Skip to content

Instantly share code, notes, and snippets.

@mortn
Forked from Snegovikufa/m2crypto_example.py
Created December 22, 2013 19:05
Show Gist options
  • Save mortn/8086896 to your computer and use it in GitHub Desktop.
Save mortn/8086896 to your computer and use it in GitHub Desktop.
# Since I ask this of people before using their code samples, anyone can
# use this under BSD.
import os
import M2Crypto
def empty_callback():
return
# Seed the random number generator with 1024 random bytes (8192 bits)
M2Crypto.Rand.rand_seed(os.urandom(1024))
# Generate public/private key pair for Alice
print "Generating a 1024 bit private/public key pair for Alice..."
# If you don't like the default M2Crypto ASCII "progress"
# bar it makes when generating keys, you can use:
# Alice = M2Crypto.RSA.gen_key (1024, 65537, empty_callback)
# You can change the key size, though key lengths < 1024 are
# considered insecure
# The larger the key size the longer it will take to generate
# the key and the larger the signature will be when signing
# You should probably leave the public exponent at 65537
# (http://en.wikipedia.org/wiki/Rsa#Key_generation_2)
Alice = M2Crypto.RSA.gen_key(1024, 65537)
# Save Alice's private key
# The 'None' tells it to save the private key in an unencrypted format
# For best security practices, you'd use:
# Alice.save_key ('Alice-private.pem')
# That would cause the private key to be saved in an encrypted format
# Python would ask you to enter a password to use to encrypt the key file
# For a demo script though it's easier/quicker to just use 'None'
Alice.save_key('Alice-private.pem', None)
# Save Alice's public key
Alice.save_pub_key('Alice-public.pem')
# Generate public/private key pair for Bob
print "Generating a 1024 bit private/public key pair for Bob..."
Bob = M2Crypto.RSA.gen_key(1024, 65537)
Bob.save_key('Bob-private.pem', None)
Bob.save_pub_key('Bob-public.pem')
# Alice wants to send a message to Bob, which only Bob will be able to decrypt
# Step 1, load Bob's public key
WriteRSA = M2Crypto.RSA.load_pub_key('Bob-public.pem')
# Step 2, encrypt the message using that public key
# Only Bob's private key can decrypt a message encrypted using Bob's public key
CipherText = WriteRSA.public_encrypt(
"This is a secret message that can"
"only be decrypted with Bob's private key",
M2Crypto.RSA.pkcs1_oaep_padding)
# Step 3, print the result
print "\nAlice's encrypted message to Bob:"
print CipherText.encode('base64')
# Step 4 (optional), sign the message so Bob knows it really was from Alice
# 1) Generate a signature
MsgDigest = M2Crypto.EVP.MessageDigest('sha1')
MsgDigest.update(CipherText)
Signature = Alice.sign_rsassa_pss(MsgDigest.digest())
# 2) Print the result
print "Alice's signature for this message:"
print Signature.encode('base64')
# Bob wants to read the message he was sent
# Step 1, load Bob's private key
ReadRSA = M2Crypto.RSA.load_key('Bob-private.pem')
# Step 2, decrypt the message using that private key
# If you use the wrong private key to try to decrypt the message it
# generates an exception, so this catches the exception
try:
PlainText = ReadRSA.private_decrypt(
CipherText, M2Crypto.RSA.pkcs1_oaep_padding)
except:
print "Error: wrong key?"
PlainText = ""
if PlainText == "":
# Step 3, print the result of the decryption
print "Message decrypted by Bob:"
print PlainText
# Step 4 (optional), verify the message was really sent by Alice
# 1) Load Alice's public key
VerifyRSA = M2Crypto.RSA.load_pub_key('Alice-public.pem')
# 2 ) Verify the signature
print "Signature verificaton:"
MsgDigest = M2Crypto.EVP.MessageDigest('sha1')
MsgDigest.update(CipherText)
if VerifyRSA.verify_rsassa_pss(MsgDigest.digest(), Signature) == 1:
print "This message was sent by Alice.\n"
else:
print "This message was NOT sent by Alice!\n"
# Generate a signature for a string
# Use Bob's private key
SignEVP = M2Crypto.EVP.load_key('Bob-private.pem')
# Begin signing
SignEVP.sign_init()
# Tell it to sign our string
SignEVP.sign_update(
'This is an unencrypted string that will be signed by Bob')
# Get the final result
StringSignature = SignEVP.sign_final()
# Print the final result
print "Bob's signature for the string:"
print StringSignature.encode('base64')
# Verify the string was signed by Bob
PubKey = M2Crypto.RSA.load_pub_key('Bob-public.pem')
# Initialize
VerifyEVP = M2Crypto.EVP.PKey()
# Assign the public key to our VerifyEVP
VerifyEVP.assign_rsa(PubKey)
# Begin verification
VerifyEVP.verify_init()
# Tell it to verify our string, if this string is not identicial to the
# one that was signed, it will fail
VerifyEVP.verify_update(
'This is an unencrypted string that will be signed by Bob')
# Was the string signed by Bob?
if VerifyEVP.verify_final(StringSignature) == 1:
print "The string was successfully verified."
else:
print "The string was NOT verified!"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment