How do I read BouncingCastle PGP key and decrypt message using Python.?
This private key is generated using GoAnywhere OpenPGP Studio, password is Test#123
Below is the key blob and the error I'm getting. I'm getting same error when I read from file(.asc) as well
test_key_pvt = """-----BEGIN PGP PRIVATE KEY BLOCK-----
Version: BCPG v1.48
lQO0BGJpFmIBCACDfQVAmS1pIH0Noiy3vBDPHvrTmIZseGzRwzJ1hs7jx4Mh3r3f
WFrYKyfeF9niJQCBBfQjukx+f9BxbhZNyZb3PMH36gzI3yLNCVQcv8IMSsa1nvmV
wBtwzVu65RZ9M6Uc20mUHuHtB5tr8h4VRwTfZoUolp8KnvQqLz1QsDiCulHV70QO
gXs6JA3YtXUQAkf3+6HqTxF7PdfX9M7loKwJyglw0R+TQ6QWJzMh7HGhW08y77aV
fbGGJWkpT50ubM8sFOyIijp/IKNW+n9PO5XpcJq26Yo2Q37wVsoOQtw01UdK2Ld5
VRhb/tQINLj4CzPVTbzSr0bczlyUP1n9pp4dABEBAAH/CQMCEZNEmlxewwJg5RN0
osxAk8hgjgar7Qlxgb3WVsz1lY0+DDEX1m//D70YVYoU3zdfNVn5/VPbxElTEm5l
Zo+ZQu6ZRGYo1f3IaovWQzJDEgSIEZupcRB/YF5cWwYRQZdsfEzobcbMhsggqv7H
QJyOY7AW7WzLr03QVFpk9k+hYWaSAYM5oO+k0WKAS6U5n7E5TS7SJ99W/o4oWHm/
QIgj/0tA7AKicEZcQtLR7BqsjZhwr75jKXhnEsi0EhsaWtOrqpUYdmv8H9b2Z/pa
1b2H/2/ESk3Q0nPb8oOCxijMInbCRTb+/9+fI1r09X2Gbo6ojblXpv+ECS+f04L/
I+2mpluCkwutvfDRtpxFOKm23yJWR8GwZYjF4jFBxNvW+hRdgS9NqeRcZELM3tet
RHGYTyTTyAZmS+ZqSIy8BY7O4VjgieR64SEynIleTG05tvgwQ/GnkUYDSf5xVwbY
TvU57+Lr6QngkZuANDmwp67iR1OU0rDNYuhCz9R04VY/veqLyhtrcyfXSs2AS7u/
PHDv3dxoCzr4xWIWDHqzKm9ZeomVKcRqPUbFAHM+HwrI7j3mKkuF+2RKpJ5GbNJQ
GqVkQCeu8Qm2BJ011WCXn+Ns6YKaqOaQ6UbZIblU127iVngCk3C2bTfJbiKpnMzr
lHwZ9oK/5XIfaieMGs0gU1i8Gjsb85POUROgmKt2Y3JzKAugnkM4iobeYQG5fbFF
cPaJhOYR2HCnz1KZ8Dm6wnHNukwBv0ShJO0Gh2zF6D722DGE5c14U7sERWVochYG
V99SU6izT8//2UfdItcIEe/DUa/6YfAmFFjov0OUiqEQZUGN5g09chnCnv8UIIpn
IwefzTrRT1mGDuufYC0d1SN+0r/u6yfjLeNY3NOW2w2y07/NzxXytDBUZXN0IEtl
eSA8aGFyaWhhcmFuLnNvdW5kYXJhcmFqYW5AZXBpc291cmNlLmNvbT6JAToEEwEC
ACQFAmJpFmIFCTXx0IAKCwcICQQDBgUCCggVBQEDAggJCgMWAQIACgkQil14if+I
VL/bngf8CbC1kyKPl8YOg9RQaIK1D9jYR4PKPtlYoUtWJI6SNHRlvlXmtlMmlPy1
BNzLhSNr2hHkT8K/HxKjc26ynn9UKMXDjqIrarFemJPHqj7JRtWSI6nGDL222htL
8ZxwJgpvrdDqTfgYIHtFEANEnrNkQbQfy+hw6PP+ipulNJC8dOjXSzULIQwlV/Dn
R70d7/O5WY4aqgcRHpl1YAoElZA3H513RsKy29K1+jU5j9Ap1R/P0V018BPDoUk0
1Vc8WmmbPZwnV3qP8gKMxyRVrH5JK78/bkptYyukpynxa8u5K6LHlHJxM9jo3W1d
tXajvzAFYhGzHjjocfzGPlwHaAgH8J0DtARiaRZiAQgAoskj/HUeX9VuHQ23w1CL
bTX+UXjdfm3U7tUZvu1z8zdzBOR+pOR3bAsJQMf/xFbOKySzPlAyF+/fst/AxzvU
R7SoeGz5JyVZ3BB45XAAy20bjP/A2VWKtOyy5GC8NqVT29Jojl4GyuPgWLzFAEJq
IToAzZs1hKBZzzCYQWqEH7b15jdQ4dAoz5I0t4WVJyDqaDFbwTmelOqaS85raik5
D/YF8W45rdVQazSZuuzisNLHSGgyBhq31zG5DtNEB/vOqtmBl87fdBl0OkpeutUf
oV47mkuU5CCxgwKNe/SXRqF2pe1rr8R79+f8DULhbSBkOfcZJz/tQ+3XpyidGwqo
4wARAQAB/wkDAhGTRJpcXsMCYFzXUbjbHUDneF6t5DibAmYCPqwmB5vddNdiy+J4
84ll7v6/mrhTXV64BB1pzAulhNsm+cgDIKKDBe+/4n17iplhkaOyzLr2NUIf5CAS
Bkn54+m131CjvroyL9AlN65NJ9pKG5LMrwUlsj4UI928NsxMTuhnTHx+zmbZGhsQ
IuaMiOQpYaCS4JEERdkfv5WVY7GagE/QV8ciI8sFU9FdIwZ3m0jypA8rtAauDsZY
5g//RCAObRU6E0G2ilYlKubzcSEhVIL6mnP6Edp5XsK+aURn0mYolR3MwRX83a46
Z3h1kQcRwDV4oqLZzKPAnEuy9Yeb6rZh885MfQ/v3Zhc2va+jRp2YMNQEEKfwqH6
L3B3X+nxJvDv6W0n4aJc09cEsTnIOXfQULWa/Zu1PKlrRfLbHyRkjLvzD7/Sr2bk
nCVlU/czh4Hlnbo7VI65HnWZdl3Re1TpCouN7qUaFwDXRUSqIGPt1p4nvuWIyg8i
jjg++YSh73qic/Uwi08sg4rWU4QABHM8yU+/AkarxkPYz+JKXvs0uFa4RfCEyoFL
sw4kyt+IQCrn0HpB9jDCOKQ9q80qnjRvwXlkZjmMxo22l6bzMbDoZVhdm5FVI0qF
VZF2aOGhUsaM7sNBscJY1R7egAfqxbwPP9jSR7mUBkGfJ9QAc4a0CG08zntwijw1
pq8DWTl3bUM9fBPru2pTw1fBfPf77s/4B3G3JGdxjLHbmumn1DLKLZdmgrOn1S7u
b9CJjhHwdXFidHP5jrYwKJTWs/WrKk2mgGObHnwBS/umg/VUzgSEZ24cOxcsN3qq
A+wV0RDB2jzspvpWXS7vZuT8SsG/1anJpmMc5LcfHceylDwnWzfqcil1Ao8xchfk
5P+hFRd8ovMVhQtjw4kBOgQYAQIAJAUCYmkWYwUJNfHQgAoLBwgJBAMGBQIKCBUF
AQMCCAkKAxYBAgAKCRCKXXiJ/4hUv4BXB/9TvEACvynQ5SQ9EncBQS9eF4haGYry
jyTaVuRD+o/nMzdKasUkzwe5YQkMWnPVWEByV+/AlbcUQfHIL35HXXBOFrn3xIcc
v9GfABOUDR24jcIVhgf8sBvw/IxRrxSWl7Oh/X9bjzjePYFuWf2uv6bFDlIIJqHM
hj+kQrEyX0BEO/sXX+GhgsP1+eWTu3BUXeHh3+2ORX+r25HHv6gQfJ4PRlnVC7/D
R/8mGRxir5S5NZA3mRZBQIp57IVTFGfXcNZf2OuYTcvvmYX/OJEF1h/1nMokKcx0
5i2TpPiI8cFnVJWrc+g5ULiTgZ3/6V0tg8tSNzO8r6qTV1tTz0au/uH/mQENBGJp
FmIBCACDfQVAmS1pIH0Noiy3vBDPHvrTmIZseGzRwzJ1hs7jx4Mh3r3fWFrYKyfe
F9niJQCBBfQjukx+f9BxbhZNyZb3PMH36gzI3yLNCVQcv8IMSsa1nvmVwBtwzVu6
5RZ9M6Uc20mUHuHtB5tr8h4VRwTfZoUolp8KnvQqLz1QsDiCulHV70QOgXs6JA3Y
tXUQAkf3+6HqTxF7PdfX9M7loKwJyglw0R+TQ6QWJzMh7HGhW08y77aVfbGGJWkp
T50ubM8sFOyIijp/IKNW+n9PO5XpcJq26Yo2Q37wVsoOQtw01UdK2Ld5VRhb/tQI
NLj4CzPVTbzSr0bczlyUP1n9pp4dABEBAAG0MFRlc3QgS2V5IDxoYXJpaGFyYW4u
c291bmRhcmFyYWphbkBlcGlzb3VyY2UuY29tPokBOgQTAQIAJAUCYmkWYgUJNfHQ
gAoLBwgJBAMGBQIKCBUFAQMCCAkKAxYBAgAKCRCKXXiJ/4hUv9ueB/wJsLWTIo+X
xg6D1FBogrUP2NhHg8o+2VihS1YkjpI0dGW+Vea2UyaU/LUE3MuFI2vaEeRPwr8f
EqNzbrKef1QoxcOOoitqsV6Yk8eqPslG1ZIjqcYMvbbaG0vxnHAmCm+t0OpN+Bgg
e0UQA0Ses2RBtB/L6HDo8/6Km6U0kLx06NdLNQshDCVX8OdHvR3v87lZjhqqBxEe
mXVgCgSVkDcfnXdGwrLb0rX6NTmP0CnVH8/RXTXwE8OhSTTVVzxaaZs9nCdXeo/y
AozHJFWsfkkrvz9uSm1jK6SnKfFry7kroseUcnEz2OjdbV21dqO/MAViEbMeOOhx
/MY+XAdoCAfwuQENBGJpFmIBCACiySP8dR5f1W4dDbfDUIttNf5ReN1+bdTu1Rm+
7XPzN3ME5H6k5HdsCwlAx//EVs4rJLM+UDIX79+y38DHO9RHtKh4bPknJVncEHjl
cADLbRuM/8DZVYq07LLkYLw2pVPb0miOXgbK4+BYvMUAQmohOgDNmzWEoFnPMJhB
aoQftvXmN1Dh0CjPkjS3hZUnIOpoMVvBOZ6U6ppLzmtqKTkP9gXxbjmt1VBrNJm6
7OKw0sdIaDIGGrfXMbkO00QH+86q2YGXzt90GXQ6Sl661R+hXjuaS5TkILGDAo17
9JdGoXal7WuvxHv35/wNQuFtIGQ59xknP+1D7denKJ0bCqjjABEBAAGJAToEGAEC
ACQFAmJpFmMFCTXx0IAKCwcICQQDBgUCCggVBQEDAggJCgMWAQIACgkQil14if+I
VL+AVwf/U7xAAr8p0OUkPRJ3AUEvXheIWhmK8o8k2lbkQ/qP5zM3SmrFJM8HuWEJ
DFpz1VhAclfvwJW3FEHxyC9+R11wTha598SHHL/RnwATlA0duI3CFYYH/LAb8PyM
Ua8Ulpezof1/W4843j2Bbln9rr+mxQ5SCCahzIY/pEKxMl9ARDv7F1/hoYLD9fnl
k7twVF3h4d/tjkV/q9uRx7+oEHyeD0ZZ1Qu/w0f/JhkcYq+UuTWQN5kWQUCKeeyF
UxRn13DWX9jrmE3L75mF/ziRBdYf9ZzKJCnMdOYtk6T4iPHBZ1SVq3PoOVC4k4Gd
/+ldLYPLUjczvK+qk1dbU89Grv7h/w==
=Uo6i
-----END PGP PRIVATE KEY BLOCK-----
"""
pvt_key, _ = pgpy.PGPKey.from_blob(test_key_pvt)
Error: pgpy.errors.PGPError: 6 is not a valid SymmetricKeyAlgorithm
Another error for different key: pgpy.errors.PGPError: 112 is not a valid CompressionAlgorithm
Not able to arrive at any solution, I'm trying to automate a very small transfer and its really annoying that I'm not able to find anything for this in python. PGPY library doesn't have a lot of documentation.
TIA
Related
I have a kafka message that was encrypted on java with the following code:
private String decryptedMessage(String key, String encryptedMessage) throws NoSuchAlgorithmException, InvalidKeySpecException, ParseException, JOSEException {
PrivateKey privateKey = <some way to generate a private key from key>;
JWEDecrypter decrypter = new RSADecrypter(privateKey);
JWEObject decryptedJweObj = JWEObject.parse(encryptedMessage);
decryptedJweObj.decrypt(decrypter);
return decryptedJweObj.getPayload().toJSONObject().toJSONString();
}
Now I'm trying to decode it using python on a decoded message where I already know the private key.
I tried using jwcrypto (since I'm using python3 and jeso is only for 2.x) using this code like in their documents, but it didn't work:
enc = '<encrypted message>'
private = '<private key>'
jwetoken = jwe.JWE()
jwetoken.deserialize(enc, key=private_key)
payload = jwetoken.payload
And I get this error code: jwcrypto.jwe.InvalidJWEData: No recipient matched the provided key["Failed: [ValueError('key is not a JWK object',)]"] I tried looking for a way to make the private key a JWK object but couldn't find one.
I know my message is JWE since it's split by 4 dots and when I base64 decode the first part I get this json: b'{"alg":"RSA-OAEP-256","enc":"A256GCM","kid":"<some key id>"}'
So I'm kind of stuck on how to decode my message.
Decrypted string: {"value":"Object Encryption"}
Encrypted string:
eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMiOiJBMjU2R0NNIiwia2lkIjoiYjFhOWVmNzAtYjQ4Yy00YzdiLWI0ZTQtODU2YzQyNGIyYzZlIn0.XzLgQTzESD7mg-DtiwFaOQQIfJjQOox5Efbq3Cn8n4H0OZUNvNFWuLr2gPH4WqhWZFYvYh6Mx3--bKiYA_kGplPaJUdPfuYx3OgOug9fuYMrZesE-9stJFd4TnQOJcrTfehJkI_QKPqfWgbEgh1Zn8r7DuIBbABmNK4OHa0edwUA0Lu4mUxzRW6UPaNdWtfEGL9ZVR4lzUx6QX6nweKdbi8tkDnQrSNcQ4eZKIn8mVl5rL3s-qa2VC1Zvo4R-eA4jTKs6WQrkPChJkfoECcYcLx7SIHdxP6VB9DAhW-TwRizr5OZUVLLLH3UEOF77Rtc6MLL4Al5mo29sE-E1faywQ.R1QE-zY29Ed7yfqX.-soXsfltkJL0AXk_q5tPn9hagCBG_1c03VKdh2A.-oteTYv0SHzE4yBmZlterg
Decryption key (need to decode with base64):
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQChyho54VxOGYDxrN2pjM8/pA94kcqlMNZ0NSIoSHhasAm72X66XN9GI2IapQETy7+gNBKBWszWn4JsNuAbLLNp5zeTlmzHp09ee4L+g8s/NIKMwA5Mgx9wGu2Hi0foh0pErAMKQV6CLBJUfB5JUu9PX2MED7Z2XGG0RYClSMEO8L7iHXm1ooCr83rU/U5xXwpuTrp4L9nYD9eB6EptCgOWEi98lq5oeQXNyWfti3/gckathUi8WINlI+5/fPv7ZWd9Z60VXAVfb5u861/erIhEIJRkqbDXc/ULAQsAeEKVYzHpStM9In30mQdp6EdY48imZiHj1GNgPvY+MD3wPmdTAgMBAAECggEAE3IcJtrMYmK0WdfiKI/RFSAd7+ruBV7SV9NPELJtLNE9ykNA9RtWhrKYBwXQFFYH6TR5CO0l86HmZiVOWFXOFquAxY9t8a1NX9jOjNLAag9gpZQr48xayfmilQkLkoo4Rfq6vs/OkSzE4zyr0zpRoyOe3g0ZbC58W9OCu9r7wVTDV+KKE8ChU39Ae8HLfMEQXWSIUqxbrpw+mLeFX1qh5ILNBDA9M6vD+JuoiuIZltW4djnlU4hxYPVwTyuPBCQ3AwJsRGcddfxWTI+kIm2/6k8HzhdpB1ajBrZX/XVeXAp7VlvyHzBZ5ri1NDpr/Cyh6o2ysdB8qGCnlDcsNHLl+QKBgQDTORonO1FrIAo2VnsQS0Lq6EdxRzzP9q9mHttJNJK5eEXP7sNSdTDrudk4tpr3zvXtK4b+4SiCDriA5VTJHhdGF3wwqhR76XT3gLoXZLGYlx+4RvMbuIFDGkUee+39T2//MztEZgt3TM3LcBFEjTRV8gzpFJsj8wea3E4B8lOEZQKBgQDEFkfdgIBNu/3wH+z2uq40kYlkMRb4wQq8CjmwXYxGu1WR3SYn2zNQTsZR6BtiHFzx/37W279dO87u9rAbNuY5V9VYQKjxZD2lidYQ/0w07kO1PhNuISLpqn2AbiLczlLluX8dHpLpb5UG+JWlqih5VBCDFktmVUlMVteHPa21VwKBgCkpEHqiqYwJk1PhaFvVfrXOC9X8PtJ7zNRGoQ7T6t+vm1MYwQE5iw30imrt0qcFspDEEatrbvxhJ/0eM3Z5oalr/CxziEhZRwzQDfNvENieYnUDhm5Zdv7/iIaXOdpJ95YwgpUimYtm8Rd6wDKunYs9/twQwuavfkTkN2NTuIitAoGBAJu0NYylpTwUsyghscCZrAsCJd7xPBR69VMrq3NoVSM1TlVtDgdIAA8c/k27yUK20vc2sjladTJLc549NMnnZhjSrg5OCdjkiC8SrHECyDifmhQpHrSsi1SQlOeOjRBYpWrVSSKOTIogmG3YprvNyiXNou70nRq9Tl7X9nzldTIxAoGBAJ3qo/epO7xAs6Vhp+8na0Tv93Ji2kCvA14iOE+P08saldspB4NEVitGahuvrTx8CKDyL1PDH5X1MTabvI/LYw6k/gnzOhSX3MTP3qMepNEq1A5chvMJHhMS72/tAPKIXux+AgDkSvq8+G02DFWDpF9bcBoINL/89wOUcEfOQty0
The posted encrypted token can be decrypted with the posted RSA key and the Python library JWCrypto. Maybe it doesn't work for you because of a key import bug.
The posted RSA key is a DER encoded PKCS#8 key (Base64 encoded). JWCrypto does not support this encoding directly, but only the PEM encoding, which is not too bad, because the conversion from DER to PEM is trivial: The Base64 string must be formatted (line break after every 64 characters) and the header (-----BEGIN PRIVATE KEY-----) and footer (-----END PRIVATE KEY-----) must be added each in a separate line.
Alternatively, the key can be converted to a JWK and imported in this format.
The following Python code shows these two variants based on the posted data. For this the JWK was derived with online tools from the posted PKCS#8 key:
pkcs8pem = b'''-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQChyho54VxOGYDx
rN2pjM8/pA94kcqlMNZ0NSIoSHhasAm72X66XN9GI2IapQETy7+gNBKBWszWn4Js
NuAbLLNp5zeTlmzHp09ee4L+g8s/NIKMwA5Mgx9wGu2Hi0foh0pErAMKQV6CLBJU
fB5JUu9PX2MED7Z2XGG0RYClSMEO8L7iHXm1ooCr83rU/U5xXwpuTrp4L9nYD9eB
6EptCgOWEi98lq5oeQXNyWfti3/gckathUi8WINlI+5/fPv7ZWd9Z60VXAVfb5u8
61/erIhEIJRkqbDXc/ULAQsAeEKVYzHpStM9In30mQdp6EdY48imZiHj1GNgPvY+
MD3wPmdTAgMBAAECggEAE3IcJtrMYmK0WdfiKI/RFSAd7+ruBV7SV9NPELJtLNE9
ykNA9RtWhrKYBwXQFFYH6TR5CO0l86HmZiVOWFXOFquAxY9t8a1NX9jOjNLAag9g
pZQr48xayfmilQkLkoo4Rfq6vs/OkSzE4zyr0zpRoyOe3g0ZbC58W9OCu9r7wVTD
V+KKE8ChU39Ae8HLfMEQXWSIUqxbrpw+mLeFX1qh5ILNBDA9M6vD+JuoiuIZltW4
djnlU4hxYPVwTyuPBCQ3AwJsRGcddfxWTI+kIm2/6k8HzhdpB1ajBrZX/XVeXAp7
VlvyHzBZ5ri1NDpr/Cyh6o2ysdB8qGCnlDcsNHLl+QKBgQDTORonO1FrIAo2VnsQ
S0Lq6EdxRzzP9q9mHttJNJK5eEXP7sNSdTDrudk4tpr3zvXtK4b+4SiCDriA5VTJ
HhdGF3wwqhR76XT3gLoXZLGYlx+4RvMbuIFDGkUee+39T2//MztEZgt3TM3LcBFE
jTRV8gzpFJsj8wea3E4B8lOEZQKBgQDEFkfdgIBNu/3wH+z2uq40kYlkMRb4wQq8
CjmwXYxGu1WR3SYn2zNQTsZR6BtiHFzx/37W279dO87u9rAbNuY5V9VYQKjxZD2l
idYQ/0w07kO1PhNuISLpqn2AbiLczlLluX8dHpLpb5UG+JWlqih5VBCDFktmVUlM
VteHPa21VwKBgCkpEHqiqYwJk1PhaFvVfrXOC9X8PtJ7zNRGoQ7T6t+vm1MYwQE5
iw30imrt0qcFspDEEatrbvxhJ/0eM3Z5oalr/CxziEhZRwzQDfNvENieYnUDhm5Z
dv7/iIaXOdpJ95YwgpUimYtm8Rd6wDKunYs9/twQwuavfkTkN2NTuIitAoGBAJu0
NYylpTwUsyghscCZrAsCJd7xPBR69VMrq3NoVSM1TlVtDgdIAA8c/k27yUK20vc2
sjladTJLc549NMnnZhjSrg5OCdjkiC8SrHECyDifmhQpHrSsi1SQlOeOjRBYpWrV
SSKOTIogmG3YprvNyiXNou70nRq9Tl7X9nzldTIxAoGBAJ3qo/epO7xAs6Vhp+8n
a0Tv93Ji2kCvA14iOE+P08saldspB4NEVitGahuvrTx8CKDyL1PDH5X1MTabvI/L
Yw6k/gnzOhSX3MTP3qMepNEq1A5chvMJHhMS72/tAPKIXux+AgDkSvq8+G02DFWD
pF9bcBoINL/89wOUcEfOQty0
-----END PRIVATE KEY-----'''
jwkey = {"p":"0zkaJztRayAKNlZ7EEtC6uhHcUc8z_avZh7bSTSSuXhFz-7DUnUw67nZOLaa98717SuG_uEogg64gOVUyR4XRhd8MKoUe-l094C6F2SxmJcfuEbzG7iBQxpFHnvt_U9v_zM7RGYLd0zNy3ARRI00VfIM6RSbI_MHmtxOAfJThGU","kty":"RSA","q":"xBZH3YCATbv98B_s9rquNJGJZDEW-MEKvAo5sF2MRrtVkd0mJ9szUE7GUegbYhxc8f9-1tu_XTvO7vawGzbmOVfVWECo8WQ9pYnWEP9MNO5DtT4TbiEi6ap9gG4i3M5S5bl_HR6S6W-VBviVpaooeVQQgxZLZlVJTFbXhz2ttVc","d":"E3IcJtrMYmK0WdfiKI_RFSAd7-ruBV7SV9NPELJtLNE9ykNA9RtWhrKYBwXQFFYH6TR5CO0l86HmZiVOWFXOFquAxY9t8a1NX9jOjNLAag9gpZQr48xayfmilQkLkoo4Rfq6vs_OkSzE4zyr0zpRoyOe3g0ZbC58W9OCu9r7wVTDV-KKE8ChU39Ae8HLfMEQXWSIUqxbrpw-mLeFX1qh5ILNBDA9M6vD-JuoiuIZltW4djnlU4hxYPVwTyuPBCQ3AwJsRGcddfxWTI-kIm2_6k8HzhdpB1ajBrZX_XVeXAp7VlvyHzBZ5ri1NDpr_Cyh6o2ysdB8qGCnlDcsNHLl-Q","e":"AQAB","kid":"79635991-092f-4576-a23a-4cbab618e8a8","qi":"neqj96k7vECzpWGn7ydrRO_3cmLaQK8DXiI4T4_TyxqV2ykHg0RWK0ZqG6-tPHwIoPIvU8MflfUxNpu8j8tjDqT-CfM6FJfcxM_eox6k0SrUDlyG8wkeExLvb-0A8ohe7H4CAORK-rz4bTYMVYOkX1twGgg0v_z3A5RwR85C3LQ","dp":"KSkQeqKpjAmTU-FoW9V-tc4L1fw-0nvM1EahDtPq36-bUxjBATmLDfSKau3SpwWykMQRq2tu_GEn_R4zdnmhqWv8LHOISFlHDNAN828Q2J5idQOGbll2_v-Ihpc52kn3ljCClSKZi2bxF3rAMq6diz3-3BDC5q9-ROQ3Y1O4iK0","dq":"m7Q1jKWlPBSzKCGxwJmsCwIl3vE8FHr1Uyurc2hVIzVOVW0OB0gADxz-TbvJQrbS9zayOVp1Mktznj00yedmGNKuDk4J2OSILxKscQLIOJ-aFCketKyLVJCU546NEFilatVJIo5MiiCYbdimu83KJc2i7vSdGr1OXtf2fOV1MjE","n":"ocoaOeFcThmA8azdqYzPP6QPeJHKpTDWdDUiKEh4WrAJu9l-ulzfRiNiGqUBE8u_oDQSgVrM1p-CbDbgGyyzaec3k5Zsx6dPXnuC_oPLPzSCjMAOTIMfcBrth4tH6IdKRKwDCkFegiwSVHweSVLvT19jBA-2dlxhtEWApUjBDvC-4h15taKAq_N61P1OcV8Kbk66eC_Z2A_XgehKbQoDlhIvfJauaHkFzcln7Yt_4HJGrYVIvFiDZSPuf3z7-2VnfWetFVwFX2-bvOtf3qyIRCCUZKmw13P1CwELAHhClWMx6UrTPSJ99JkHaehHWOPIpmYh49RjYD72PjA98D5nUw"}
enc = 'eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMiOiJBMjU2R0NNIiwia2lkIjoiYjFhOWVmNzAtYjQ4Yy00YzdiLWI0ZTQtODU2YzQyNGIyYzZlIn0.XzLgQTzESD7mg-DtiwFaOQQIfJjQOox5Efbq3Cn8n4H0OZUNvNFWuLr2gPH4WqhWZFYvYh6Mx3--bKiYA_kGplPaJUdPfuYx3OgOug9fuYMrZesE-9stJFd4TnQOJcrTfehJkI_QKPqfWgbEgh1Zn8r7DuIBbABmNK4OHa0edwUA0Lu4mUxzRW6UPaNdWtfEGL9ZVR4lzUx6QX6nweKdbi8tkDnQrSNcQ4eZKIn8mVl5rL3s-qa2VC1Zvo4R-eA4jTKs6WQrkPChJkfoECcYcLx7SIHdxP6VB9DAhW-TwRizr5OZUVLLLH3UEOF77Rtc6MLL4Al5mo29sE-E1faywQ.R1QE-zY29Ed7yfqX.-soXsfltkJL0AXk_q5tPn9hagCBG_1c03VKdh2A.-oteTYv0SHzE4yBmZlterg'
from jwcrypto import jwk, jwe
# Import of a PEM encoded PKCS#8 key
private_key = jwk.JWK.from_pem(pkcs8pem)
jwetoken = jwe.JWE()
jwetoken.deserialize(enc, key=private_key)
payload = jwetoken.payload
print(payload.decode('utf-8'))
# Import of a JWK
private_key = jwk.JWK(**jwkey)
jwetoken = jwe.JWE()
jwetoken.deserialize(enc, key=private_key)
payload = jwetoken.payload
print(payload.decode('utf-8'))
with the output:
{"value":"Object Encryption"}
{"value":"Object Encryption"}
I am getting ValueError("Expected: ASCII-armored PGP data") when using pgp_key.from_blob(key_string) when trying to parse the key.
pgp_key = pgpy.PGPKey()
key = pgp_key.from_blob(key_string);
I tried using parse method as well but getting the same error.
I fixed this error by:
With your key as a file, run base64 /path/to/file_name new_encoded_file_name
Put your encoded key in your desired place (AWS Secrets Manager in my case)
Within your program, add the following line BEFORE getting your pgp key:
key_string = base64.decode(key_string)
Now key = pgp_key.from_blob(key_string) will no longer throw an error as the decoded string will be an ASCII-armored bytearray.
I want to make RSA encryption with private key (not normal signing), but PyCryptodome seems not be able to do it.
The reason I need to do it with private key is, I need to get the same results as from a Java program not written by me, which wrongly uses javax.crypto.Cipher and private key to sign messages...
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.spec.PKCS8EncodedKeySpec;
import javax.crypto.Cipher;
...
String deviceKey = "MIIEvgIBADANBgkqhkiG9w0BAQEFAASC...";
PKCS8EncodedKeySpec localPKCS8EncodedKeySpec = new PKCS8EncodedKeySpec(Base64.decode(deviceKey).getBytes("UTF-8"));
PrivateKey localPrivateKey = KeyFactory.getInstance("RSA").generatePrivate(localPKCS8EncodedKeySpec);
byte[] hash = MessageDigest.getInstance("SHA-256").digest("test".getBytes());
Cipher localCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
localCipher.init(Cipher.ENCRYPT_MODE, localPrivateKey);
String sign = new String(Base64.encode(localCipher.doFinal(hash)));
from Crypto.PublicKey import RSA
from Crypto.Cipher import PKCS1_v1_5
from Crypto.Hash import SHA256
...
deviceKey = 'MIIEvgIBADANBgkqhkiG9w0BAQEFAASC...'
privateKey = RSA.importKey(deviceKey)
hash = SHA256.new('test'.encode()).digest()
signer = PKCS1_v1_5.new(privateKey)
sign = b64encode(signer.encrypt(hash))
Result of the Java program:
Hash: 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
Sign: k8y6zMfl0KVuQWWOmRxieXF1aH0dpVUX......(always the same)
Result of my Python script:
Hash: 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
Sign: GfLVqZDnu5aLHHbi0tM5OtCBEVKKRcjW......(it changes every time)
You don't use private keys to encrypt data.
A private key can sign data, which can be verified by the matching public key.
A public key can encrypt data, which can be decrypted by the matching private key.
If what you really want is to sign your hash, instead of using the encrypt function, you should use the sign function.
So, instead of
from Crypto.Cipher import PKCS1_v1_5
PKCS1_v1_5.new(privateKey).encrypt(hash)
you might want to try
from Crypto.Signature import pkcs1_15
pkcs1_15.new(privateKey).sign(hash)
I wrote a little blog post about signing/verifying using pycryptodome, if you want to take a look.
I want to generate a private , public key pair and put them into private.key and public.key files respectively.
I have the following code.
from OpenSSL import crypto, SSL
def gen_rsa_key_pair():
k = crypto.PKey()
k.generate_key(crypto.TYPE_RSA, 1024)
open("Priv.key", "wt").write(crypto.dump_privatekey(crypto.FILETYPE_PEM, k))
crypto.dump_publickey() is not available.
How do I dump public key to a file?
The OpenSSL functions to print the public RSA key do not seem to be exported by the Python OpenSSL wrapper. By accessing the internals of the crypto module, you could still do it yourself (assuming that you have this package installed locally), as this code snippet shows:
>>> bio = crypto._new_mem_buf()
>>> rsa = crypto._lib.EVP_PKEY_get1_RSA(k._pkey)
>>> crypto._lib.PEM_write_bio_RSAPublicKey(bio, rsa)
1
>>> s = crypto._bio_to_string(bio)
>>> print(s)
-----BEGIN RSA PUBLIC KEY-----
MIGJAoGBANF1gYh10F8HTQdM6+bkwAwJ0Md6bMciKbP3qS6KTki3v3m+cM17Szqq
Mp4xxWbvnS2oeotYfn8eaZg0QUTOVDd1F7tuOxVEdvQ9ZEp1aeOCRU3b9QZSmVfg
wJrqDG3f149mNdexI12plwaxyt6odonv6+fEQJrbhrV/nIA8N/EFAgMBAAE=
-----END RSA PUBLIC KEY-----
This is just for illustration purposes. A proper solution should be added to the crypto module itself, via a new method dump_publickey() or the like.
I am trying to decrypt a PGP file using this module:
http://packages.python.org/python-gnupg/
Here is my code snippet:
#!/usr/bin/python
import gnupg
gpg = gnupg.GPG(gnupghome='C:\\Users\\GSquire\\Desktop\\GnuPG',
gpgbinary='C:\\Users\\GSquire\\Desktop\\GnuPG\\pub\\gpg.exe',
keyring='C:\\Users\\GSquire\\Desktop\\GnuPG\\secring.skr')
with open('.\\tranx08022012.txt.pgp', 'rb') as f:
status = gpg.decrypt_file(f, passphrase='passphrase', output='out.txt')
I am using the latest version of the module, and Python 2.6.6. I thought I could just use the secure ring file to decrypt it because that is obviously needed by the file. It outputs this when I run the script:
ok: False
status:
stderr:
gpg: expected public key but found secret key - must stop
Isn't it true that the secure key is what decrypts the file? Thanks for the help!
The error you're getting is because you're passing the secret keyring's filename in the keyring parameter. That parameter is only for the public keyring. Unfortunately, there doesn't seem to be an alternative parameter to specify a secret keyring file.
By default, GnuPG will look for secret keys in secring.gpg in the gnupghome folder you specify, so you can probably rename your secret key file and get it to work.