问题
I have been able to create a RSA key protected by password with DES3 (well... I think because I'm very new to this encryption world) by using the command:
openssl genrsa -out "/tmp/myKey.pem" -passout pass:"f00bar" -des3 2048
Now, I would like to do that inside a Python script, using PyCrypto, if possible. I have seen this message, which seems to discourage the use of PyCrypto to do that. Is it still like that?
Of course I can always call os.execute, and execute the above command, but I'd consider that "cheating" :-). I'm pretty much doing this to learn PyCrypto.
Thank you in advance.
回答1:
Starting from PyCrypto 2.5 you can export an RSA private key and have it protected under a passphrase. A Triple DES key is internally derived from the passphrase and used to perform the actual encryption.
For instance:
from Crypto import RSA
from Crypto import Random
random_generator = Random.new().read
key = RSA.generate(1024, random_generator)
exportedKey = key.exportKey('PEM', 'my secret', pkcs=1)
The variable exportedKey contains an ASCII version (PEM) of the key, encoded according to PKCS#1 (a cryptographic standard. Another option is pkcs=8 for - guess what - PKCS#8). Since the result is standard, you can use it with several other programs, including openssl.
And of course, you can also re-import it back into python via PyCrypto!
The exportKey method is documented here.
来源:https://stackoverflow.com/questions/9979358/pycrypto-generate-rsa-key-protected-with-des3-password