Viewing file: sshkey.py (3.48 KB) -rw-r--r-- Select action/file-type: (+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
# Read unencrypted PKCS#1/PKIX-compliant, PEM&DER encoded private keys on # stdin, print them pretty and encode back into original wire format. # Private keys can be generated with "openssl genrsa|gendsa" commands. import sys, string, base64 from pyasn1.type import univ, namedtype, namedval, constraint from pyasn1.codec.der import encoder, decoder
class DSAPrivateKey(univ.Sequence): """PKIX compliant DSA private key structure""" componentType = namedtype.NamedTypes( namedtype.NamedType('version', univ.Integer(namedValues=namedval.NamedValues(('v1', 0)))), namedtype.NamedType('p', univ.Integer()), namedtype.NamedType('q', univ.Integer()), namedtype.NamedType('g', univ.Integer()), namedtype.NamedType('public', univ.Integer()), namedtype.NamedType('private', univ.Integer()) )
MAX = 16
class OtherPrimeInfo(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('prime', univ.Integer()), namedtype.NamedType('exponent', univ.Integer()), namedtype.NamedType('coefficient', univ.Integer()) ) class OtherPrimeInfos(univ.SequenceOf): componentType = OtherPrimeInfo() subtypeSpec = univ.SequenceOf.subtypeSpec + \ constraint.ValueSizeConstraint(1, MAX) class RSAPrivateKey(univ.Sequence): """PKCS#1 compliant RSA private key structure""" componentType = namedtype.NamedTypes( namedtype.NamedType('version', univ.Integer(namedValues=namedval.NamedValues(('two-prime', 0), ('multi', 1)))), namedtype.NamedType('modulus', univ.Integer()), namedtype.NamedType('publicExponent', univ.Integer()), namedtype.NamedType('privateExponent', univ.Integer()), namedtype.NamedType('prime1', univ.Integer()), namedtype.NamedType('prime2', univ.Integer()), namedtype.NamedType('exponent1', univ.Integer()), namedtype.NamedType('exponent2', univ.Integer()), namedtype.NamedType('coefficient', univ.Integer()), namedtype.OptionalNamedType('otherPrimeInfos', OtherPrimeInfos()) ) keyMagic = { '-----BEGIN DSA PRIVATE KEY-----': {'-----END DSA PRIVATE KEY-----': DSAPrivateKey() }, '-----BEGIN RSA PRIVATE KEY-----': {'-----END RSA PRIVATE KEY-----': RSAPrivateKey() } }
# Read PEM keys from stdin and print them out in plain text
stSpam, stHam, stDump = 0, 1, 2 state = stSpam keyCnt = 0
for keyLine in sys.stdin.readlines(): keyLine = string.strip(keyLine) if state == stSpam: if state == stSpam: if keyMagic.has_key(keyLine): keyMagicTail = keyMagic[keyLine] keyLines = [] state = stHam continue if state == stHam: if keyMagicTail.has_key(keyLine): asn1Spec = keyMagicTail[keyLine] state = stDump else: keyLines.append(keyLine) if state == stDump: substrate = '' try: for keyLine in keyLines: substrate = substrate + base64.decodestring(keyLine) except TypeError, why: print '%s, possibly encrypted key' % (why, ) state = stSpam continue
key = decoder.decode(substrate, asn1Spec=asn1Spec)[0] print key.prettyPrint() if encoder.encode(key) != substrate: print 'key re-code yields a diff!' keyCnt = keyCnt + 1 state = stSpam
print '*** %s private key(s) re/serialized' % keyCnt
|