I have private key, example generate RSA key pair:
ssh-keygen -t rsa -N 123456 -f /tmp/rsa
I can replace the call:
ssh-keygen -p -P 123456 -N "" -f /tmp/rsa
using python cryptography module:
from cryptography.hazmat.backends import default_backend
import cryptography.hazmat.primitives.serialization as crypto_serialization
priv_key = crypto_serialization.load_pem_private_key(open(key_path, "rb").read(),
passphrase.encode('utf-8'),
default_backend()
)
with open(key_path, "wb") as dest_pem:
dest_pem.write(priv_key.private_bytes(crypto_serialization.Encoding.PEM,
crypto_serialization.PrivateFormat.TraditionalOpenSSL,
crypto_serialization.NoEncryption()
)
)
But when I generate key with parameter -t ed25519, I get error:
File "/usr/local/lib64/python3.6/site-packages/cryptography/hazmat/primitives/serialization/base.py", line 16, in load_pem_private_key
return backend.load_pem_private_key(data, password)
File "/usr/local/lib64/python3.6/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1089, in load_pem_private_key
password,
File "/usr/local/lib64/python3.6/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1315, in _load_key
self._handle_key_loading_error()
File "/usr/local/lib64/python3.6/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1373, in _handle_key_loading_error
raise ValueError("Could not deserialize key data.")
ValueError: Could not deserialize key data.
I load Ed25519 private key using python paramiko module, but I can't serialize private bytes:
import paramiko
key_priv = paramiko.Ed25519Key.from_private_key_file('ed25519', password=b'123456')
Generating key pair:
ssh-keygen -t ed25519 -N 123456 -f ed25519
Using load_ssh_private_key method I try to descrypt a private key:
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.backends import default_backend
priv_key = serialization.load_ssh_private_key(open('ed25519', 'rb').read(), b'123456', default_backend())
with open('ed25519_py', wb') as dest_key:
dest_key.write(priv_key.private_bytes(serialization.Encoding.PEM,
serialization.PrivateFormat.OpenSSH,
serialization.NoEncryption()
)
)
No error occurs and I get unencrypted openssh-format private key file.
On other hand, using ssk-keygen tool I change the passphrase of a private key file to empty:
ssh-keygen -p -P 123456 -N "" -f ed25519
As a result, I have two decrypted keys, which not matched .
How to get a key using python that will match the result of the call ssh-keygen?
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.