key = load_key(pubkey)
encrypted_password = key.encrypt(password, PKCS1v15())
return base64.b64encode(encrypted_password)
def encrypt(pubkey, password):
"""Encrypt password using given RSA public key and encode it with base64.
The encrypted password can only be decrypted by someone with the
private key (in this case, only Travis).
"""
key = load_key(pubkey)
encrypted_password = key.encrypt(password, PKCS1v15())
return base64.b64encode(encrypted_password)
def encrypt_key(key, password):
"""Encrypt the password with the public key and return an ASCII representation.
The public key retrieved from the Travis API is loaded as an RSAPublicKey
object using Cryptography's default backend. Then the given password
is encrypted with the encrypt() method of RSAPublicKey. The encrypted
password is then encoded to base64 and decoded into ASCII in order to
convert the bytes object into a string object.
Parameters
----------
key: str
Travis CI public RSA key that requires deserialization
password: str
the password to be encrypted
Returns
-------
encrypted_password: str
the base64 encoded encrypted password decoded as ASCII
Notes
-----
Travis CI uses the PKCS1v15 padding scheme. While PKCS1v15 is secure,
it is outdated and should be replaced with OAEP.
Example:
OAEP(mgf=MGF1(algorithm=SHA256()), algorithm=SHA256(), label=None))
"""
public_key = load_pem_public_key(key.encode(), default_backend())
encrypted_password = public_key.encrypt(password, PKCS1v15())
return base64.b64encode(encrypted_password).decode('ascii')
def encrypt(pubkey, password):
"""Encrypt password using given RSA public key and encode it with base64.
The encrypted password can only be decrypted by someone with the
private key (in this case, only Travis).
"""
key = load_key(pubkey)
encrypted_password = key.encrypt(password, PKCS1v15())
return base64.b64encode(encrypted_password)
def encrypt(pubkey, password):
"""Encrypt password using given RSA public key and encode it with base64.
The encrypted password can only be decrypted by someone with the
private key (in this case, only Travis).
"""
key = load_key(pubkey)
encrypted_password = key.encrypt(password, PKCS1v15())
return base64.b64encode(encrypted_password)
def append_signature(target_file, priv_key, priv_key_password=None):
"""Append signature to the end of file"""
with open(target_file, "rb") as f:
contents = f.read()
with open(priv_key, "rb") as kf:
private_key = serialization.load_pem_private_key(
kf.read(), password=priv_key_password, backend=default_backend())
signature = private_key.sign(contents, padding.PKCS1v15(), hashes.SHA512())
with open(target_file, "ab") as f:
f.write(signature)
def encrypt(pubkey, password):
"""Encrypt password using given RSA public key and encode it with base64.
The encrypted password can only be decrypted by someone with the
private key (in this case, only Travis).
"""
key = load_key(pubkey)
encrypted_password = key.encrypt(password, PKCS1v15())
return base64.b64encode(encrypted_password)
def encrypt(pubkey, password):
"""Encrypt password using given RSA public key and encode it with base64.
The encrypted password can only be decrypted by someone with the
private key (in this case, only Travis).
"""
key = load_key(pubkey)
encrypted_password = key.encrypt(password, PKCS1v15())
return base64.b64encode(encrypted_password)
def encrypt(pubkey, password):
"""Encrypt password using given RSA public key and encode it with base64.
The encrypted password can only be decrypted by someone with the
private key (in this case, only Travis).
"""
key = load_key(pubkey)
encrypted_password = key.encrypt(password, PKCS1v15())
return base64.b64encode(encrypted_password)
def encrypt(pubkey, password):
"""Encrypt password using given RSA public key and encode it with base64.
The encrypted password can only be decrypted by someone with the
private key (in this case, only Travis).
"""
key = load_key(pubkey)
encrypted_password = key.encrypt(password, PKCS1v15())
return base64.b64encode(encrypted_password)
def encrypt(pubkey, password):
"""Encrypt password using given RSA public key and encode it with base64.
The encrypted password can only be decrypted by someone with the
private key (in this case, only Travis).
"""
key = load_key(pubkey)
encrypted_password = key.encrypt(password, PKCS1v15())
return base64.b64encode(encrypted_password)
def encrypt(pubkey, password):
"""Encrypt password using given RSA public key and encode it with base64.
The encrypted password can only be decrypted by someone with the
private key (in this case, only Travis).
"""
key = load_key(pubkey)
encrypted_password = key.encrypt(password, PKCS1v15())
return base64.b64encode(encrypted_password)
def encrypt(pubkey, password):
"""Encrypt password using given RSA public key and encode it with base64.
The encrypted password can only be decrypted by someone with the
private key (in this case, only Travis).
"""
key = load_key(pubkey)
encrypted_password = key.encrypt(password, PKCS1v15())
return base64.b64encode(encrypted_password)
def encrypt(pubkey, password):
"""Encrypt password using given RSA public key and encode it with base64.
The encrypted password can only be decrypted by someone with the
private key (in this case, only Travis).
"""
key = load_key(pubkey)
encrypted_password = key.encrypt(password, PKCS1v15())
return base64.b64encode(encrypted_password)
def encrypt(pubkey, password):
"""Encrypt password using given RSA public key and encode it with base64.
The encrypted password can only be decrypted by someone with the
private key (in this case, only Travis).
"""
key = load_key(pubkey)
encrypted_password = key.encrypt(password, PKCS1v15())
return base64.b64encode(encrypted_password)
def encrypt(pubkey, password):
"""Encrypt password using given RSA public key and encode it with base64.
The encrypted password can only be decrypted by someone with the
private key (in this case, only Travis).
"""
key = load_key(pubkey)
encrypted_password = key.encrypt(password, PKCS1v15())
return base64.b64encode(encrypted_password)
def encrypt(pubkey, password):
"""Encrypt password using given RSA public key and encode it with base64.
The encrypted password can only be decrypted by someone with the
private key (in this case, only Travis).
"""
key = load_key(pubkey)
encrypted_password = key.encrypt(password, PKCS1v15())
return base64.b64encode(encrypted_password)
def encrypt(pubkey, password):
"""Encrypt password using given RSA public key and encode it with base64.
The encrypted password can only be decrypted by someone with the
private key (in this case, only Travis).
"""
key = load_key(pubkey)
encrypted_password = key.encrypt(password, PKCS1v15())
return base64.b64encode(encrypted_password)
def encrypt(pubkey, password):
"""Encrypt password using given RSA public key and encode it with base64.
The encrypted password can only be decrypted by someone with the
private key (in this case, only Travis).
"""
key = load_key(pubkey)
encrypted_password = key.encrypt(password, PKCS1v15())
return base64.b64encode(encrypted_password)
def encrypt(pubkey, password):
"""Encrypt password using given RSA public key and encode it with base64.
The encrypted password can only be decrypted by someone with the
private key (in this case, only Travis).
"""
key = load_key(pubkey)
encrypted_password = key.encrypt(password, PKCS1v15())
return base64.b64encode(encrypted_password)
