Ecc class¶
- class cryptosyspki.Ecc¶
Manage keys for elliptic curve cryptography.
- class CurveName¶
Supported curve names.
- BRAINPOOLP256R1 = 'brainpoolP256r1'¶
ECC Brainpool 256-bit curve
- BRAINPOOLP384R1 = 'brainpoolP384r1'¶
ECC Brainpool 384-bit curve
- BRAINPOOLP512R1 = 'brainpoolP512r1'¶
ECC Brainpool 512-bit curve
- ED25519 = 'Ed25519'¶
safe curve for EdDSA
- ED448 = 'Ed448'¶
safe curve for EdDSA
- PRIME192V1 = 'prime192v1'¶
P-192
- PRIME256V1 = 'prime256v1'¶
P-256
- P_192 = 'P-192'¶
secp192r1
- P_224 = 'P-224'¶
secp224r1
- P_256 = 'P-256'¶
secp256r1
- P_384 = 'P-384'¶
secp384r1
- P_521 = 'P-521'¶
secp521r1
- SECP192R1 = 'secp192r1'¶
P-192
- SECP224R1 = 'secp224r1'¶
P-224
- SECP256K1 = 'secp256k1'¶
"Bitcoin" curve
- SECP256R1 = 'secp256r1'¶
P-256
- SECP384R1 = 'secp384r1'¶
P-384
- SECP521R1 = 'secp521r1'¶
P-521
- X25519 = 'X25519'¶
Safe curve for ECDH
- X448 = 'X448'¶
Safe curve for ECDH
- class Format¶
Format for saved key file.
- BINARY = 0¶
Binary (default)
- DEFAULT = 0¶
Binary
- PEM = 65536¶
PEM-encoded format
- class KeyType¶
Key type for unencrypted key file.
Default is
SubjectPublicKeyInfo
for an EC public key orECPrivateKey
for an EC private key.- DEFAULT = 0¶
Save key in the default format.
- LEGACY = 524288¶
Save a safe key in "legacy" PKCS#8 v1 format (default is v2 OneAsymmetricKey)
- PKCS8 = 262144¶
Save a NIST/SEC curve private key in PKCS#8
PrivateKeyInfo
format (ignored for a public key).
- PRIVATE_KEY = 0¶
Key value represents a private key (use for reading safe curves)
- PUBLIC_KEY = 1¶
Key value represents a public key (use for reading safe curves)
- class PbeScheme¶
Password-based encryption scheme to encrypt the private key file.
- DEFAULT = 0¶
pbeWithSHAAnd3-KeyTripleDES-CBC
from PKCS#12
- PBKDF2_AES128 = 4128¶
PBKDF2 using
aes128-CBC
- PBKDF2_AES192 = 4144¶
PBKDF2 using
aes192-CBC
- PBKDF2_AES256 = 4160¶
PBKDF2 using
aes256-CBC
- PBKDF2_DESEDE3 = 4112¶
PBKDF2 using
des-EDE3-CBC
Compute EC Diffie-Hellman shared secret.
- Parameters:
intprikeystr (str) -- Our own private key in internal string form.
intpubkeystr (str) -- Other party's public key in internal string form.
- Returns:
Diffie-Hellman shared secret.
- Return type:
bytes
- static key_hashcode(intkeystr)¶
Compute the hash code of an "internal" ECC public or private key string.
Should be the same for a matching private and public key.
- Parameters:
intkeystr (str) -- Internal key string.
- Returns:
A 32-bit hash code for the key encoded in hex.
- Return type:
str
- static make_keys(pubkeyfile, prikeyfile, curvename, password, pbescheme=0, params='', fileformat=0)¶
Generate a new EC public/private key pair and save as two key files.
- Parameters:
pubkeyfile (str) -- name of public key file to be created.
prikeyfile (str) -- name of encrypted private key file to be created.
curvename (Ecc.CurveName) -- name of elliptic curve.
password (str) -- password to be used for the encrypted key file.
pbescheme (Ecc.PbeScheme) -- Password-based encryption scheme to encrypt private key [default =
pbeWithSHAAnd3-KeyTripleDES-CBC
]params (str) --
Optional parameters. A set of attribute "name=value" pairs separated by a semicolon
(;)
.- count=<integer>
To set the iteration count used in the PBKDF2 method, e.g.
"count=5000;"
[default=2048].- prf=<hmac-name>
To change the HMAC algorithm used in the PBKDF2 method, e.g.
"prf=hmacwithSHA256;"
. Valid values are (case-insensitive):hmacwithSHA1
(default)hmacwithSHA224
hmacwithSHA256
hmacwithSHA384
hmacwithSHA512
- rngseed=<string>
To add some user-supplied entropy for the key generation process, e.g.
"rngseed=NaCl;"
.
fileformat (Ecc.Format) -- Format to save file [default = DER binary]
- Returns:
Zero if successful.
- Return type:
int
Example
>>> # Make default key pair using P-192 curve >>> Ecc.make_keys("mykey.pub", "mykey.p8", Ecc.CurveName.P_192, "password") 0 >>> # Make key pair using P-384 with advanced options >>> Ecc.make_keys("mypubkey384.pem", "myprikey384.pem", Ecc.CurveName.P_384, "password", Ecc.PbeScheme.PBKDF2_AES128, "count=3999;prf=hmacWithSha256", Ecc.Format.PEM) 0
- static publickey_from_private(intkeystr)¶
Return an internal EC public key string from an internal EC private key string.
- Parameters:
intkeystr (str) -- the private key as an internal key string
- Returns:
The public key in ephemeral "internal" representation, or the empty string on error.
- Return type:
str
Examples
>>> # Specify an EC private key in base58 form >>> keyb58 = "6ACCbmy9qwiFcuVgvxNNwMPfoghobzznWrLs3v7t3RmN" >>> curvename = "secp256k1" >>> # Read in to an internal key >>> intpristr = Ecc.read_key_by_curve(Cnv.tohex(Cnv.frombase58(keyb58)), curvename) >>> # Extract public key from private key >>> intpubstr = Ecc.publickey_from_private(intpristr) >>> Ecc.query_key(intpristr, 'publicKey') '04654bacc2fc7a3bde0f8eb95dc5aac9ba1df732255cf7f2eb7e1e8e6edbb1f4188ff3752ac4bdf1e3a31a488747745dddcbabd33a10c3b52d737c092851da13c0' >>> # These should be the same >>> Ecc.key_hashcode(intpubstr) 'BA36523B' >>> Ecc.key_hashcode(intpristr) 'BA36523B'
- static query_key(intkeystr, query)¶
Query an EC key string for selected information. May return an integer or a string.
- Parameters:
intkeystr (str) -- containing the key as an internal key string
query (str) --
Query string (case-insensitive). Valid queries are:
"curveName"
-- Name of the curve."keyBits"
-- Number of bits in the key."isPrivate"
--1
if key is a private key;0
if not."privateKey"
-- Value of the private key in hex format."publicKey"
-- Value of the public key in hex format.
- Returns:
Result of query if found or an empty string if not found.
- static read_key_by_curve(keyhex, curvename, ispublic=False)¶
Return an internal key string of an EC key from its hexadecimal representation.
- Parameters:
keyhex (str) -- hexadecimal representation of the key, private or public
curvename (Ecc.CurveName) -- name of the elliptic curve
ispublic (bool) --
True
if key is a public key,False
if a private key. Required for safe curve keys, otherwise ignored.
- Returns:
The key in ephemeral "internal" representation, or the empty string on error
For NIST/SEC curves, an EC private key
w
is represented asHEX(w)
and a public key(x,y)
in the uncompressed X9.63 form04||HEX(x)||HEX(y)
. The key type is detected automatically and theispublic
argument is ignored.For the safe curves, X25519 and Ed25519, both private and public keys are expected as the hexadecimal representation of a 32-byte value in little-endian format. The
ispublic
argument must be used to must specify whether the key is a private or public key.- Return type:
str
- static read_private_key(keyfileorstr, password='')¶
Read from a file or string containing an EC private key into an "internal" private key string.
- Parameters:
keyfileorstr (str) -- Name of file or a PEM string containing the key
password (str) -- Password for private key, if encrypted.
- Returns:
Ephemeral internal representation of the private key
- Return type:
str
Example
>>> intprikey = Ecc.read_private_key("mykey.p8", "password") >>> Ecc.query_key(intprikey, 'curveName') 'secp192r1'
- static read_public_key(keyfileorstr)¶
Read from a file or string containing an EC public key into an "internal" public key string.
- Parameters:
keyfileorstr (str) -- Name of file or a PEM string containing the key
- Returns:
Ephemeral internal representation of the public key.
- Return type:
str
Example
>>> intpubkey = Ecc.read_public_key("mykey.pub") >>> Ecc.query_key(intpubkey, 'isPrivate') 0
- static save_enc_key(outputfile, intkeystr, password, pbescheme=0, params='', fileformat=0)¶
Save an internal EC private key string to an encrypted private key file.
- Parameters:
outputfile (str) -- Name of key file to be created
intkeystr (str) -- the private EC key as an internal key string
password (str) -- Password for private key, if encrypted.
pbescheme (Ecc.PbeScheme) -- Encryption scheme to encrypt private key [default =
pbeWithSHAAnd3-KeyTripleDES-CBC
]params (str) --
Optional parameters. A set of attribute name=value pairs separated by a semicolon
;
.- count=<integer>:
To set the iteration count used in the PBKDF2 method, e.g.
"count=5000;"
[default=2048].- prf=<hmac-name>
To change the HMAC algorithm used in the PBKDF2 method, e.g.
"prf=hmacwithSHA256;"
. Valid values are (case-insensitive):hmacwithSHA1
(default)hmacwithSHA224
hmacwithSHA256
hmacwithSHA384
hmacwithSHA512
fileformat (Ecc.Format) -- Format to save file [default = DER binary]
- Returns:
Zero if successful.
- Return type:
int
- static save_key(outputfile, intkeystr, keytype=0, fileformat=0)¶
Save an internal EC key string (public or private) to an unencrypted key file.
- Parameters:
outputfile (str) -- Name of key file to be created
intkeystr (str) -- the private or public EC key as an internal key string
keytype (Ecc.KeyType) -- Key structure for private key (ignored for public)
fileformat (Ecc.Format) -- Format to save file [default = DER binary]
- Returns:
Zero if successful.
- Return type:
int