Menu
I have been able to create a RSA key protected by password with DES3 (well... I think because I'm very new to this encryption world) by using the command:
openssl genrsa -out "/tmp/myKey.pem" -passout pass:"f00bar" -des3 2048
Now, I would like to do that inside a Python script, using PyCrypto, if possible. I have seen this message, which seems to discourage the use of PyCrypto to do that. Is it still like that?
Of course I can always call os.execute, and execute the above command, but I'd consider that "cheating" :-). I'm pretty much doing this to learn PyCrypto.
Thank you in advance.
831
Creating an Encrypted PEM Encoded RSA Key Pair We will use the PEM encoding for our key pair and produce the required bytes for our PEM encoded public and private keys. Take note of us passing the bytes for our private key password when calling private_key. private_bytes .
LoadPem. Loads the private key from an in-memory PEM string. If the PEM contains an encrypted private key, then the LoadEncryptedPem method should instead be called. This method is for loading an unencrypted private key stored in PEM using PKCS#1 or PKCS#8.
Starting from PyCrypto 2.5 you can export an RSA private key and have it protected under a passphrase. A Triple DES key is internally derived from the passphrase and used to perform the actual encryption.
For instance:
from Crypto import RSA
from Crypto import Random
random_generator = Random.new().read
key = RSA.generate(1024, random_generator)
exportedKey = key.exportKey('PEM', 'my secret', pkcs=1)
The variable exportedKey contains an ASCII version (PEM) of the key, encoded according to PKCS#1 (a cryptographic standard. Another option is pkcs=8 for - guess what - PKCS#8). Since the result is standard, you can use it with several other programs, including openssl.
And of course, you can also re-import it back into python via PyCrypto!
The exportKey method is documented here.
80
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
