RSA in python

[Abhisek Datta]

Hello,

I am looking for good RSA implementations in python that can import a
public key in PEM format and encrypt a buffer using the imported
public key. I tried m2crypto, but somehow it is giving me exceptions
which I couldnt solve as of now.

I get the following with m2crypto:
rsa = M2Crypto.RSA.load_pub_key("pubkey.pem")
gives me:
File "KB_Client.py", line 63, in SessionInit
rsa = M2Crypto.RSA.load_pub_key("pubkey.pem")
File "/usr/lib/python2.4/site-packages/M2Crypto/RSA.py", line 225,
in load_pub_key
return load_pub_key_bio(bio)
File "/usr/lib/python2.4/site-packages/M2Crypto/RSA.py", line 237,
in load_pub_key_bio
rsa_error()
File "/usr/lib/python2.4/site-packages/M2Crypto/RSA.py", line 162,
in rsa_error
raise RSAError, m2.err_reason_error_string(m2.err_get_error())
M2Crypto.RSA.RSAError: no start line


Any help will be highly appreciated.

Regards,
-abhisek

 

[wittempj]

Did you try this: http://www.amk.ca/python/code/crypto ?

 

[Abhisek Datta]

I tried the ezPyCrypto which is basically a higher level wrapper to pyCrypto
but it fails to import public key in PEM format.

-abhisek

 

[plahey]

stupid question, but did you try:

rsa = M2Crypto.RSA.load_pub_key( file("pubkey.pem") )

It is not clear from the documentation what they want for "file" (and
because Python has no type declarations, you are left to guess...).

May not work... just thought I would ask.

 

[plahey]

Looking at the api documentation again, it is possible that they want
this:

pubkey = open( 'pubkey.pem', 'rb' ).read() # binary read here?
rsa = M2Crypto.RSA.load_pub_key(pubkey)

Anyway, things to play with...

 

[Heikki Toivonen]

I am looking for good RSA implementations in python that can import a
public key in PEM format and encrypt a buffer using the imported
public key. I tried m2crypto, but somehow it is giving me exceptions
which I couldnt solve as of now.

What you are trying to do should be covered by M2Crypto. Without more
context for the error (what was the file you were trying load, etc.) it
is hard to say what is wrong. My first guess is that your pem file did
not include the BEGIN/END lines.

I would suggest you take a look at the tests and samples included in
M2Crypto. They do show how to work with PEM files.


M2Crypto 0.15: http://wiki.osafoundation.org/bin/view/Projects/MeTooCrypto

 

[Abhisek Datta]

Hello,

Here is some debugging output:

---
pyKB-DEBUG: Connecting to http://192.168.0.2:8080/RPC2
pyKB-DEBUG: Initializing session: (sessionKey: ABCDEFGHIJKLMNO)
pyKB-DEBUG: Received public key:
-----BEGIN RSA PUBLIC KEY-----
MIGJAoGBALxi3tGXlSwRgn7/Km6mTSge+5ijQgIn3GvnZOeYyOo1DkubVtTaFj26
GWtJo43MEe1a5UlWKJEOpbKVCr4AASfFj8YmmRewH4SXdZ+w1Bad8amyzL2h8F7J
wJojOnocSs6xDE7o86CpZRUlojBefanMdCpu074QFktE63OD1zBBAgMBAAE=
-----END RSA PUBLIC KEY-----

Traceback (most recent call last):
File "KB_Client.py", line 96, in ?
kb.SessionInit(sessionKey="ABCDEFGHIJKLMNO")
File "KB_Client.py", line 63, in SessionInit
rsa = M2Crypto.RSA.load_pub_key("pubkey.pem")
File "/usr/lib/python2.4/site-packages/M2Crypto/RSA.py", line 225,
in load_pub_key
return load_pub_key_bio(bio)
File "/usr/lib/python2.4/site-packages/M2Crypto/RSA.py", line 237,
in load_pub_key_bio
rsa_error()
File "/usr/lib/python2.4/site-packages/M2Crypto/RSA.py", line 162,
in rsa_error
raise RSAError, m2.err_reason_error_string(m2.err_get_error())
M2Crypto.RSA.RSAError: no start line
---

You can clearly see the public key which I am receiving from an xmlrpc
server. Then I saved the public key in "pubkey.pem" file and then use
M2Crypto.RSA.load_pub_key() and I am getting the output as show above.

-abhisek

 

[Heikki Toivonen]

-----BEGIN RSA PUBLIC KEY-----
MIGJAoGBALxi3tGXlSwRgn7/Km6mTSge+5ijQgIn3GvnZOeYyOo1DkubVtTaFj26
GWtJo43MEe1a5UlWKJEOpbKVCr4AASfFj8YmmRewH4SXdZ+w1Bad8amyzL2h8F7J
wJojOnocSs6xDE7o86CpZRUlojBefanMdCpu074QFktE63OD1zBBAgMBAAE=
-----END RSA PUBLIC KEY-----

Traceback (most recent call last): [...]
M2Crypto.RSA.RSAError: no start line

The files in M2Crypto tests directory don't have any files that have
"BEGIN RSA PUBLIC KEY" in them - haven't checked if this is legal or not.

However, plain OpenSSL does not like that file either:

$ openssl rsa -in rsa_heikki.pem -pubin
3440:error:0906D06CEM routinesEM_read_bio:no
startlineem_lib.c:644:Expecting: PUBLIC KEY

$ openssl rsa -in rsa_heikki.pem -check
2140:error:0906D06CEM routinesEM_read_bio:no
startlineem_lib.c:644:Expecting: ANY PRIVATE KEY

If I take out the "RSA " part from the delimiter lines I get:

$ openssl rsa -in rsa_heikki2.pem -pubin
unable to load Public Key
3124:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong
tag:tasn_dec.c:
1282:
3124:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
error:ta
sn_dec.c:374:Type=X509_ALGOR
3124:error:0D08303A:asn1 encoding
routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 e
rror:tasn_dec.c:743:Field=algor, Type=X509_PUBKEY
3124:error:0906700DEM routinesEM_ASN1_read_bio:ASN1 libem_oth.c:83:

$ openssl rsa -in rsa_heikki2.pem -check
unable to load Private Key
2304:error:0906D06CEM routinesEM_read_bio:no start
lineem_lib.c:644:Expect
ing: ANY PRIVATE KEY


My suggestion would be to ask on the openssl-users list.

--
Heikki Toivonen



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Cygwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFD+2WNb8x8KoP+JuwRAmC2AJ0fYurEBdoLb+b885bUoLz9nQ0fmwCgqFjv
UTLYnmP31hUrq+cO46QAywI=
=lLfI
-----END PGP SIGNATURE-----