How to use the asyncssh.asn1.der_encode function in asyncssh
To help you get started, we’ve selected a few asyncssh examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
ronf / asyncssh / tests / test_public_key.py View on Github 
('Unexpected OpenSSH trailing data',
b'-----BEGIN OPENSSH PRIVATE KEY-----\n' +
binascii.b2a_base64(b''.join(
(b'openssh-key-v1\0', String('aes256-cbc'), String('bcrypt'),
String(b''.join((String(16*b'\0'), UInt32(128)))), UInt32(1),
String(''), String(''), String('xxx')))) +
b'-----END OPENSSH PRIVATE KEY-----')
]
public_errors = [
('Non-ASCII', '\xff'),
('Invalid ASN.1', b'\x30'),
('Invalid PKCS#1', der_encode(None)),
('Invalid PKCS#8', der_encode(((self.pubkey.pkcs8_oid, ()),
BitString(der_encode(None))))),
('Unknown PKCS#8 algorithm', der_encode(((ObjectIdentifier('1.1'),
None), BitString(b'')))),
('Invalid PKCS#8 ASN.1', der_encode(((self.pubkey.pkcs8_oid,
None), BitString(b'')))),
('Invalid PEM header', b'-----BEGIN XXX-----\n'),
('Missing PEM footer', b'-----BEGIN PUBLIC KEY-----\n'),
('Invalid PEM key type',
b'-----BEGIN XXX PUBLIC KEY-----\n' +
binascii.b2a_base64(der_encode(None)) +
b'-----END XXX PUBLIC KEY-----'),
('Invalid PEM Base64',
b'-----BEGIN PUBLIC KEY-----\n'
b'X\n'
b'-----END PUBLIC KEY-----'),
('Incomplete PEM ASN.1',
b'-----BEGIN PUBLIC KEY-----\n'
b'-----END PUBLIC KEY-----'),b'Proc-Type: 4,ENCRYPTED\n'
b'-----END DSA PRIVATE KEY-----'),
('Incomplete PEM ASN.1',
b'-----BEGIN PRIVATE KEY-----\n'
b'-----END PRIVATE KEY-----'),
('Missing PEM PKCS#8 passphrase',
b'-----BEGIN ENCRYPTED PRIVATE KEY-----\n' +
binascii.b2a_base64(der_encode(None)) +
b'-----END ENCRYPTED PRIVATE KEY-----'),
('Invalid PEM PKCS#1 key',
b'-----BEGIN DSA PRIVATE KEY-----\n' +
binascii.b2a_base64(der_encode(None)) +
b'-----END DSA PRIVATE KEY-----'),
('Invalid PEM PKCS#8 key',
b'-----BEGIN PRIVATE KEY-----\n' +
binascii.b2a_base64(der_encode(None)) +
b'-----END PRIVATE KEY-----'),
('Unknown format OpenSSH key',
b'-----BEGIN OPENSSH PRIVATE KEY-----\n' +
binascii.b2a_base64(b'XXX') +
b'-----END OPENSSH PRIVATE KEY-----'),
('Incomplete OpenSSH key',
b'-----BEGIN OPENSSH PRIVATE KEY-----\n' +
binascii.b2a_base64(b'openssh-key-v1\0') +
b'-----END OPENSSH PRIVATE KEY-----'),
('Invalid OpenSSH nkeys',
b'-----BEGIN OPENSSH PRIVATE KEY-----\n' +
binascii.b2a_base64(b''.join(
(b'openssh-key-v1\0', String(''), String(''), String(''),
UInt32(2), String(''), String('')))) +
b'-----END OPENSSH PRIVATE KEY-----'),
('Missing OpenSSH passphrase',String(b''.join((String(16*b'\0'), UInt32(128)))), UInt32(1),
String(''), String('')))) +
b'-----END OPENSSH PRIVATE KEY-----'),
('Unexpected OpenSSH trailing data',
b'-----BEGIN OPENSSH PRIVATE KEY-----\n' +
binascii.b2a_base64(b''.join(
(b'openssh-key-v1\0', String('aes256-cbc'), String('bcrypt'),
String(b''.join((String(16*b'\0'), UInt32(128)))), UInt32(1),
String(''), String(''), String('xxx')))) +
b'-----END OPENSSH PRIVATE KEY-----')
]
public_errors = [
('Non-ASCII', '\xff'),
('Invalid ASN.1', b'\x30'),
('Invalid PKCS#1', der_encode(None)),
('Invalid PKCS#8', der_encode(((self.pubkey.pkcs8_oid, ()),
BitString(der_encode(None))))),
('Unknown PKCS#8 algorithm', der_encode(((ObjectIdentifier('1.1'),
None), BitString(b'')))),
('Invalid PKCS#8 ASN.1', der_encode(((self.pubkey.pkcs8_oid,
None), BitString(b'')))),
('Invalid PEM header', b'-----BEGIN XXX-----\n'),
('Missing PEM footer', b'-----BEGIN PUBLIC KEY-----\n'),
('Invalid PEM key type',
b'-----BEGIN XXX PUBLIC KEY-----\n' +
binascii.b2a_base64(der_encode(None)) +
b'-----END XXX PUBLIC KEY-----'),
('Invalid PEM Base64',
b'-----BEGIN PUBLIC KEY-----\n'
b'X\n'
b'-----END PUBLIC KEY-----'),def encode_pkcs8_private(self):
"""Encode a PKCS#8 format EC private key"""
if not self._key.private_value:
raise KeyExportError('Key is not private')
return self._alg_oid, der_encode((1, self._key.private_value,
self.encode_public_tagged()))if purpose_oids:
builder = builder.add_extension(x509.ExtendedKeyUsage(purpose_oids),
critical=False)
sans = _encode_user_principals(user_principals) + \
_encode_host_principals(host_principals)
if sans:
builder = builder.add_extension(x509.SubjectAlternativeName(sans),
critical=False)
if comment:
if isinstance(comment, str):
comment = comment.encode('utf-8')
comment = der_encode(IA5String(comment))
builder = builder.add_extension(
x509.UnrecognizedExtension(_nscomment_oid, comment), critical=False)
try:
hash_alg = _hashes[hash_alg]()
except KeyError:
raise ValueError('Unknown hash algorithm') from None
cert = builder.sign(signing_key.pyca_key, hash_alg, default_backend())
data = cert.public_bytes(Encoding.DER)
return X509Certificate(cert, data)def verify_ssh(self, data, sig_algorithm, sig):
"""Verify an SSH-encoded signature of the specified data"""
if len(sig) != 40:
return False
r = int.from_bytes(sig[:20], 'big')
s = int.from_bytes(sig[20:], 'big')
return self.verify_der(data, sig_algorithm, der_encode((r, s)))def encode_pkcs8_private(self):
"""Encode a PKCS#8 format EC private key"""
if not self._d:
raise KeyExportError('Key is not private')
return self._alg_oid, der_encode((1, self.encode_private(),
self.encode_public()))def encode_pkcs8_public(self):
"""Encode a PKCS#8 format RSA public key"""
return None, der_encode(self.encode_pkcs1_public())binascii.b2a_hex(iv).upper() + b'\n\n')
else:
headers = b''
if format_name == 'pkcs1-pem':
keytype = self.pem_name + b' PRIVATE KEY'
data = (b'-----BEGIN ' + keytype + b'-----\n' +
headers + _wrap_base64(data) +
b'-----END ' + keytype + b'-----\n')
return data
elif format_name in ('pkcs8-der', 'pkcs8-pem'):
alg_params, data = self.encode_pkcs8_private()
if alg_params is OMIT:
data = der_encode((0, (self.pkcs8_oid,), data))
else:
data = der_encode((0, (self.pkcs8_oid, alg_params), data))
if passphrase is not None:
data = pkcs8_encrypt(data, cipher_name, hash_name,
pbe_version, passphrase)
if format_name == 'pkcs8-pem':
if passphrase is not None:
keytype = b'ENCRYPTED PRIVATE KEY'
else:
keytype = b'PRIVATE KEY'
data = (b'-----BEGIN ' + keytype + b'-----\n' +
_wrap_base64(data) +
b'-----END ' + keytype + b'-----\n')The PBE version to use for private key encryption.
:param rounds: (optional)
The number of KDF rounds to apply to the passphrase.
:type format_name: `str`
:type passphrase: `str` or `bytes`
:type cipher_name: `str`
:type hash_name: `str`
:type pbe_version: `int`
:type rounds: `int`
:returns: `bytes` representing the exported private key
"""
if format_name in ('pkcs1-der', 'pkcs1-pem'):
data = der_encode(self.encode_pkcs1_private())
if passphrase is not None:
if format_name == 'pkcs1-der':
raise KeyExportError('PKCS#1 DER format does not support '
'private key encryption')
alg, iv, data = pkcs1_encrypt(data, cipher_name, passphrase)
headers = (b'Proc-Type: 4,ENCRYPTED\n' +
b'DEK-Info: ' + alg + b',' +
binascii.b2a_hex(iv).upper() + b'\n\n')
else:
headers = b''
if format_name == 'pkcs1-pem':
keytype = self.pem_name + b' PRIVATE KEY'
data = (b'-----BEGIN ' + keytype + b'-----\n' +asyncssh
AsyncSSH: Asynchronous SSHv2 client and server library
Package Health Score
86 / 100Popular asyncssh functions
- asyncssh.asn1.ASN1DecodeError
- asyncssh.asn1.BitString
- asyncssh.asn1.der_encode
- asyncssh.asn1.ObjectIdentifier
- asyncssh.connect
- asyncssh.create_server
- asyncssh.Error
- asyncssh.generate_private_key
- asyncssh.load_keypairs
- asyncssh.misc.ProtocolError
- asyncssh.packet.Byte
- asyncssh.packet.MPInt
- asyncssh.packet.SSHPacket
- asyncssh.packet.String
- asyncssh.packet.UInt32
- asyncssh.pbe.KeyEncryptionError
- asyncssh.public_key.KeyExportError
- asyncssh.public_key.KeyImportError
- asyncssh.read_private_key
- asyncssh.sftp.SFTPError