From saurabh at fintify.com  Wed Mar 10 11:56:43 2021
From: saurabh at fintify.com (Saurabh Kapoor)
Date: Wed, 10 Mar 2021 22:26:43 +0530
Subject: [Cryptography-dev] Loading a Curve25519 X.509 key
Message-ID: <CAMpc6gm=1qYLd=HVddT5YiAbN3b54imk=D6NdU79gqCvrT6dBw@mail.gmail.com>

Hi,

A service we communicate with sends us their Curve25519 public key as a PEM
file. The key is DER encoded and the format is X.509's
SubjectPublicKeyInfo.

We would like to create a
cryptography.hazmat.primitives.asymmetric.x25519.X25519PublicKey for this
object but I am unable to find the routines to load such keys.
X25519PublicKey.load_public_bytes(..) expects a raw key.

Using the following openssl command I can examine the key: openssl
asn1parse -in pub_key.pem

Any suggestions on how my service written in Python can load this kind of a
public key? I've also posted a slightly more detailed question here:
https://stackoverflow.com/questions/66492939/python-decoding-an-ecdh-curve-25519-public-key-encoded-as-a-pem-file

regards,
Saurabh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.python.org/pipermail/cryptography-dev/attachments/20210310/469f885b/attachment.html>

From alex.gaynor at gmail.com  Wed Mar 10 12:05:26 2021
From: alex.gaynor at gmail.com (Alex Gaynor)
Date: Wed, 10 Mar 2021 12:05:26 -0500
Subject: [Cryptography-dev] Loading a Curve25519 X.509 key
In-Reply-To: <CAMpc6gm=1qYLd=HVddT5YiAbN3b54imk=D6NdU79gqCvrT6dBw@mail.gmail.com>
References: <CAMpc6gm=1qYLd=HVddT5YiAbN3b54imk=D6NdU79gqCvrT6dBw@mail.gmail.com>
Message-ID: <CAFRnB2UosBCbJ5hriHsZGy-Pdp0jZrrubkwf7Jy3owC_8EZs+w@mail.gmail.com>

Hi Saruabh,

I think https://cryptography.io/en/latest/hazmat/primitives/asymmetric/serialization.html#cryptography.hazmat.primitives.serialization.load_pem_public_key
should work. Notwithstanding the docs, I believe it'll load an
X25519PublicKey :-) If that works for you, let us know and I'll make
sure we fix those docs.

Alex

On Wed, Mar 10, 2021 at 11:56 AM Saurabh Kapoor <saurabh at fintify.com> wrote:
>
> Hi,
>
> A service we communicate with sends us their Curve25519 public key as a PEM file. The key is DER encoded and the format is X.509's SubjectPublicKeyInfo.
>
> We would like to create a cryptography.hazmat.primitives.asymmetric.x25519.X25519PublicKey for this object but I am unable to find the routines to load such keys. X25519PublicKey.load_public_bytes(..) expects a raw key.
>
> Using the following openssl command I can examine the key: openssl asn1parse -in pub_key.pem
>
> Any suggestions on how my service written in Python can load this kind of a public key? I've also posted a slightly more detailed question here: https://stackoverflow.com/questions/66492939/python-decoding-an-ecdh-curve-25519-public-key-encoded-as-a-pem-file
>
> regards,
> Saurabh
> _______________________________________________
> Cryptography-dev mailing list
> Cryptography-dev at python.org
> https://mail.python.org/mailman/listinfo/cryptography-dev



-- 
All that is necessary for evil to succeed is for good people to do nothing.

From paul.l.kehrer at gmail.com  Wed Mar 10 14:16:59 2021
From: paul.l.kehrer at gmail.com (Paul Kehrer)
Date: Wed, 10 Mar 2021 13:16:59 -0600
Subject: [Cryptography-dev] Loading a Curve25519 X.509 key
In-Reply-To: <CAFRnB2UosBCbJ5hriHsZGy-Pdp0jZrrubkwf7Jy3owC_8EZs+w@mail.gmail.com>
References: <CAMpc6gm=1qYLd=HVddT5YiAbN3b54imk=D6NdU79gqCvrT6dBw@mail.gmail.com>
 <CAFRnB2UosBCbJ5hriHsZGy-Pdp0jZrrubkwf7Jy3owC_8EZs+w@mail.gmail.com>
Message-ID: <CABj5TKQ0oYLtQUZN+z35irYsvv41Lky7Of=c1Px3DS-mbyK=Ag@mail.gmail.com>

Yes, load_{pem,der}_{public,private}_key can load
ed25519/ed448/x25519/x448 keys as well as long as they are in
PKCS8/subjectPublicKeyInfo formats. We should fix those docs.

-Paul

On Wed, Mar 10, 2021 at 11:05 AM Alex Gaynor <alex.gaynor at gmail.com> wrote:
>
> Hi Saruabh,
>
> I think https://cryptography.io/en/latest/hazmat/primitives/asymmetric/serialization.html#cryptography.hazmat.primitives.serialization.load_pem_public_key
> should work. Notwithstanding the docs, I believe it'll load an
> X25519PublicKey :-) If that works for you, let us know and I'll make
> sure we fix those docs.
>
> Alex
>
> On Wed, Mar 10, 2021 at 11:56 AM Saurabh Kapoor <saurabh at fintify.com> wrote:
> >
> > Hi,
> >
> > A service we communicate with sends us their Curve25519 public key as a PEM file. The key is DER encoded and the format is X.509's SubjectPublicKeyInfo.
> >
> > We would like to create a cryptography.hazmat.primitives.asymmetric.x25519.X25519PublicKey for this object but I am unable to find the routines to load such keys. X25519PublicKey.load_public_bytes(..) expects a raw key.
> >
> > Using the following openssl command I can examine the key: openssl asn1parse -in pub_key.pem
> >
> > Any suggestions on how my service written in Python can load this kind of a public key? I've also posted a slightly more detailed question here: https://stackoverflow.com/questions/66492939/python-decoding-an-ecdh-curve-25519-public-key-encoded-as-a-pem-file
> >
> > regards,
> > Saurabh
> > _______________________________________________
> > Cryptography-dev mailing list
> > Cryptography-dev at python.org
> > https://mail.python.org/mailman/listinfo/cryptography-dev
>
>
>
> --
> All that is necessary for evil to succeed is for good people to do nothing.
> _______________________________________________
> Cryptography-dev mailing list
> Cryptography-dev at python.org
> https://mail.python.org/mailman/listinfo/cryptography-dev

From alex.gaynor at gmail.com  Wed Mar 10 14:23:45 2021
From: alex.gaynor at gmail.com (Alex Gaynor)
Date: Wed, 10 Mar 2021 14:23:45 -0500
Subject: [Cryptography-dev] Loading a Curve25519 X.509 key
In-Reply-To: <CABj5TKQ0oYLtQUZN+z35irYsvv41Lky7Of=c1Px3DS-mbyK=Ag@mail.gmail.com>
References: <CAMpc6gm=1qYLd=HVddT5YiAbN3b54imk=D6NdU79gqCvrT6dBw@mail.gmail.com>
 <CAFRnB2UosBCbJ5hriHsZGy-Pdp0jZrrubkwf7Jy3owC_8EZs+w@mail.gmail.com>
 <CABj5TKQ0oYLtQUZN+z35irYsvv41Lky7Of=c1Px3DS-mbyK=Ag@mail.gmail.com>
Message-ID: <CAFRnB2X5gZjmAuj86AREnU4kB3FQYcSiDrXEhZwSogeZ6A_ujw@mail.gmail.com>

Great, I filed https://github.com/pyca/cryptography/issues/5911 so we
don't lose track

On Wed, Mar 10, 2021 at 2:17 PM Paul Kehrer <paul.l.kehrer at gmail.com> wrote:
>
> Yes, load_{pem,der}_{public,private}_key can load
> ed25519/ed448/x25519/x448 keys as well as long as they are in
> PKCS8/subjectPublicKeyInfo formats. We should fix those docs.
>
> -Paul
>
> On Wed, Mar 10, 2021 at 11:05 AM Alex Gaynor <alex.gaynor at gmail.com> wrote:
> >
> > Hi Saruabh,
> >
> > I think https://cryptography.io/en/latest/hazmat/primitives/asymmetric/serialization.html#cryptography.hazmat.primitives.serialization.load_pem_public_key
> > should work. Notwithstanding the docs, I believe it'll load an
> > X25519PublicKey :-) If that works for you, let us know and I'll make
> > sure we fix those docs.
> >
> > Alex
> >
> > On Wed, Mar 10, 2021 at 11:56 AM Saurabh Kapoor <saurabh at fintify.com> wrote:
> > >
> > > Hi,
> > >
> > > A service we communicate with sends us their Curve25519 public key as a PEM file. The key is DER encoded and the format is X.509's SubjectPublicKeyInfo.
> > >
> > > We would like to create a cryptography.hazmat.primitives.asymmetric.x25519.X25519PublicKey for this object but I am unable to find the routines to load such keys. X25519PublicKey.load_public_bytes(..) expects a raw key.
> > >
> > > Using the following openssl command I can examine the key: openssl asn1parse -in pub_key.pem
> > >
> > > Any suggestions on how my service written in Python can load this kind of a public key? I've also posted a slightly more detailed question here: https://stackoverflow.com/questions/66492939/python-decoding-an-ecdh-curve-25519-public-key-encoded-as-a-pem-file
> > >
> > > regards,
> > > Saurabh
> > > _______________________________________________
> > > Cryptography-dev mailing list
> > > Cryptography-dev at python.org
> > > https://mail.python.org/mailman/listinfo/cryptography-dev
> >
> >
> >
> > --
> > All that is necessary for evil to succeed is for good people to do nothing.
> > _______________________________________________
> > Cryptography-dev mailing list
> > Cryptography-dev at python.org
> > https://mail.python.org/mailman/listinfo/cryptography-dev
> _______________________________________________
> Cryptography-dev mailing list
> Cryptography-dev at python.org
> https://mail.python.org/mailman/listinfo/cryptography-dev



-- 
All that is necessary for evil to succeed is for good people to do nothing.

From saurabh at fintify.com  Thu Mar 11 03:20:02 2021
From: saurabh at fintify.com (Saurabh Kapoor)
Date: Thu, 11 Mar 2021 13:50:02 +0530
Subject: [Cryptography-dev] Loading a Curve25519 X.509 key
In-Reply-To: <CABj5TKQ0oYLtQUZN+z35irYsvv41Lky7Of=c1Px3DS-mbyK=Ag@mail.gmail.com>
References: <CAMpc6gm=1qYLd=HVddT5YiAbN3b54imk=D6NdU79gqCvrT6dBw@mail.gmail.com>
 <CAFRnB2UosBCbJ5hriHsZGy-Pdp0jZrrubkwf7Jy3owC_8EZs+w@mail.gmail.com>
 <CABj5TKQ0oYLtQUZN+z35irYsvv41Lky7Of=c1Px3DS-mbyK=Ag@mail.gmail.com>
Message-ID: <CAMpc6gn7OpfQcOS+dWy6s4=Yyd6PFfZsxa=UGdE=brR1y+E6rQ@mail.gmail.com>

Thanks Alex and Paul.

The functions load_pem_{public,private}_key work well for x25519 keys that
are written out using openssl's key generator:

   1. For private key: `openssl genpkey -algorithm x25519 > pri_key.pem`
   2. For public key: `openssl pkey -in pri_key.pem -pubout -out
   pub_key.pem`

However, we receive this public key from a service written in Java, which
uses BouncyCastle's library to encode the key.
Apparently, in these keys the curve is not explicitly named and that causes
load_pem_{public_private}_key to fail with the following error (call stack
attached in callstack.txt):

NotImplementedError: ECDSA keys with unnamed curves are unsupported at this
time

These same public/private keys generated by the sender can be opened using
`openssl asn1parse ..` command and what's more, when I generate the public
key from the private key using `openssl pkey -in <> -pubout -out <>` I get
the exact same public key back ! (attached the sample java_pri_key.pem and
java_pub_key.pem). That confirms that at the openssl layer it's able to
recognize the private key and output a public key in the same format.

So my question is: how can I load the sender's pub_key.pem into a
X25519PublicKey? If that's not possible, any suggestions for how else can
I, in Python, load the keys and decrypt data received from the Java service?

regards,
Saurabh

On Thu, Mar 11, 2021 at 12:47 AM Paul Kehrer <paul.l.kehrer at gmail.com>
wrote:

> Yes, load_{pem,der}_{public,private}_key can load
> ed25519/ed448/x25519/x448 keys as well as long as they are in
> PKCS8/subjectPublicKeyInfo formats. We should fix those docs.
>
> -Paul
>
> On Wed, Mar 10, 2021 at 11:05 AM Alex Gaynor <alex.gaynor at gmail.com>
> wrote:
> >
> > Hi Saruabh,
> >
> > I think
> https://cryptography.io/en/latest/hazmat/primitives/asymmetric/serialization.html#cryptography.hazmat.primitives.serialization.load_pem_public_key
> > should work. Notwithstanding the docs, I believe it'll load an
> > X25519PublicKey :-) If that works for you, let us know and I'll make
> > sure we fix those docs.
> >
> > Alex
> >
> > On Wed, Mar 10, 2021 at 11:56 AM Saurabh Kapoor <saurabh at fintify.com>
> wrote:
> > >
> > > Hi,
> > >
> > > A service we communicate with sends us their Curve25519 public key as
> a PEM file. The key is DER encoded and the format is X.509's
> SubjectPublicKeyInfo.
> > >
> > > We would like to create a
> cryptography.hazmat.primitives.asymmetric.x25519.X25519PublicKey for this
> object but I am unable to find the routines to load such keys.
> X25519PublicKey.load_public_bytes(..) expects a raw key.
> > >
> > > Using the following openssl command I can examine the key: openssl
> asn1parse -in pub_key.pem
> > >
> > > Any suggestions on how my service written in Python can load this kind
> of a public key? I've also posted a slightly more detailed question here:
> https://stackoverflow.com/questions/66492939/python-decoding-an-ecdh-curve-25519-public-key-encoded-as-a-pem-file
> > >
> > > regards,
> > > Saurabh
> > > _______________________________________________
> > > Cryptography-dev mailing list
> > > Cryptography-dev at python.org
> > > https://mail.python.org/mailman/listinfo/cryptography-dev
> >
> >
> >
> > --
> > All that is necessary for evil to succeed is for good people to do
> nothing.
> > _______________________________________________
> > Cryptography-dev mailing list
> > Cryptography-dev at python.org
> > https://mail.python.org/mailman/listinfo/cryptography-dev
> _______________________________________________
> Cryptography-dev mailing list
> Cryptography-dev at python.org
> https://mail.python.org/mailman/listinfo/cryptography-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.python.org/pipermail/cryptography-dev/attachments/20210311/5bd6caf0/attachment-0001.html>
-------------- next part --------------
Traceback (most recent call last):
  File "/home/saurabh/f/om/crypto/fincrypt/crypto.py", line 107, in __init__
    key = load_pem_public_key(pem_bytes)
  File "/home/saurabh/.pyenv/versions/txnanalytics/lib/python3.8/site-packages/cryptography/hazmat/primitives/serialization/base.py", line 25, in load_pem_public_key
    return backend.load_pem_public_key(data)
  File "/home/saurabh/.pyenv/versions/txnanalytics/lib/python3.8/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1231, in load_pem_public_key
    return self._evp_pkey_to_public_key(evp_pkey)
  File "/home/saurabh/.pyenv/versions/txnanalytics/lib/python3.8/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 729, in _evp_pkey_to_public_key
    return _EllipticCurvePublicKey(self, ec_cdata, evp_pkey)
  File "/home/saurabh/.pyenv/versions/txnanalytics/lib/python3.8/site-packages/cryptography/hazmat/backends/openssl/ec.py", line 272, in __init__
    sn = _ec_key_curve_sn(backend, ec_key_cdata)
  File "/home/saurabh/.pyenv/versions/txnanalytics/lib/python3.8/site-packages/cryptography/hazmat/backends/openssl/ec.py", line 43, in _ec_key_curve_sn
    raise NotImplementedError(
NotImplementedError: ECDSA keys with unnamed curves are unsupported at this time
-------------- next part --------------
A non-text attachment was scrubbed...
Name: java_pri_key.pem
Type: application/x-x509-ca-cert
Size: 839 bytes
Desc: not available
URL: <https://mail.python.org/pipermail/cryptography-dev/attachments/20210311/5bd6caf0/attachment-0002.crt>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: java_pub_key.pem
Type: application/x-x509-ca-cert
Size: 471 bytes
Desc: not available
URL: <https://mail.python.org/pipermail/cryptography-dev/attachments/20210311/5bd6caf0/attachment-0003.crt>

From paul.l.kehrer at gmail.com  Sat Mar 13 19:04:25 2021
From: paul.l.kehrer at gmail.com (Paul Kehrer)
Date: Sat, 13 Mar 2021 18:04:25 -0600
Subject: [Cryptography-dev] Loading a Curve25519 X.509 key
In-Reply-To: <CAMpc6gn7OpfQcOS+dWy6s4=Yyd6PFfZsxa=UGdE=brR1y+E6rQ@mail.gmail.com>
References: <CAMpc6gm=1qYLd=HVddT5YiAbN3b54imk=D6NdU79gqCvrT6dBw@mail.gmail.com>
 <CAFRnB2UosBCbJ5hriHsZGy-Pdp0jZrrubkwf7Jy3owC_8EZs+w@mail.gmail.com>
 <CABj5TKQ0oYLtQUZN+z35irYsvv41Lky7Of=c1Px3DS-mbyK=Ag@mail.gmail.com>
 <CAMpc6gn7OpfQcOS+dWy6s4=Yyd6PFfZsxa=UGdE=brR1y+E6rQ@mail.gmail.com>
Message-ID: <CABj5TKQpz3tWQO_-ZrxOJMEqwnP5S269M-zTZNCmcgtaD9WfuA@mail.gmail.com>

OpenSSL can sort of parse these but it isn't capable of recognizing
(at least via the typical loading paths) what the key type actually
is. I'd suggest looking at the bouncycastle API to see if there's a
way to serialize these in a more standard fashion or if you can simply
export the raw bytes of the private key (which cryptography is
perfectly capable of importing).

You could also parse the ASN.1 yourself to get it, but looking briefly
at the format it appears it's likely embedded as a value inside an
ASN.1 sequence that is itself encoded within an ASN.1 octet string.

-Paul

On Thu, Mar 11, 2021 at 2:20 AM Saurabh Kapoor <saurabh at fintify.com> wrote:
>
> Thanks Alex and Paul.
>
> The functions load_pem_{public,private}_key work well for x25519 keys that are written out using openssl's key generator:
>
> For private key: `openssl genpkey -algorithm x25519 > pri_key.pem`
> For public key: `openssl pkey -in pri_key.pem -pubout -out pub_key.pem`
>
> However, we receive this public key from a service written in Java, which uses BouncyCastle's library to encode the key.
> Apparently, in these keys the curve is not explicitly named and that causes load_pem_{public_private}_key to fail with the following error (call stack attached in callstack.txt):
>
> NotImplementedError: ECDSA keys with unnamed curves are unsupported at this time
>
> These same public/private keys generated by the sender can be opened using `openssl asn1parse ..` command and what's more, when I generate the public key from the private key using `openssl pkey -in <> -pubout -out <>` I get the exact same public key back ! (attached the sample java_pri_key.pem and java_pub_key.pem). That confirms that at the openssl layer it's able to recognize the private key and output a public key in the same format.
>
> So my question is: how can I load the sender's pub_key.pem into a X25519PublicKey? If that's not possible, any suggestions for how else can I, in Python, load the keys and decrypt data received from the Java service?
>
> regards,
> Saurabh
>
> On Thu, Mar 11, 2021 at 12:47 AM Paul Kehrer <paul.l.kehrer at gmail.com> wrote:
>>
>> Yes, load_{pem,der}_{public,private}_key can load
>> ed25519/ed448/x25519/x448 keys as well as long as they are in
>> PKCS8/subjectPublicKeyInfo formats. We should fix those docs.
>>
>> -Paul
>>
>> On Wed, Mar 10, 2021 at 11:05 AM Alex Gaynor <alex.gaynor at gmail.com> wrote:
>> >
>> > Hi Saruabh,
>> >
>> > I think https://cryptography.io/en/latest/hazmat/primitives/asymmetric/serialization.html#cryptography.hazmat.primitives.serialization.load_pem_public_key
>> > should work. Notwithstanding the docs, I believe it'll load an
>> > X25519PublicKey :-) If that works for you, let us know and I'll make
>> > sure we fix those docs.
>> >
>> > Alex
>> >
>> > On Wed, Mar 10, 2021 at 11:56 AM Saurabh Kapoor <saurabh at fintify.com> wrote:
>> > >
>> > > Hi,
>> > >
>> > > A service we communicate with sends us their Curve25519 public key as a PEM file. The key is DER encoded and the format is X.509's SubjectPublicKeyInfo.
>> > >
>> > > We would like to create a cryptography.hazmat.primitives.asymmetric.x25519.X25519PublicKey for this object but I am unable to find the routines to load such keys. X25519PublicKey.load_public_bytes(..) expects a raw key.
>> > >
>> > > Using the following openssl command I can examine the key: openssl asn1parse -in pub_key.pem
>> > >
>> > > Any suggestions on how my service written in Python can load this kind of a public key? I've also posted a slightly more detailed question here: https://stackoverflow.com/questions/66492939/python-decoding-an-ecdh-curve-25519-public-key-encoded-as-a-pem-file
>> > >
>> > > regards,
>> > > Saurabh
>> > > _______________________________________________
>> > > Cryptography-dev mailing list
>> > > Cryptography-dev at python.org
>> > > https://mail.python.org/mailman/listinfo/cryptography-dev
>> >
>> >
>> >
>> > --
>> > All that is necessary for evil to succeed is for good people to do nothing.
>> > _______________________________________________
>> > Cryptography-dev mailing list
>> > Cryptography-dev at python.org
>> > https://mail.python.org/mailman/listinfo/cryptography-dev
>> _______________________________________________
>> Cryptography-dev mailing list
>> Cryptography-dev at python.org
>> https://mail.python.org/mailman/listinfo/cryptography-dev
>
> _______________________________________________
> Cryptography-dev mailing list
> Cryptography-dev at python.org
> https://mail.python.org/mailman/listinfo/cryptography-dev

From saurabh at fintify.com  Mon Mar 15 04:53:44 2021
From: saurabh at fintify.com (Saurabh Kapoor)
Date: Mon, 15 Mar 2021 14:23:44 +0530
Subject: [Cryptography-dev] Loading a Curve25519 X.509 key
In-Reply-To: <CABj5TKQpz3tWQO_-ZrxOJMEqwnP5S269M-zTZNCmcgtaD9WfuA@mail.gmail.com>
References: <CAMpc6gm=1qYLd=HVddT5YiAbN3b54imk=D6NdU79gqCvrT6dBw@mail.gmail.com>
 <CAFRnB2UosBCbJ5hriHsZGy-Pdp0jZrrubkwf7Jy3owC_8EZs+w@mail.gmail.com>
 <CABj5TKQ0oYLtQUZN+z35irYsvv41Lky7Of=c1Px3DS-mbyK=Ag@mail.gmail.com>
 <CAMpc6gn7OpfQcOS+dWy6s4=Yyd6PFfZsxa=UGdE=brR1y+E6rQ@mail.gmail.com>
 <CABj5TKQpz3tWQO_-ZrxOJMEqwnP5S269M-zTZNCmcgtaD9WfuA@mail.gmail.com>
Message-ID: <CAMpc6gnOYQQE1xVqi1zGzHA_H-LvjKA53SAoCyMwmG7snLti6A@mail.gmail.com>

Hi Paul,

Thanks for your suggestions. I dug up a bit further and found the main
problem is the distinction between Curve25519 and X25519!
Here's what I found:

   1. They, using BoncyCastle, generate a Curve25519 public, private key
   and serialize it. This is serialized as a *generic *EC key with all the
   parameters contained within it.
   2. OpenSSL can work on these keys and even generate the derived key! I
   tried using the following command: openssl pkeyutl -derive -inkey
   <our_private_key> -peerkey <peer_public_key>
   3. OpenSSL supports X25519 keys but these are different from Curve25519.
   4. In Python, we support X25519 but not loading generic EC keys

Given all the above, I'll be more pushing towards getting them to use the
standard X25519 exchange format instead of that of a generic EC curve.
BouncyCastle supports that quite well.

regards,
Saurabh


On Sun, Mar 14, 2021 at 5:34 AM Paul Kehrer <paul.l.kehrer at gmail.com> wrote:

> OpenSSL can sort of parse these but it isn't capable of recognizing
> (at least via the typical loading paths) what the key type actually
> is. I'd suggest looking at the bouncycastle API to see if there's a
> way to serialize these in a more standard fashion or if you can simply
> export the raw bytes of the private key (which cryptography is
> perfectly capable of importing).
>
> You could also parse the ASN.1 yourself to get it, but looking briefly
> at the format it appears it's likely embedded as a value inside an
> ASN.1 sequence that is itself encoded within an ASN.1 octet string.
>
> -Paul
>
> On Thu, Mar 11, 2021 at 2:20 AM Saurabh Kapoor <saurabh at fintify.com>
> wrote:
> >
> > Thanks Alex and Paul.
> >
> > The functions load_pem_{public,private}_key work well for x25519 keys
> that are written out using openssl's key generator:
> >
> > For private key: `openssl genpkey -algorithm x25519 > pri_key.pem`
> > For public key: `openssl pkey -in pri_key.pem -pubout -out pub_key.pem`
> >
> > However, we receive this public key from a service written in Java,
> which uses BouncyCastle's library to encode the key.
> > Apparently, in these keys the curve is not explicitly named and that
> causes load_pem_{public_private}_key to fail with the following error (call
> stack attached in callstack.txt):
> >
> > NotImplementedError: ECDSA keys with unnamed curves are unsupported at
> this time
> >
> > These same public/private keys generated by the sender can be opened
> using `openssl asn1parse ..` command and what's more, when I generate the
> public key from the private key using `openssl pkey -in <> -pubout -out <>`
> I get the exact same public key back ! (attached the sample
> java_pri_key.pem and java_pub_key.pem). That confirms that at the openssl
> layer it's able to recognize the private key and output a public key in the
> same format.
> >
> > So my question is: how can I load the sender's pub_key.pem into a
> X25519PublicKey? If that's not possible, any suggestions for how else can
> I, in Python, load the keys and decrypt data received from the Java service?
> >
> > regards,
> > Saurabh
> >
> > On Thu, Mar 11, 2021 at 12:47 AM Paul Kehrer <paul.l.kehrer at gmail.com>
> wrote:
> >>
> >> Yes, load_{pem,der}_{public,private}_key can load
> >> ed25519/ed448/x25519/x448 keys as well as long as they are in
> >> PKCS8/subjectPublicKeyInfo formats. We should fix those docs.
> >>
> >> -Paul
> >>
> >> On Wed, Mar 10, 2021 at 11:05 AM Alex Gaynor <alex.gaynor at gmail.com>
> wrote:
> >> >
> >> > Hi Saruabh,
> >> >
> >> > I think
> https://cryptography.io/en/latest/hazmat/primitives/asymmetric/serialization.html#cryptography.hazmat.primitives.serialization.load_pem_public_key
> >> > should work. Notwithstanding the docs, I believe it'll load an
> >> > X25519PublicKey :-) If that works for you, let us know and I'll make
> >> > sure we fix those docs.
> >> >
> >> > Alex
> >> >
> >> > On Wed, Mar 10, 2021 at 11:56 AM Saurabh Kapoor <saurabh at fintify.com>
> wrote:
> >> > >
> >> > > Hi,
> >> > >
> >> > > A service we communicate with sends us their Curve25519 public key
> as a PEM file. The key is DER encoded and the format is X.509's
> SubjectPublicKeyInfo.
> >> > >
> >> > > We would like to create a
> cryptography.hazmat.primitives.asymmetric.x25519.X25519PublicKey for this
> object but I am unable to find the routines to load such keys.
> X25519PublicKey.load_public_bytes(..) expects a raw key.
> >> > >
> >> > > Using the following openssl command I can examine the key: openssl
> asn1parse -in pub_key.pem
> >> > >
> >> > > Any suggestions on how my service written in Python can load this
> kind of a public key? I've also posted a slightly more detailed question
> here:
> https://stackoverflow.com/questions/66492939/python-decoding-an-ecdh-curve-25519-public-key-encoded-as-a-pem-file
> >> > >
> >> > > regards,
> >> > > Saurabh
> >> > > _______________________________________________
> >> > > Cryptography-dev mailing list
> >> > > Cryptography-dev at python.org
> >> > > https://mail.python.org/mailman/listinfo/cryptography-dev
> >> >
> >> >
> >> >
> >> > --
> >> > All that is necessary for evil to succeed is for good people to do
> nothing.
> >> > _______________________________________________
> >> > Cryptography-dev mailing list
> >> > Cryptography-dev at python.org
> >> > https://mail.python.org/mailman/listinfo/cryptography-dev
> >> _______________________________________________
> >> Cryptography-dev mailing list
> >> Cryptography-dev at python.org
> >> https://mail.python.org/mailman/listinfo/cryptography-dev
> >
> > _______________________________________________
> > Cryptography-dev mailing list
> > Cryptography-dev at python.org
> > https://mail.python.org/mailman/listinfo/cryptography-dev
> _______________________________________________
> Cryptography-dev mailing list
> Cryptography-dev at python.org
> https://mail.python.org/mailman/listinfo/cryptography-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.python.org/pipermail/cryptography-dev/attachments/20210315/5afbbf11/attachment.html>

From paul.l.kehrer at gmail.com  Thu Mar 25 13:52:18 2021
From: paul.l.kehrer at gmail.com (Paul Kehrer)
Date: Thu, 25 Mar 2021 07:52:18 -1000
Subject: [Cryptography-dev] PyCA cryptography 3.4.7 released
Message-ID: <CABj5TKRwB2LS5AqH0VyBqF2iqH02ziDdRQa7HYT39P3-8DB0uA@mail.gmail.com>

PyCA cryptography 3.4.7 has been released to PyPI. cryptography
includes both high level recipes and low level interfaces to common
cryptographic algorithms such as symmetric ciphers, asymmetric
algorithms, message digests, X509, key derivation functions, and much
more. We support Python 3.6+, and PyPy3.

Changelog (https://cryptography.io/en/latest/changelog.html#v3-4-7):
* Updated Windows, macOS, and manylinux wheels to be compiled with
OpenSSL 1.1.1k.

-Paul Kehrer (reaperhulk)