1

The question is asked repeatedly, but I am unable to get work done so posting again. I am shared a public key file, which is in format of

-----BEGIN CERTIFICATE----- XXXXXXXXXXXXXXXXXXXXXXX -----END CERTIFICATE-----

Using this file, in PHP I am able to perform decryption and obtain decoded message using openssl_public_decrypt(). Now I am trying to perform decryption process in Python. I have tried with: 

Crypto - gives 'valueerror: rsa key format is not supported' when RSA.importKey() is called.

python-rsa and M2Crypto also didn't help.

For M2Crypto I referred this link, but RSA.load_pub_key_bio(bio) line of code gives error.

Any help is really appreciated. Thank you.

Improve this question

1 Answer 1

Reset to default
1

You can do this with the cryptography library's hazmat layer (note that cryptography is now the back-end library used by pyOpenSSL; while pyOpenSSL is convenient for some uses, cryptography provides a much more complete OpenSSL binding as well as useful higher-level (safer, better) cryptographic primitives and bindings to other cryptographic libraries as well). Before you do, note that it's very easy to shoot yourself in the foot with the hazmat layer and the cryptography team won't apologize if you do.

You should be sure you understand what's going with these operations before you rely on the code to provide any kind of security. Also, if you control the full stack - from encryption to decryption - stop doing it this way. Use something like PGP instead.

>>> from cryptography.hazmat.backends import default_backend
>>> from cryptography.hazmat.primitives import serialization
>>> with open("key.pem") as key_file:
...     pkey = serialization.load_pem_private_key(key_file.read(), password=None, backend=default_backend())
... 
>>> from cryptography.hazmat.primitives.asymmetric import padding
>>> ciphertext = pkey.public_key().encrypt(b"asdasd", padding.PKCS1v15())
>>> print repr(ciphertext)
'*\xf3\x8e2T\x8f\x93\xae}\x18\x9f7\x00\xbcw\xbd$\x14\x9f6\x9a\xc3\xa1\xa8\xf3\xa5\xcc\xae\x89\x17]\x91\x1d\x85\xb0.\xf7&\x12w\x0ca\x1cN\xd2\x8f\xf5\xf7\xfe\x93\xfbL\x17#\xc6g\x1dj\x84\xc3ET\xd1\x92 \xd2u\xc7AF\xa9<4i`d\xdb\xc0%\xae\x06\xc4\xeeJsC\x06\x80\xc9* \x11\x99P\xdc\xa9S\xad\xe2\xe5L\x9f\x9f\x0c\x04\xef\x95\xd7:*\x06@\r|e\xcdL\xfe9\x80R\x82c\x00\xc0\x9as\xea'
>>> pkey.decrypt(ciphertext, padding.PKCS1v15())
'asdasd'
>>>
Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

Hi, Thank you for the answer. The reason for me replying this late after answered - I ran into issues while installing cryptography package, finally got it fixed, secondly in the code snippet that you provided, I am getting error as no module named serialization. I searched through package for this module but there were multiple serializers so was confused which one to use and they are not generic. It would be helpful if you update answer. And I am performing only Decryption. Only encrypted data is provided to me.
Oops sorry about he missing import! Added.
I am running into issues when the line pkey = serialization.load_pem_private_key(key_file.read(), password=None, backend=default_backend()) is executed, File "/usr/local/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.py", line 1325, in _handle_key_loading_error raise ValueError("Could not unserialize key data.")
In this line I am trying to read .pub file. So should it be something like serialization.load_pem_public_key() ?
It's pretty weird to have data encrypted with a private key. Such ciphertext can be decrypted by anyone with the public key. Which is usually ... anyone. The cryptography library does not provide decryption using a public key, as far as I know.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.