How to use oscrypto - 10 common examples
To help you get started, we’ve selected a few oscrypto examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
wbond / oscrypto / oscrypto / _win / asymmetric.py View on Github 
# the default, and what is used by Security.framework on OS X also.
g = 2
try:
byte_size = bit_size // 8
if _backend == 'win':
alg_handle = open_alg_handle(BcryptConst.BCRYPT_RNG_ALGORITHM)
buffer = buffer_from_bytes(byte_size)
while True:
if _backend == 'winlegacy':
rb = os.urandom(byte_size)
else:
res = bcrypt.BCryptGenRandom(alg_handle, buffer, byte_size, 0)
handle_error(res)
rb = bytes_from_buffer(buffer)
p = int_from_bytes(rb)
# If a number is even, it can't be prime
if p % 2 == 0:
continue
# Perform the generator checks outlined in OpenSSL's
# dh_builtin_genparams() located in dh_gen.c
if g == 2:
if p % 24 != 11:
continue
elif g == 5:
rem = p % 10
if rem != 3 and rem != 7:
continuelen1 = bit_size // 8
len2 = bit_size // 16
prime1_offset = len1
prime2_offset = prime1_offset + len2
exponent1_offset = prime2_offset + len2
exponent2_offset = exponent1_offset + len2
coefficient_offset = exponent2_offset + len2
private_exponent_offset = coefficient_offset + len2
public_exponent = blob_struct.rsapubkey.pubexp
modulus = int_from_bytes(blob[0:prime1_offset][::-1])
prime1 = int_from_bytes(blob[prime1_offset:prime2_offset][::-1])
prime2 = int_from_bytes(blob[prime2_offset:exponent1_offset][::-1])
exponent1 = int_from_bytes(blob[exponent1_offset:exponent2_offset][::-1])
exponent2 = int_from_bytes(blob[exponent2_offset:coefficient_offset][::-1])
coefficient = int_from_bytes(blob[coefficient_offset:private_exponent_offset][::-1])
private_exponent = int_from_bytes(blob[private_exponent_offset:private_exponent_offset + len1][::-1])
public_key_info = PublicKeyInfo({
'algorithm': PublicKeyAlgorithm({
'algorithm': 'rsa',
}),
'public_key': RSAPublicKey({
'modulus': modulus,
'public_exponent': public_exponent,
}),
})
rsa_private_key = RSAPrivateKey({
'version': 'two-prime',
'modulus': modulus,"""
len1 = bit_size // 8
len2 = bit_size // 16
prime1_offset = len1
prime2_offset = prime1_offset + len2
exponent1_offset = prime2_offset + len2
exponent2_offset = exponent1_offset + len2
coefficient_offset = exponent2_offset + len2
private_exponent_offset = coefficient_offset + len2
public_exponent = blob_struct.rsapubkey.pubexp
modulus = int_from_bytes(blob[0:prime1_offset][::-1])
prime1 = int_from_bytes(blob[prime1_offset:prime2_offset][::-1])
prime2 = int_from_bytes(blob[prime2_offset:exponent1_offset][::-1])
exponent1 = int_from_bytes(blob[exponent1_offset:exponent2_offset][::-1])
exponent2 = int_from_bytes(blob[exponent2_offset:coefficient_offset][::-1])
coefficient = int_from_bytes(blob[coefficient_offset:private_exponent_offset][::-1])
private_exponent = int_from_bytes(blob[private_exponent_offset:private_exponent_offset + len1][::-1])
public_key_info = PublicKeyInfo({
'algorithm': PublicKeyAlgorithm({
'algorithm': 'rsa',
}),
'public_key': RSAPublicKey({
'modulus': modulus,
'public_exponent': public_exponent,
}),
})
rsa_private_key = RSAPrivateKey({asn1crypto.keys.PrivateKeyInfo)
"""
len1 = bit_size // 8
len2 = bit_size // 16
prime1_offset = len1
prime2_offset = prime1_offset + len2
exponent1_offset = prime2_offset + len2
exponent2_offset = exponent1_offset + len2
coefficient_offset = exponent2_offset + len2
private_exponent_offset = coefficient_offset + len2
public_exponent = blob_struct.rsapubkey.pubexp
modulus = int_from_bytes(blob[0:prime1_offset][::-1])
prime1 = int_from_bytes(blob[prime1_offset:prime2_offset][::-1])
prime2 = int_from_bytes(blob[prime2_offset:exponent1_offset][::-1])
exponent1 = int_from_bytes(blob[exponent1_offset:exponent2_offset][::-1])
exponent2 = int_from_bytes(blob[exponent2_offset:coefficient_offset][::-1])
coefficient = int_from_bytes(blob[coefficient_offset:private_exponent_offset][::-1])
private_exponent = int_from_bytes(blob[private_exponent_offset:private_exponent_offset + len1][::-1])
public_key_info = PublicKeyInfo({
'algorithm': PublicKeyAlgorithm({
'algorithm': 'rsa',
}),
'public_key': RSAPublicKey({
'modulus': modulus,
'public_exponent': public_exponent,
}),
})
A 2-element tuple of (asn1crypto.keys.PublicKeyInfo,
asn1crypto.keys.PrivateKeyInfo)
"""
len1 = bit_size // 8
len2 = bit_size // 16
prime1_offset = len1
prime2_offset = prime1_offset + len2
exponent1_offset = prime2_offset + len2
exponent2_offset = exponent1_offset + len2
coefficient_offset = exponent2_offset + len2
private_exponent_offset = coefficient_offset + len2
public_exponent = blob_struct.rsapubkey.pubexp
modulus = int_from_bytes(blob[0:prime1_offset][::-1])
prime1 = int_from_bytes(blob[prime1_offset:prime2_offset][::-1])
prime2 = int_from_bytes(blob[prime2_offset:exponent1_offset][::-1])
exponent1 = int_from_bytes(blob[exponent1_offset:exponent2_offset][::-1])
exponent2 = int_from_bytes(blob[exponent2_offset:coefficient_offset][::-1])
coefficient = int_from_bytes(blob[coefficient_offset:private_exponent_offset][::-1])
private_exponent = int_from_bytes(blob[private_exponent_offset:private_exponent_offset + len1][::-1])
public_key_info = PublicKeyInfo({
'algorithm': PublicKeyAlgorithm({
'algorithm': 'rsa',
}),
'public_key': RSAPublicKey({
'modulus': modulus,
'public_exponent': public_exponent,
}),
})if signing:
algorithm_id = Advapi32Const.CALG_RSA_SIGN
else:
algorithm_id = Advapi32Const.CALG_RSA_KEYX
else:
struct_type = 'DSSBLOBHEADER'
algorithm_id = Advapi32Const.CALG_DSS_SIGN
blob_header_pointer = struct(advapi32, 'BLOBHEADER')
blob_header = unwrap(blob_header_pointer)
blob_header.bType = blob_type
blob_header.bVersion = Advapi32Const.CUR_BLOB_VERSION
blob_header.reserved = 0
blob_header.aiKeyAlg = algorithm_id
blob_struct_pointer = struct(advapi32, struct_type)
blob_struct = unwrap(blob_struct_pointer)
blob_struct.publickeystruc = blob_header
bit_size = key_info.bit_size
len1 = bit_size // 8
len2 = bit_size // 16
if algo == 'rsa':
pubkey_pointer = struct(advapi32, 'RSAPUBKEY')
pubkey = unwrap(pubkey_pointer)
pubkey.bitlen = bit_size
if key_type == 'public':
parsed_key_info = key_info['public_key'].parsed
pubkey.magic = Advapi32Const.RSA1
pubkey.pubexp = parsed_key_info['public_exponent'].native
blob_data = int_to_bytes(parsed_key_info['modulus'].native, signed=False, width=len1)[::-1]# OpenSSL allows use of generator 2 or 5, but we hardcode 2 since it is
# the default, and what is used by Security.framework on OS X also.
g = 2
try:
byte_size = bit_size // 8
if _backend == 'win':
alg_handle = open_alg_handle(BcryptConst.BCRYPT_RNG_ALGORITHM)
buffer = buffer_from_bytes(byte_size)
while True:
if _backend == 'winlegacy':
rb = os.urandom(byte_size)
else:
res = bcrypt.BCryptGenRandom(alg_handle, buffer, byte_size, 0)
handle_error(res)
rb = bytes_from_buffer(buffer)
p = int_from_bytes(rb)
# If a number is even, it can't be prime
if p % 2 == 0:
continue
# Perform the generator checks outlined in OpenSSL's
# dh_builtin_genparams() located in dh_gen.c
if g == 2:
if p % 24 != 11:
continue
elif g == 5:
rem = p % 10
if rem != 3 and rem != 7:'md5': Advapi32Const.CALG_MD5,
'sha1': Advapi32Const.CALG_SHA1,
'sha256': Advapi32Const.CALG_SHA_256,
'sha384': Advapi32Const.CALG_SHA_384,
'sha512': Advapi32Const.CALG_SHA_512,
}[hash_algorithm]
hash_handle_pointer = new(advapi32, 'HCRYPTHASH *')
res = advapi32.CryptCreateHash(
certificate_or_public_key.context_handle,
alg_id,
null(),
0,
hash_handle_pointer
)
handle_error(res)
hash_handle = unwrap(hash_handle_pointer)
res = advapi32.CryptHashData(hash_handle, data, len(data), 0)
handle_error(res)
if algo == 'dsa':
# Windows doesn't use the ASN.1 Sequence for DSA signatures,
# so we have to convert it here for the verification to work
try:
signature = DSASignature.load(signature).to_p1363()
# Switch the two integers so that the reversal later will
# result in the correct order
half_len = len(signature) // 2
signature = signature[half_len:] + signature[:half_len]
except (ValueError, OverflowError, TypeError):def test_dsa_public_key_attr(self):
private = asymmetric.load_private_key(os.path.join(fixtures_dir, 'keys/test-dsa-1024.key'))
public = asymmetric.load_public_key(os.path.join(fixtures_dir, 'keys/test-dsa-1024.crt'))
computed_public = private.public_key
self.assertEqual(public.asn1.dump(), computed_public.asn1.dump())def test_rsa(self):
# A key we generated earlier
self.session.generate_keypair(KeyType.RSA, 1024)
pub = self.session.get_key(key_type=KeyType.RSA,
object_class=ObjectClass.PUBLIC_KEY)
pub = encode_rsa_public_key(pub)
from oscrypto.asymmetric import load_public_key, rsa_pkcs1v15_encrypt
pub = load_public_key(pub)
crypttext = rsa_pkcs1v15_encrypt(pub, b'Data to encrypt')
priv = self.session.get_key(key_type=KeyType.RSA,
object_class=ObjectClass.PRIVATE_KEY)
plaintext = priv.decrypt(crypttext, mechanism=Mechanism.RSA_PKCS)
self.assertEqual(plaintext, b'Data to encrypt')oscrypto
TLS (SSL) sockets, key generation, encryption, decryption, signing, verification and KDFs using the OS crypto libraries. Does not require a compiler, and relies on the OS for patching. Works on Windows, OS X and Linux/BSD.
Package Health Score
76 / 100Popular oscrypto functions
- oscrypto._asn1.int_from_bytes
- oscrypto._asn1.int_to_bytes
- oscrypto._errors.pretty_message
- oscrypto._ffi.buffer_from_bytes
- oscrypto._ffi.bytes_from_buffer
- oscrypto._ffi.deref
- oscrypto._ffi.is_null
- oscrypto._ffi.new
- oscrypto._ffi.null
- oscrypto._ffi.struct
- oscrypto._ffi.unwrap
- oscrypto._int.fill_width
- oscrypto._mac._core_foundation.CoreFoundation.CFRelease
- oscrypto._mac._security.handle_sec_error
- oscrypto._mac._security.Security
- oscrypto._mac._security.Security.SecTransformSetAttribute
- oscrypto._openssl._libcrypto.handle_openssl_error
- oscrypto._types.type_name
- oscrypto._win._advapi32.handle_error
- oscrypto.asymmetric.load_public_key