PyCrypto: Generate RSA key protected with DES3 pas

2020-06-04 03:31发布

问题:

I have been able to create a RSA key protected by password with DES3 (well... I think because I'm very new to this encryption world) by using the command:

openssl genrsa -out "/tmp/myKey.pem" -passout pass:"f00bar" -des3 2048

Now, I would like to do that inside a Python script, using PyCrypto, if possible. I have seen this message, which seems to discourage the use of PyCrypto to do that. Is it still like that?

Of course I can always call os.execute, and execute the above command, but I'd consider that "cheating" :-). I'm pretty much doing this to learn PyCrypto.

Thank you in advance.

回答1:

Starting from PyCrypto 2.5 you can export an RSA private key and have it protected under a passphrase. A Triple DES key is internally derived from the passphrase and used to perform the actual encryption.

For instance:

from Crypto import RSA
from Crypto import Random

random_generator = Random.new().read
key = RSA.generate(1024, random_generator)
exportedKey = key.exportKey('PEM', 'my secret', pkcs=1)

The variable exportedKey contains an ASCII version (PEM) of the key, encoded according to PKCS#1 (a cryptographic standard. Another option is pkcs=8 for - guess what - PKCS#8). Since the result is standard, you can use it with several other programs, including openssl. And of course, you can also re-import it back into python via PyCrypto!

The exportKey method is documented here.