Python RSA库。加载使用密码加密的专用密钥文件
我使用此命令从PFX文件中导出了私钥:
openssl.exe pkcs12 -in "temp.pfx" -passin pass:secret -passout pass:1234 -out exported.key 2>$null
openssl.exe rsa -in exported.key -passin pass:1234 -passout pass:1234 -des3 -out myprivatekey.pem -outform pem
我尝试使用库RSA将其导入以下Python代码。
import rsa
...
privatefile = 'myprivatekey.pem'
with open(privatekey,'r',) as privatefile:
keydata = privatefile.read()
privkey = rsa.PrivateKey.load_pkcs1(keydata,'PEM')
这给了我错误:
raise error.SubstrateUnderrunError('%d-octet short' % (length - len(substrate)))
pyasn1.error.SubstrateUnderrunError: 241258135299934072420413978887367113698521244196764765036638487009646022641423445372690412943975215342192406357926060763198896784236941481018430139761477591845142721555172078726675134842863273257382304489290139918678689615801729787593872634728755-octet short
如果我将“ -des3”放在OpenSSL命令中,则Python脚本运行完美。但是,我需要密码保护这些私钥。
可以使用Python RSA库( https://pypi.org/project/project/project/rsa/ )加密的私钥?还是我应该切换到其他库?
I exported the private key from a PFX file with this command:
openssl.exe pkcs12 -in "temp.pfx" -passin pass:secret -passout pass:1234 -out exported.key 2>$null
openssl.exe rsa -in exported.key -passin pass:1234 -passout pass:1234 -des3 -out myprivatekey.pem -outform pem
I try to import it with the following python code, using the library rsa.
import rsa
...
privatefile = 'myprivatekey.pem'
with open(privatekey,'r',) as privatefile:
keydata = privatefile.read()
privkey = rsa.PrivateKey.load_pkcs1(keydata,'PEM')
This gives me the error:
raise error.SubstrateUnderrunError('%d-octet short' % (length - len(substrate)))
pyasn1.error.SubstrateUnderrunError: 241258135299934072420413978887367113698521244196764765036638487009646022641423445372690412943975215342192406357926060763198896784236941481018430139761477591845142721555172078726675134842863273257382304489290139918678689615801729787593872634728755-octet short
If I leave "-des3" out of the openssl command, then the Python script runs perfectly. However, I need to password protect these private keys.
Can the python rsa library (https://pypi.org/project/rsa/) support these encrypted private keys? Or should I switch to a different library?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
导出的密钥是PEM编码的加密PKCS#1键。 afaik, python-rsa 不支持加密密钥,在PKCS#1中也不支持PKCS#8格式。但是,您可以使用加密(
load> load_pem_private_key())或 - 如注释中所建议的 - https://pycryptodome.readthedocs.io/en/latest/src/public_key/rsa.html?highlight=rsa%20Key%20Key%20Load#crypto.publickey.rsa.rsa.import_key ) )。以下python代码显示了具有加密和pycryptodome的加密PKCS#1键的导入:
该代码输出未加密的PEM编码PKCS#8密钥。
The exported key is a PEM encoded encrypted PKCS#1 key. Afaik, Python-rsa doesn't support encrypted keys, neither in PKCS#1 nor in PKCS#8 format. However, you can use Cryptography (
load_pem_private_key()) or - as suggested in the comment - PyCryptodome (import_key()).The following Python Code shows the import of an encrypted PKCS#1 key with Cryptography and PyCryptodome:
The code outputs the unencrypted PEM encoded PKCS#8 key.