From rramani at gmail.com Fri Oct 12 16:45:29 2018 From: rramani at gmail.com (Ramani) Date: Fri, 12 Oct 2018 16:45:29 -0400 Subject: [Cryptography-dev] serialize private ley Message-ID: Hello, I am trying to serialize a private key using private_bytes method. I want to serialize a RSA private key with no password in one python module and bring it back in another so that I can use the private key for signing certificates. I tried doing this : privkey_pem = privkey.private_bytes(encoding=serialization.Encoding.PEM,\ format=serialization.PrivateFormat.PKCS8,\ encryption_algorithm=KeySerializationEncryption()) However in the private_bytes method there are a couple checks one for KeySerializationEncryption type and another for if not isinstance(encryption_algorithm, serialization.KeySerializationEncryption): raise TypeError( "Encryption algorithm must be a KeySerializationEncryption " "instance" ) if isinstance(encryption_algorithm, serialization.NoEncryption): password = b"" passlen = 0 evp_cipher = self._ffi.NULL elif isinstance(encryption_algorithm, serialization.BestAvailableEncryption): # This is a curated value that we will update over time. evp_cipher = self._lib.EVP_get_cipherbyname( b"aes-256-cbc" ) password = encryption_algorithm.password passlen = len(password) if passlen > 1023: raise ValueError( "Passwords longer than 1023 bytes are not supported by " "this backend" ) else: raise ValueError("Unsupported encryption type") So I am getting the unsupported encryption type value error. Thanks, Ram -------------- next part -------------- An HTML attachment was scrubbed... URL: From alex.gaynor at gmail.com Fri Oct 12 16:49:35 2018 From: alex.gaynor at gmail.com (Alex Gaynor) Date: Fri, 12 Oct 2018 16:49:35 -0400 Subject: [Cryptography-dev] serialize private ley In-Reply-To: References: Message-ID: You should pass an instance of https://cryptography.io/en/latest/hazmat/primitives/asymmetric/serialization/#cryptography.hazmat.primitives.serialization.NoEncryption if you want an unencrypted key. Here's an example: https://cryptography.io/en/latest/hazmat/primitives/asymmetric/rsa/#key-serialization Alex On Fri, Oct 12, 2018 at 4:47 PM Ramani wrote: > Hello, > > I am trying to serialize a private key using private_bytes method. I want > to serialize a RSA private key with no password in one python module and > bring it back in another so that I can use the private key for signing > certificates. > > I tried doing this : > > privkey_pem = privkey.private_bytes(encoding=serialization.Encoding.PEM,\ > format=serialization.PrivateFormat.PKCS8,\ > encryption_algorithm=KeySerializationEncryption()) > > However in the private_bytes method there are a couple checks one for > KeySerializationEncryption type and another for > > if not isinstance(encryption_algorithm, > serialization.KeySerializationEncryption): > raise TypeError( > "Encryption algorithm must be a KeySerializationEncryption > " > "instance" > ) > > if isinstance(encryption_algorithm, serialization.NoEncryption): > password = b"" > passlen = 0 > evp_cipher = self._ffi.NULL > elif isinstance(encryption_algorithm, > serialization.BestAvailableEncryption): > # This is a curated value that we will update over time. > evp_cipher = self._lib.EVP_get_cipherbyname( > b"aes-256-cbc" > ) > password = encryption_algorithm.password > passlen = len(password) > if passlen > 1023: > raise ValueError( > "Passwords longer than 1023 bytes are not supported by > " > "this backend" > ) > else: > raise ValueError("Unsupported encryption type") > > So I am getting the unsupported encryption type value error. > > Thanks, > > Ram > > > _______________________________________________ > Cryptography-dev mailing list > Cryptography-dev at python.org > https://mail.python.org/mailman/listinfo/cryptography-dev > -- All that is necessary for evil to succeed is for good people to do nothing. -------------- next part -------------- An HTML attachment was scrubbed... URL: