如何在PyCrypto中使用X509证书?
我想用PyCryptoencryptionpython中的一些数据。
但是,当我使用key = RSA.importKey(pubkey)时出现错误:
RSA key format is not supported
密钥是由以下产生的:
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout mycert.key -out mycert.pem
代码是:
def encrypt(data): pubkey = open('mycert.pem').read() key = RSA.importKey(pubkey) cipher = PKCS1_OAEP.new(key) return cipher.encrypt(data)
PyCrypto不支持X.509证书。 您必须先使用以下命令提取公钥:
openssl x509 -inform pem -in mycert.pem -pubkey -noout > publickey.pem
然后,您可以在publickey.pem上使用RSA.importKey 。
如果你不想或不能使用openssl,你可以拿PEM X.509证书,像这样用纯Python来完成:
from Crypto.Util.asn1 import DerSequence from Crypto.PublicKey import RSA from binascii import a2b_base64 # Convert from PEM to DER pem = open("mycert.pem").read() lines = pem.replace(" ",'').split() der = a2b_base64(''.join(lines[1:-1])) # Extract subjectPublicKeyInfo field from X.509 certificate (see RFC3280) cert = DerSequence() cert.decode(der) tbsCertificate = DerSequence() tbsCertificate.decode(cert[0]) subjectPublicKeyInfo = tbsCertificate[6] # Initialize RSA key rsa_key = RSA.importKey(subjectPublicKeyInfo)
这是一个很好的例子: https : //www.dlitz.net/software/pycrypto/api/2.6/Crypto.Cipher.PKCS1_OAEP-module.html
from Crypto.Cipher import PKCS1_OAEP from Crypto.PublicKey import RSA # sender side message = 'To be encrypted' key = RSA.importKey(open('pubkey.der').read()) cipher = PKCS1_OAEP.new(key) ciphertext = cipher.encrypt(message) # receiver side key = RSA.importKey(open('privkey.der').read()) cipher = PKCS1_OAP.new(key) message = cipher.decrypt(ciphertext)
