[pycrypto] How can I read a standard openssl private key with PyCrypto and decrypt with it?
wgheath at gmail.com
Wed Aug 19 11:06:26 CST 2009
I am looking for any way to do this on google app engine using any python
library. Do you have any ideas on that?
On Tue, Aug 18, 2009 at 8:26 PM, Dwayne C. Litzenberger <dlitz at dlitz.net>wrote:
> On Tue, Aug 18, 2009 at 06:07:53PM -0700, William Heath wrote:
> >I generated a private key with:
> > openssl.exe req -x509 -nodes -days 365 -newkey rsa:1024 -keyout
> >sdgidfedapp11.corp.intuit.net.key -out sdgidfedapp11.corp.intuit.net.crt
> >I can't figure out is how to use PyCrypto.RSA.construct with it
> >to decrypt something.
> >I am sure there is a way to do this with PyCrypto, anyone know how to do
> I am not aware of any simple way to do what you ask without using a
> separate library. PKCS#1 and X.509 are not implemented in PyCrypto, and as
> far as I understand, you would need both to do anything useful with such a
> At this time, PyCrypto's API for RSA is somewhat confusing: It only
> implements textbook RSA, so it's not really useful for anyone except other
> crypto library developers (e.g. Paramiko, Twisted, etc.). You might be
> able to use OpenSSL to generate hex values for each of the parameters, then
> parse the results and feed them to RSA.construct yourself using something
> like this:
> openssl rsa -text -in sdgidfedapp11.corp.intuit.net.key
> However, since PyCrypto lacks PKCS#1 support, if you aren't careful or if
> you don't know exactly what you are doing, you will probably expose your
> private key to compromise.
> If you want to do practical public-key work with X.509 today, you might
> want to check out other libraries like pycryptopp, Google Key Czar, and
> M2Crypto. Also, Paramiko (which depends on PyCrypto) might support at
> least reading those files, since IIRC they're also used for SSH private
> Please do remember that PyCrypto's current RSA functions are insecure if
> used directly. I would like to introduce a simple public key API at some
> point, but right now it doesn't exist.
> If you're doing any low-level work with RSA, you should at minimum, read
> and understand this overview paper:
> Also, as a side note, 1024-bit RSA keys are a little on the short side
> today. I would recommend nothing less than 2048 bits:
> Hope that helps.
> - Dwayne
> Dwayne C. Litzenberger <dlitz at dlitz.net>
> Key-signing key - 19E1 1FE8 B3CF F273 ED17 4A24 928C EC13 39C2 5CF7
> pycrypto mailing list
> pycrypto at lists.dlitz.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the pycrypto