From 99a249df88dcddb368c0f682a6aa8fc2bb1a279f Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sun, 4 Jan 2015 15:55:22 -0600 Subject: support DER public and private key loading in the openssl backend --- docs/hazmat/backends/openssl.rst | 1 + .../hazmat/primitives/asymmetric/serialization.rst | 58 ++++++++++++++++++++++ 2 files changed, 59 insertions(+) (limited to 'docs') diff --git a/docs/hazmat/backends/openssl.rst b/docs/hazmat/backends/openssl.rst index 4e0f6282..26ffea6a 100644 --- a/docs/hazmat/backends/openssl.rst +++ b/docs/hazmat/backends/openssl.rst @@ -15,6 +15,7 @@ Red Hat Enterprise Linux 5) and greater. Earlier versions may work but are * :class:`~cryptography.hazmat.backends.interfaces.CipherBackend` * :class:`~cryptography.hazmat.backends.interfaces.CMACBackend` + * :class:`~cryptography.hazmat.backends.interfaces.DERSerializationBackend` * :class:`~cryptography.hazmat.backends.interfaces.DSABackend` * :class:`~cryptography.hazmat.backends.interfaces.EllipticCurveBackend` * :class:`~cryptography.hazmat.backends.interfaces.HashBackend` diff --git a/docs/hazmat/primitives/asymmetric/serialization.rst b/docs/hazmat/primitives/asymmetric/serialization.rst index 8155e6f4..3bf39151 100644 --- a/docs/hazmat/primitives/asymmetric/serialization.rst +++ b/docs/hazmat/primitives/asymmetric/serialization.rst @@ -136,6 +136,64 @@ all begin with ``-----BEGIN {format}-----`` and end with ``-----END :raises cryptography.exceptions.UnsupportedAlgorithm: If the serialized key is of a type that is not supported by the backend. +DER +~~~ + +DER is an ASN.1 encoding type. There are no encapsulation boundaries and the +data is binary. DER keys may be in a variety of formats, but as long as you +know whether it is a public or private key the loading functions will handle +the rest. + +.. function:: load_der_private_key(data, password, backend) + + .. versionadded:: 0.8 + + Deserialize a private key from DER encoded data to one of the supported + asymmetric private key types. + + :param bytes data: The DER encoded key data. + + :param bytes password: The password to use to decrypt the data. Should + be ``None`` if the private key is not encrypted. + + :param backend: A + :class:`~cryptography.hazmat.backends.interfaces.DERSerializationBackend` + provider. + + :returns: A new instance of a private key. + + :raises ValueError: If the DER data could not be decrypted or if its + structure could not be decoded successfully. + + :raises TypeError: If a ``password`` was given and the private key was + not encrypted. Or if the key was encrypted but no + password was supplied. + + :raises UnsupportedAlgorithm: If the serialized key is of a type that + is not supported by the backend or if the key is encrypted with a + symmetric cipher that is not supported by the backend. + +.. function:: load_der_public_key(data, backend) + + .. versionadded:: 0.8 + + Deserialize a public key from DER encoded data to one of the supported + asymmetric public key types. + + :param bytes data: The DER encoded key data. + + :param backend: A + :class:`~cryptography.hazmat.backends.interfaces.DERSerializationBackend` + provider. + + :returns: A new instance of a public key. + + :raises ValueError: If the DER data's structure could not be decoded + successfully. + + :raises UnsupportedAlgorithm: If the serialized key is of a type that + is not supported by the backend. + OpenSSH Public Key ~~~~~~~~~~~~~~~~~~ -- cgit v1.2.3 From 8c2539c8a67c0530633de2e74df8dd68f1b63193 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Wed, 11 Feb 2015 23:11:31 -0600 Subject: add examples --- .../hazmat/primitives/asymmetric/serialization.rst | 41 ++++++++++++++++++++++ 1 file changed, 41 insertions(+) (limited to 'docs') diff --git a/docs/hazmat/primitives/asymmetric/serialization.rst b/docs/hazmat/primitives/asymmetric/serialization.rst index 3bf39151..758bbd1c 100644 --- a/docs/hazmat/primitives/asymmetric/serialization.rst +++ b/docs/hazmat/primitives/asymmetric/serialization.rst @@ -7,6 +7,8 @@ Key Serialization .. testsetup:: + import base64 + pem_data = b""" -----BEGIN RSA PRIVATE KEY----- MIICXgIBAAKBgQDn09PV9KPE7Q+N5K5UtNLT1DLl8z/pKM2pP5tXqWx2OsEw00lC @@ -32,6 +34,27 @@ Key Serialization ex8nG0iMw4ObOtg6CwIDAQAB -----END PUBLIC KEY----- """.strip() + der_data = base64.b64decode( + b"MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALskegl+DrI3Msw5Z63x" + b"nj1rgoPR0KykwBi+jZgAwHv/B0TJyhy6NuEnaf+x442L7lepOqoWQzlUGXyuaSQU9mT/" + b"vHTGZ2xM8QJJaccr4eGho0MU9HePyNCFWjWVrGKpwSEAd6CLlzC0Wiy4kC9IoAUoS/IP" + b"jeyLTQNCddatgcARAgMBAAECgYAA/LlKJgeJUStTcpHgGD6mXjHvnAwWJELQKDP5+tA8" + b"VAQGwBX1G5qzJDGrPGtHQ7DSqdwF4YFZtgTpZmGq1wsAjz3lv6L4XiVsHiIPtP1B4gMx" + b"X9ogxcDzVQ7hyezXPioMAcp7Isus9Csn8HhftcL56BRabn6GvWqbIAy6zJcgEQJBAMlZ" + b"nymKW5/jKth+wkCfqEXlPhGNPO1uq87QZUbYxwdjtSM09J9+HMfH+WXR9ARCOL46DJ0I" + b"JfyjcdmuDDlh9IkCQQDt76up1Tmc7lkb/89IRBu2MudGJPMEf96VCG11nmcXulyk1OLi" + b"TXfO62YpxZbgYrvlrNxEYlSG7WQMztBgA51JAkBU2RhyJ+S+drsaaigvlVgSxCyotszi" + b"/Q0XZMgY18bfPUwanvkqsLkuEv3sw1HB7an9t3aTQdjIIpQad/acw8OJAkEAjvmnCK21" + b"KgTbjQShtQYgNNLPwImxcjG4OYvP4o6l2k9FHlNCZsQwSymOwWkXKYyK5g+CaKFBs7Zw" + b"mXWpJxjk6QJBAInqbm1w3yVfGD9I2mMQi/6oDJQP3pdWU4mU4h4sdDyRgTQLpkD4yypg" + b"jOACt4mTzxifSVT9fT+a79SkT8FFmZE=" + ) + public_der_data = base64.b64decode( + b"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7JHoJfg6yNzLMOWet8Z49a4KD0dCs" + b"pMAYvo2YAMB7/wdEycocujbhJ2n/seONi+5XqTqqFkM5VBl8rmkkFPZk/7x0xmdsTPEC" + b"SWnHK+HhoaNDFPR3j8jQhVo1laxiqcEhAHegi5cwtFosuJAvSKAFKEvyD43si00DQnXW" + b"rYHAEQIDAQAB" + ) message = b"" def sign_with_rsa_key(key, message): @@ -173,6 +196,15 @@ the rest. is not supported by the backend or if the key is encrypted with a symmetric cipher that is not supported by the backend. + .. doctest:: + + >>> from cryptography.hazmat.backends import default_backend + >>> from cryptography.hazmat.primitives.asymmetric import rsa + >>> from cryptography.hazmat.primitives.serialization import load_der_private_key + >>> key = load_der_private_key(der_data, password=None, backend=default_backend()) + >>> isinstance(key, rsa.RSAPrivateKey) + True + .. function:: load_der_public_key(data, backend) .. versionadded:: 0.8 @@ -194,6 +226,15 @@ the rest. :raises UnsupportedAlgorithm: If the serialized key is of a type that is not supported by the backend. + .. doctest:: + + >>> from cryptography.hazmat.backends import default_backend + >>> from cryptography.hazmat.primitives.asymmetric import rsa + >>> from cryptography.hazmat.primitives.serialization import load_der_public_key + >>> key = load_der_public_key(public_der_data, backend=default_backend()) + >>> isinstance(key, rsa.RSAPublicKey) + True + OpenSSH Public Key ~~~~~~~~~~~~~~~~~~ -- cgit v1.2.3 From 78eb105e6f3ff4ac9e663a3cfaefca273afb97c1 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Fri, 13 Feb 2015 11:16:54 -0600 Subject: fix docs for unsupportedalgorithm exception (thanks nitpicky) --- docs/hazmat/primitives/asymmetric/serialization.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'docs') diff --git a/docs/hazmat/primitives/asymmetric/serialization.rst b/docs/hazmat/primitives/asymmetric/serialization.rst index 758bbd1c..87a4dbf4 100644 --- a/docs/hazmat/primitives/asymmetric/serialization.rst +++ b/docs/hazmat/primitives/asymmetric/serialization.rst @@ -192,7 +192,7 @@ the rest. not encrypted. Or if the key was encrypted but no password was supplied. - :raises UnsupportedAlgorithm: If the serialized key is of a type that + :raises cryptography.exceptions.UnsupportedAlgorithm: If the serialized key is of a type that is not supported by the backend or if the key is encrypted with a symmetric cipher that is not supported by the backend. @@ -223,7 +223,7 @@ the rest. :raises ValueError: If the DER data's structure could not be decoded successfully. - :raises UnsupportedAlgorithm: If the serialized key is of a type that + :raises cryptography.exceptions.UnsupportedAlgorithm: If the serialized key is of a type that is not supported by the backend. .. doctest:: -- cgit v1.2.3