[Cryptography-dev] serialize private ley

Alex Gaynor alex.gaynor at gmail.com
Fri Oct 12 16:49:35 EDT 2018 

You should pass an instance of
https://cryptography.io/en/latest/hazmat/primitives/asymmetric/serialization/#cryptography.hazmat.primitives.serialization.NoEncryption
if you want an unencrypted key.

Here's an example:
https://cryptography.io/en/latest/hazmat/primitives/asymmetric/rsa/#key-serialization

Alex

On Fri, Oct 12, 2018 at 4:47 PM Ramani <rramani at gmail.com> wrote:

> Hello,
>
> I am trying to serialize a private key using private_bytes method. I want
> to serialize a RSA private key with no password in one python module and
> bring it back in another so that I can use the private key for signing
> certificates.
>
> I tried doing this :
>
> privkey_pem = privkey.private_bytes(encoding=serialization.Encoding.PEM,\
>                     format=serialization.PrivateFormat.PKCS8,\
>                     encryption_algorithm=KeySerializationEncryption())
>
> However in the private_bytes method there are a couple checks one for
> KeySerializationEncryption type and another for
>
> if not isinstance(encryption_algorithm,
>                           serialization.KeySerializationEncryption):
>             raise TypeError(
>                 "Encryption algorithm must be a KeySerializationEncryption
> "
>                 "instance"
>             )
>
>         if isinstance(encryption_algorithm, serialization.NoEncryption):
>             password = b""
>             passlen = 0
>             evp_cipher = self._ffi.NULL
>         elif isinstance(encryption_algorithm,
>                         serialization.BestAvailableEncryption):
>             # This is a curated value that we will update over time.
>             evp_cipher = self._lib.EVP_get_cipherbyname(
>                 b"aes-256-cbc"
>             )
>             password = encryption_algorithm.password
>             passlen = len(password)
>             if passlen > 1023:
>                 raise ValueError(
>                     "Passwords longer than 1023 bytes are not supported by
> "
>                     "this backend"
>                 )
>         else:
>             raise ValueError("Unsupported encryption type")
>
> So I am getting the unsupported encryption type value error.
>
> Thanks,
>
> Ram
>
>
> _______________________________________________
> Cryptography-dev mailing list
> Cryptography-dev at python.org
> https://mail.python.org/mailman/listinfo/cryptography-dev
>


-- 
All that is necessary for evil to succeed is for good people to do nothing.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/cryptography-dev/attachments/20181012/925fc67c/attachment.html>

More information about the Cryptography-dev mailing list