Python ecdsa.keys() Examples
The following are 17
code examples of ecdsa.keys().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
ecdsa
, or try the search function
.
.
Example #1
| Source File: security_keys.py From king-phisher with BSD 3-Clause "New" or "Revised" License | 6 votes |
|
def _load_key_store(self, file_name):
file_path = find.data_file(file_name)
if not file_path:
return 0
with open(file_path, 'r') as file_h:
key_store = serializers.JSON.load(file_h)
utilities.validate_json_schema(key_store, 'king-phisher.security')
key_store = key_store['keys']
loaded = 0
for key_idx, key in enumerate(key_store, 1):
identifier = key['id']
if identifier in self.keys:
self.logger.warning("skipping loading {0}:{1} due to a duplicate id".format(file_name, key_idx))
continue
verifying_key = key['verifying-key']
key['verifying-key'] = VerifyingKey.from_dict(verifying_key, encoding=verifying_key.pop('encoding', 'base64'))
self.keys[identifier] = key
self.logger.debug("loaded key id: {0} from: {1}".format(identifier, file_path))
loaded += 1
return loaded
Example #2
| Source File: dnssec.py From script.elementum.burst with Do What The F*ck You Want To Public License | 6 votes |
|
def _find_candidate_keys(keys, rrsig):
candidate_keys = []
value = keys.get(rrsig.signer)
if value is None:
return None
if isinstance(value, dns.node.Node):
try:
rdataset = value.find_rdataset(dns.rdataclass.IN,
dns.rdatatype.DNSKEY)
except KeyError:
return None
else:
rdataset = value
for rdata in rdataset:
if rdata.algorithm == rrsig.algorithm and \
key_id(rdata) == rrsig.key_tag:
candidate_keys.append(rdata)
return candidate_keys
Example #3
| Source File: security_keys.py From king-phisher with BSD 3-Clause "New" or "Revised" License | 6 votes |
|
def test_dictionary_verification(self):
test_data = {}
for _ in range(5):
test_data['_' + utilities.random_string(10)] = utilities.random_string(10)
self.sk = security_keys.SigningKey.generate(curve=ecdsa.NIST521p)
test_data = self.sk.sign_dict(test_data, signature_encoding='base64')
self.assertIsInstance(test_data, dict)
# make sure the 'signature' key was added
self.assertIn('signature', test_data)
self.assertEqual(len(test_data), 6)
try:
binascii.a2b_base64(test_data['signature'])
except ValueError:
self.fail('signature could not be decoded as base64')
vk = self.sk.get_verifying_key()
vk.verify_dict(test_data, signature_encoding='base64')
test_data['_' + utilities.random_string(10)] = utilities.random_string(10)
with self.assertRaises(ecdsa.keys.BadSignatureError):
vk.verify_dict(test_data, signature_encoding='base64')
Example #4
| Source File: dnssec.py From Cloudmare with GNU General Public License v3.0 | 6 votes |
|
def _find_candidate_keys(keys, rrsig):
candidate_keys = []
value = keys.get(rrsig.signer)
if value is None:
return None
if isinstance(value, thirdparty.dns.node.Node):
try:
rdataset = value.find_rdataset(thirdparty.dns.rdataclass.IN,
thirdparty.dns.rdatatype.DNSKEY)
except KeyError:
return None
else:
rdataset = value
for rdata in rdataset:
if rdata.algorithm == rrsig.algorithm and \
key_id(rdata) == rrsig.key_tag:
candidate_keys.append(rdata)
return candidate_keys
Example #5
| Source File: dnssec.py From Tautulli with GNU General Public License v3.0 | 6 votes |
|
def _find_candidate_keys(keys, rrsig):
candidate_keys = []
value = keys.get(rrsig.signer)
if value is None:
return None
if isinstance(value, dns.node.Node):
try:
rdataset = value.find_rdataset(dns.rdataclass.IN,
dns.rdatatype.DNSKEY)
except KeyError:
return None
else:
rdataset = value
for rdata in rdataset:
if rdata.algorithm == rrsig.algorithm and \
key_id(rdata) == rrsig.key_tag:
candidate_keys.append(rdata)
return candidate_keys
Example #6
| Source File: dnssec.py From elasticintel with GNU General Public License v3.0 | 6 votes |
|
def _find_candidate_keys(keys, rrsig):
candidate_keys = []
value = keys.get(rrsig.signer)
if value is None:
return None
if isinstance(value, dns.node.Node):
try:
rdataset = value.find_rdataset(dns.rdataclass.IN,
dns.rdatatype.DNSKEY)
except KeyError:
return None
else:
rdataset = value
for rdata in rdataset:
if rdata.algorithm == rrsig.algorithm and \
key_id(rdata) == rrsig.key_tag:
candidate_keys.append(rdata)
return candidate_keys
Example #7
| Source File: dnssec.py From bazarr with GNU General Public License v3.0 | 6 votes |
|
def _find_candidate_keys(keys, rrsig):
candidate_keys = []
value = keys.get(rrsig.signer)
if value is None:
return None
if isinstance(value, dns.node.Node):
try:
rdataset = value.find_rdataset(dns.rdataclass.IN,
dns.rdatatype.DNSKEY)
except KeyError:
return None
else:
rdataset = value
for rdata in rdataset:
if rdata.algorithm == rrsig.algorithm and \
key_id(rdata) == rrsig.key_tag:
candidate_keys.append(rdata)
return candidate_keys
Example #8
| Source File: dnssec.py From arissploit with GNU General Public License v3.0 | 6 votes |
|
def _find_candidate_keys(keys, rrsig):
candidate_keys = []
value = keys.get(rrsig.signer)
if value is None:
return None
if isinstance(value, dns.node.Node):
try:
rdataset = value.find_rdataset(dns.rdataclass.IN,
dns.rdatatype.DNSKEY)
except KeyError:
return None
else:
rdataset = value
for rdata in rdataset:
if rdata.algorithm == rrsig.algorithm and \
key_id(rdata) == rrsig.key_tag:
candidate_keys.append(rdata)
return candidate_keys
Example #9
| Source File: security_keys.py From king-phisher with BSD 3-Clause "New" or "Revised" License | 5 votes |
|
def openssl_derive_key_and_iv(password, salt, key_length, iv_length, digest='sha256', encoding='utf-8'): """ Derive an encryption key and initialization vector (IV) in the same way as OpenSSL. .. note:: Different versions of OpenSSL use a different default value for the *digest* function used to derive keys and initialization vectors. A specific one can be used by passing the ``-md`` option to the ``openssl`` command which corresponds to the *digest* parameter of this function. :param str password: The password to use when deriving the key and IV. :param bytes salt: A value to use as a salt for the operation. :param int key_length: The length in bytes of the key to return. :param int iv_length: The length in bytes of the IV to return. :param str digest: The name of hashing function to use to generate the key. :param str encoding: The name of the encoding to use for the password. :return: The key and IV as a tuple. :rtype: tuple """ password = password.encode(encoding) digest_function = getattr(hashlib, digest) chunk = b'' data = b'' while len(data) < key_length + iv_length: chunk = digest_function(chunk + password + salt).digest() data += chunk return data[:key_length], data[key_length:key_length + iv_length]
Example #10
| Source File: security_keys.py From king-phisher with BSD 3-Clause "New" or "Revised" License | 5 votes |
|
def __init__(self):
self.keys = utilities.FreezableDict()
"""The dictionary of the loaded security keys, keyed by their identity string."""
if not self._load_key_store('security.json'):
raise RuntimeError('failed to load any keys from the primary store')
self._load_key_store('security.local.json')
self.keys.freeze()
self.logger.info("security key store initialized with {0:,} keys".format(len(self.keys)))
Example #11
| Source File: security_keys.py From king-phisher with BSD 3-Clause "New" or "Revised" License | 5 votes |
|
def _get_verifying_key(self, key_id):
key = self.keys.get(key_id)
if key is None:
self.logger.warning("verification of data with key {0} failed (unknown key)".format(key_id))
raise ecdsa.keys.BadSignatureError('unknown key for signature')
verifying_key = key.get('verifying-key')
if verifying_key is None:
self.logger.warning("verification of data with key {0} failed (missing verifying-key)".format(key_id))
raise ecdsa.keys.BadSignatureError('unknown key for signature')
return verifying_key
Example #12
| Source File: dnssec.py From Tautulli with GNU General Public License v3.0 | 4 votes |
|
def _validate(rrset, rrsigset, keys, origin=None, now=None):
"""Validate an RRset
@param rrset: The RRset to validate
@type rrset: dns.rrset.RRset or (dns.name.Name, dns.rdataset.Rdataset)
tuple
@param rrsigset: The signature RRset
@type rrsigset: dns.rrset.RRset or (dns.name.Name, dns.rdataset.Rdataset)
tuple
@param keys: The key dictionary.
@type keys: a dictionary keyed by dns.name.Name with node or rdataset
values
@param origin: The origin to use for relative names
@type origin: dns.name.Name or None
@param now: The time to use when validating the signatures. The default
is the current time.
@type now: int
"""
if isinstance(origin, string_types):
origin = dns.name.from_text(origin, dns.name.root)
if isinstance(rrset, tuple):
rrname = rrset[0]
else:
rrname = rrset.name
if isinstance(rrsigset, tuple):
rrsigname = rrsigset[0]
rrsigrdataset = rrsigset[1]
else:
rrsigname = rrsigset.name
rrsigrdataset = rrsigset
rrname = rrname.choose_relativity(origin)
rrsigname = rrname.choose_relativity(origin)
if rrname != rrsigname:
raise ValidationFailure("owner names do not match")
for rrsig in rrsigrdataset:
try:
_validate_rrsig(rrset, rrsig, keys, origin, now)
return
except ValidationFailure:
pass
raise ValidationFailure("no RRSIGs validated")
Example #13
| Source File: dnssec.py From arissploit with GNU General Public License v3.0 | 4 votes |
|
def _validate(rrset, rrsigset, keys, origin=None, now=None):
"""Validate an RRset
@param rrset: The RRset to validate
@type rrset: dns.rrset.RRset or (dns.name.Name, dns.rdataset.Rdataset)
tuple
@param rrsigset: The signature RRset
@type rrsigset: dns.rrset.RRset or (dns.name.Name, dns.rdataset.Rdataset)
tuple
@param keys: The key dictionary.
@type keys: a dictionary keyed by dns.name.Name with node or rdataset
values
@param origin: The origin to use for relative names
@type origin: dns.name.Name or None
@param now: The time to use when validating the signatures. The default
is the current time.
@type now: int
"""
if isinstance(origin, string_types):
origin = dns.name.from_text(origin, dns.name.root)
if isinstance(rrset, tuple):
rrname = rrset[0]
else:
rrname = rrset.name
if isinstance(rrsigset, tuple):
rrsigname = rrsigset[0]
rrsigrdataset = rrsigset[1]
else:
rrsigname = rrsigset.name
rrsigrdataset = rrsigset
rrname = rrname.choose_relativity(origin)
rrsigname = rrname.choose_relativity(origin)
if rrname != rrsigname:
raise ValidationFailure("owner names do not match")
for rrsig in rrsigrdataset:
try:
_validate_rrsig(rrset, rrsig, keys, origin, now)
return
except ValidationFailure:
pass
raise ValidationFailure("no RRSIGs validated")
Example #14
| Source File: dnssec.py From bazarr with GNU General Public License v3.0 | 4 votes |
|
def _validate(rrset, rrsigset, keys, origin=None, now=None):
"""Validate an RRset
@param rrset: The RRset to validate
@type rrset: dns.rrset.RRset or (dns.name.Name, dns.rdataset.Rdataset)
tuple
@param rrsigset: The signature RRset
@type rrsigset: dns.rrset.RRset or (dns.name.Name, dns.rdataset.Rdataset)
tuple
@param keys: The key dictionary.
@type keys: a dictionary keyed by dns.name.Name with node or rdataset
values
@param origin: The origin to use for relative names
@type origin: dns.name.Name or None
@param now: The time to use when validating the signatures. The default
is the current time.
@type now: int
"""
if isinstance(origin, string_types):
origin = dns.name.from_text(origin, dns.name.root)
if isinstance(rrset, tuple):
rrname = rrset[0]
else:
rrname = rrset.name
if isinstance(rrsigset, tuple):
rrsigname = rrsigset[0]
rrsigrdataset = rrsigset[1]
else:
rrsigname = rrsigset.name
rrsigrdataset = rrsigset
rrname = rrname.choose_relativity(origin)
rrsigname = rrname.choose_relativity(origin)
if rrname != rrsigname:
raise ValidationFailure("owner names do not match")
for rrsig in rrsigrdataset:
try:
_validate_rrsig(rrset, rrsig, keys, origin, now)
return
except ValidationFailure:
pass
raise ValidationFailure("no RRSIGs validated")
Example #15
| Source File: dnssec.py From elasticintel with GNU General Public License v3.0 | 4 votes |
|
def _validate(rrset, rrsigset, keys, origin=None, now=None):
"""Validate an RRset
@param rrset: The RRset to validate
@type rrset: dns.rrset.RRset or (dns.name.Name, dns.rdataset.Rdataset)
tuple
@param rrsigset: The signature RRset
@type rrsigset: dns.rrset.RRset or (dns.name.Name, dns.rdataset.Rdataset)
tuple
@param keys: The key dictionary.
@type keys: a dictionary keyed by dns.name.Name with node or rdataset
values
@param origin: The origin to use for relative names
@type origin: dns.name.Name or None
@param now: The time to use when validating the signatures. The default
is the current time.
@type now: int
"""
if isinstance(origin, string_types):
origin = dns.name.from_text(origin, dns.name.root)
if isinstance(rrset, tuple):
rrname = rrset[0]
else:
rrname = rrset.name
if isinstance(rrsigset, tuple):
rrsigname = rrsigset[0]
rrsigrdataset = rrsigset[1]
else:
rrsigname = rrsigset.name
rrsigrdataset = rrsigset
rrname = rrname.choose_relativity(origin)
rrsigname = rrname.choose_relativity(origin)
if rrname != rrsigname:
raise ValidationFailure("owner names do not match")
for rrsig in rrsigrdataset:
try:
_validate_rrsig(rrset, rrsig, keys, origin, now)
return
except ValidationFailure:
pass
raise ValidationFailure("no RRSIGs validated")
Example #16
| Source File: dnssec.py From Cloudmare with GNU General Public License v3.0 | 4 votes |
|
def _validate(rrset, rrsigset, keys, origin=None, now=None):
"""Validate an RRset
@param rrset: The RRset to validate
@type rrset: thirdparty.dns.rrset.RRset or (thirdparty.dns.name.Name, thirdparty.dns.rdataset.Rdataset)
tuple
@param rrsigset: The signature RRset
@type rrsigset: thirdparty.dns.rrset.RRset or (thirdparty.dns.name.Name, thirdparty.dns.rdataset.Rdataset)
tuple
@param keys: The key dictionary.
@type keys: a dictionary keyed by thirdparty.dns.name.Name with node or rdataset
values
@param origin: The origin to use for relative names
@type origin: thirdparty.dns.name.Name or None
@param now: The time to use when validating the signatures. The default
is the current time.
@type now: int
"""
if isinstance(origin, string_types):
origin = thirdparty.dns.name.from_text(origin, thirdparty.dns.name.root)
if isinstance(rrset, tuple):
rrname = rrset[0]
else:
rrname = rrset.name
if isinstance(rrsigset, tuple):
rrsigname = rrsigset[0]
rrsigrdataset = rrsigset[1]
else:
rrsigname = rrsigset.name
rrsigrdataset = rrsigset
rrname = rrname.choose_relativity(origin)
rrsigname = rrname.choose_relativity(origin)
if rrname != rrsigname:
raise ValidationFailure("owner names do not match")
for rrsig in rrsigrdataset:
try:
_validate_rrsig(rrset, rrsig, keys, origin, now)
return
except ValidationFailure:
pass
raise ValidationFailure("no RRSIGs validated")
Example #17
| Source File: dnssec.py From script.elementum.burst with Do What The F*ck You Want To Public License | 4 votes |
|
def _validate(rrset, rrsigset, keys, origin=None, now=None):
"""Validate an RRset
@param rrset: The RRset to validate
@type rrset: dns.rrset.RRset or (dns.name.Name, dns.rdataset.Rdataset)
tuple
@param rrsigset: The signature RRset
@type rrsigset: dns.rrset.RRset or (dns.name.Name, dns.rdataset.Rdataset)
tuple
@param keys: The key dictionary.
@type keys: a dictionary keyed by dns.name.Name with node or rdataset
values
@param origin: The origin to use for relative names
@type origin: dns.name.Name or None
@param now: The time to use when validating the signatures. The default
is the current time.
@type now: int
"""
if isinstance(origin, string_types):
origin = dns.name.from_text(origin, dns.name.root)
if isinstance(rrset, tuple):
rrname = rrset[0]
else:
rrname = rrset.name
if isinstance(rrsigset, tuple):
rrsigname = rrsigset[0]
rrsigrdataset = rrsigset[1]
else:
rrsigname = rrsigset.name
rrsigrdataset = rrsigset
rrname = rrname.choose_relativity(origin)
rrsigname = rrname.choose_relativity(origin)
if rrname != rrsigname:
raise ValidationFailure("owner names do not match")
for rrsig in rrsigrdataset:
try:
_validate_rrsig(rrset, rrsig, keys, origin, now)
return
except ValidationFailure:
pass
raise ValidationFailure("no RRSIGs validated")
