How to use the securesystemslib.formats.PASSWORD_SCHEMA.check_match function in securesystemslib
To help you get started, we’ve selected a few securesystemslib examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
secure-systems-lab / securesystemslib / tests / test_pycrypto_keys.py View on Github 
def test_create_rsa_public_and_private_from_pem(self):
global private_rsa
passphrase = 'pw'
# Generate the encrypted PEM string of 'private_rsa'.
pem_rsakey = securesystemslib.pycrypto_keys.create_rsa_encrypted_pem(private_rsa, passphrase)
# Check format of 'passphrase'.
self.assertEqual(None, securesystemslib.formats.PASSWORD_SCHEMA.check_match(passphrase),
FORMAT_ERROR_MSG)
# Decrypt 'pem_rsakey' and verify the decrypted object is properly
# formatted.
public_decrypted, private_decrypted = \
securesystemslib.pycrypto_keys.create_rsa_public_and_private_from_pem(pem_rsakey,
passphrase)
self.assertEqual(None,
securesystemslib.formats.PEMRSA_SCHEMA.check_match(public_decrypted),
FORMAT_ERROR_MSG)
self.assertEqual(None,
securesystemslib.formats.PEMRSA_SCHEMA.check_match(private_decrypted),
FORMAT_ERROR_MSG)
# Does 'public_decrypted' and 'private_decrypted' match the originals?The PyCrypto library called to perform the actual decryption of
'encrypted_key'. The key derivation data stored in 'encrypted_key' is used
to re-derive the encryption/decryption key.
The decrypted key object in 'securesystemslib.formats.ANYKEY_SCHEMA' format.
"""
# Do the arguments have the correct format?
# Ensure the arguments have the appropriate number of objects and object
# types, and that all dict keys are properly named.
# Raise 'securesystemslib.exceptions.FormatError' if the check fails.
securesystemslib.formats.ENCRYPTEDKEY_SCHEMA.check_match(encrypted_key)
# Does 'password' have the correct format?
securesystemslib.formats.PASSWORD_SCHEMA.check_match(password)
# Decrypt 'encrypted_key', using 'password' (and additional key derivation
# data like salts and password iterations) to re-derive the decryption key.
json_data = _decrypt(encrypted_key, password)
# Raise 'securesystemslib.exceptions.Error' if 'json_data' cannot be deserialized
# to a valid 'securesystemslib.formats.ANYKEY_SCHEMA' key object.
key_object = securesystemslib.util.load_json_string(json_data.decode())
return key_object
# If the caller does not provide a password argument, prompt for one.
if password is None: # pragma: no cover
# It is safe to specify the full path of 'filepath' in the prompt and not
# worry about leaking sensitive information about the key's location.
# However, care should be taken when including the full path in exceptions
# and log files.
password = get_password('Enter a password for the ECDSA'
' key (' + TERM_RED + filepath + TERM_RESET + '): ',
confirm=True)
else:
logger.debug('The password has been specified. Not prompting for one')
# Does 'password' have the correct format?
securesystemslib.formats.PASSWORD_SCHEMA.check_match(password)
# If the parent directory of filepath does not exist,
# create it (and all its parent directories, if necessary).
securesystemslib.util.ensure_parent_dir(filepath)
# Create a temporary file, write the contents of the public key, and move
# to final destination.
file_object = tempfile.TemporaryFile()
# Generate the ECDSA public key file contents in metadata format (i.e., does
# not include the keyid portion).
keytype = ecdsa_key['keytype']
keyval = ecdsa_key['keyval']
scheme = ecdsa_key['scheme']
ecdsakey_metadata_format = securesystemslib.keys.format_keyval_to_metadata(
keytype, scheme, keyval, private=False)None.
A string in PEM format, where the private RSA portion is encrypted.
Conforms to 'securesystemslib.formats.PEMECDSA_SCHEMA'.
"""
if not CRYPTO: # pragma: no cover
raise securesystemslib.exceptions.UnsupportedLibraryError(NO_CRYPTO_MSG)
# Does 'private_key' have the correct format?
# Raise 'securesystemslib.exceptions.FormatError' if the check fails.
securesystemslib.formats.PEMRSA_SCHEMA.check_match(private_pem)
# Does 'passphrase' have the correct format?
securesystemslib.formats.PASSWORD_SCHEMA.check_match(passphrase)
encrypted_pem = None
private = load_pem_private_key(private_pem.encode('utf-8'), password=None,
backend=default_backend())
encrypted_private_pem = \
private.private_bytes(encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=serialization.BestAvailableEncryption(passphrase.encode('utf-8')))
return encrypted_private_pem
None.
An encrypted string of the form:
'securesystemslib.formats.ENCRYPTEDKEY_SCHEMA'.
"""
# Does 'key_object' have the correct format?
# This check will ensure 'key_object' has the appropriate number
# of objects and object types, and that all dict keys are properly named.
# Raise 'securesystemslib.exceptions.FormatError' if the check fails.
securesystemslib.formats.ANYKEY_SCHEMA.check_match(key_object)
# Does 'password' have the correct format?
securesystemslib.formats.PASSWORD_SCHEMA.check_match(password)
# Encrypted string of 'key_object'. The encrypted string may be safely saved
# to a file and stored offline.
encrypted_key = None
# Generate an encrypted string of 'key_object' using AES-256-CTR-Mode, where
# 'password' is strengthened with PBKDF2-HMAC-SHA256.
encrypted_key = securesystemslib.rsa_keys.encrypt_key(key_object, password)
return encrypted_key
The pyca/cryptography is library called to perform the actual decryption
of 'encrypted_key'. The key derivation data stored in 'encrypted_key' is
used to re-derive the encryption/decryption key.
The decrypted key object in 'securesystemslib.formats.ANYKEY_SCHEMA' format.
"""
# Do the arguments have the correct format?
# Ensure the arguments have the appropriate number of objects and object
# types, and that all dict keys are properly named.
# Raise 'securesystemslib.exceptions.FormatError' if the check fails.
securesystemslib.formats.ENCRYPTEDKEY_SCHEMA.check_match(encrypted_key)
# Does 'password' have the correct format?
securesystemslib.formats.PASSWORD_SCHEMA.check_match(password)
# Decrypt 'encrypted_key', using 'password' (and additional key derivation
# data like salts and password iterations) to re-derive the decryption key.
json_data = _decrypt(encrypted_key, password)
# Raise 'securesystemslib.exceptions.Error' if 'json_data' cannot be
# deserialized to a valid 'securesystemslib.formats.ANYKEY_SCHEMA' key
# object.
key_object = securesystemslib.util.load_json_string(json_data.decode())
return key_object
None.
A key object of the form: 'securesystemslib.formats.ANYKEY_SCHEMA' (e.g.,
RSAKEY_SCHEMA, ED25519KEY_SCHEMA).
"""
# Does 'encrypted_key' have the correct format?
# This check ensures 'encrypted_key' has the appropriate number
# of objects and object types, and that all dict keys are properly named.
# Raise 'securesystemslib.exceptions.FormatError' if the check fails.
securesystemslib.formats.ENCRYPTEDKEY_SCHEMA.check_match(encrypted_key)
# Does 'passphrase' have the correct format?
securesystemslib.formats.PASSWORD_SCHEMA.check_match(passphrase)
# Store and return the decrypted key object.
key_object = None
# Decrypt 'encrypted_key' so that the original key object is restored.
# encrypt_key() generates an encrypted string of the key object using
# AES-256-CTR-Mode, where 'password' is strengthened with PBKDF2-HMAC-SHA256.
key_object = \
securesystemslib.rsa_keys.decrypt_key(encrypted_key, passphrase)
# The corresponding encrypt_key() encrypts and stores key objects in
# non-metadata format (i.e., original format of key object argument to
# encrypt_key()) prior to returning.
return key_object
# privatekey type)?
# If the caller does not provide a password argument, prompt for one.
# Password confirmation is disabled here, which should ideally happen only
# when creating encrypted key files.
if password is None: # pragma: no cover
# It is safe to specify the full path of 'filepath' in the prompt and not
# worry about leaking sensitive information about the key's location.
# However, care should be taken when including the full path in exceptions
# and log files.
password = securesystemslib.interface.get_password('Enter a password for'
' the encrypted key (' + Fore.RED + repr(keypath) + Fore.RESET + '): ',
confirm=False)
# Does 'password' have the correct format?
securesystemslib.formats.PASSWORD_SCHEMA.check_match(password)
# Store the encrypted contents of 'filepath' prior to calling the decryption
# routine.
encrypted_key = None
with open(keypath, 'rb') as file_object:
encrypted_key = file_object.read()
# Decrypt the loaded key file, calling the 'cryptography' library to generate
# the derived encryption key from 'password'. Raise
# 'securesystemslib.exceptions.CryptoError' if the decryption fails.
try:
key_object = securesystemslib.keys.decrypt_key(encrypted_key.decode('utf-8'),
password)securesystemslib
A library that provides cryptographic and general-purpose routines for Secure Systems Lab projects at NYU
Package Health Score
78 / 100Popular securesystemslib functions
- securesystemslib.exceptions
- securesystemslib.exceptions.CryptoError
- securesystemslib.exceptions.Error
- securesystemslib.exceptions.FormatError
- securesystemslib.exceptions.InvalidNameError
- securesystemslib.formats
- securesystemslib.formats.BOOLEAN_SCHEMA.check_match
- securesystemslib.formats.NAME_SCHEMA.check_match
- securesystemslib.formats.PASSWORD_SCHEMA.check_match
- securesystemslib.formats.PATH_SCHEMA.check_match
- securesystemslib.keys
- securesystemslib.schema
- securesystemslib.schema.AnyString
- securesystemslib.schema.Object
- securesystemslib.schema.Optional
- securesystemslib.schema.String
- securesystemslib.util
- securesystemslib.util.ensure_parent_dir
- securesystemslib.util.get_file_details
- securesystemslib.util.load_json_file