创建RSA SHA-256(DNSSEC有效)密钥?

时间:2013-12-02 08:48:04

标签: python rsa sha

我想在Python中为DNSSEC创建自己的RSA / Sha256密钥生成器。 我知道已经有一个内置的keygen(dnssec-keygen),但我想自己构建它。

接受的密钥如下所示:

Private-key-format: v1.2

   Algorithm:       8 (RSASHA256)
   Modulus:         wVwaxrHF2CK64aYKRUibLiH30KpPuPBjel7E8ZydQW1HYWHfoGm
                    idzC2RnhwCC293hCzw+TFR2nqn8OVSY5t2Q==
   PublicExponent:  AQAB
   PrivateExponent: UR44xX6zB3eaeyvTRzmskHADrPCmPWnr8dxsNwiDGHzrMKLN+i/
                    HAam+97HxIKVWNDH2ba9Mf1SA8xu9dcHZAQ==
   Prime1:          4c8IvFu1AVXGWeFLLFh5vs7fbdzdC6U82fduE6KkSWk=
   Prime2:          2zZpBE8ZXVnL74QjG4zINlDfH+EOEtjJJ3RtaYDugvE=
   Exponent1:       G2xAPFfK0KGxGANDVNxd1K1c9wOmmJ51mGbzKFFNMFk=
   Exponent2:       GYxP1Pa7CAwtHm8SAGX594qZVofOMhgd6YFCNyeVpKE=
   Coefficient:     icQdNRjlZGPmuJm2TIadubcO8X7V4y07aVhX464tx8Q=

http://tools.ietf.org/html/rfc5702

我的Python脚本可以生成RSA部分,但我不知道如何将它与SHA256混合:

#!/usr/bin/python

from Crypto.PublicKey import RSA
from Crypto.Hash import SHA256
import base64
import hashlib

key = RSA.generate(2048)

expo1 = ((key.d)%((key.p)-1))
expo2 = ((key.d)%((key.q)-1))

KEYVORLAGE = """Private-key-format: v1.2
Algorithm:       8 (RSASHA256)
Modulus: {0}
PublicExponent: {1}
PrivateExponent: {2} 
Prime1: {3}
Prime2: {4}
Exponent1: {5}
Exponent2: {6}
Coefficient: {7}"""

keystring = KEYVORLAGE.format(key.n,key.e,key.d,key.p,key.q,expo1,expo2,key.u)
print keystring

BTW:此脚本生成的所有关键部件只有数字而非随机字母,如有效密钥。

2 个答案:

答案 0 :(得分:1)

问题由OP回答,but in the question itself。下面的文字副本。

答案很简单 - 通过修改keystring:

keystring = KEYVORLAGE.format( 
    base64.standard_b64encode(str(key.n)), 
    base64.standard_b64encode(str(key.e)), 
    base64.standard_b64encode(str(key.d)), 
    base64.standard_b64encode(str(key.p)), 
    base64.standard_b64encode(str(key.q)), 
    base64.standard_b64encode(str(expo1)), 
    base64.standard_b64encode(str(expo2)), 
    base64.standard_b64encode(str(key.u)))

答案 1 :(得分:0)

我的建议:

#!/usr/bin/python

import ldns

dnskey = ldns.ldns_key.new_frm_algorithm(ldns.LDNS_RSASHA256, 2048)
print(str(dnskey))
Private-key-format: v1.2
Algorithm: 8 (RSASHA256)
Modulus: tZqeHDj2fvrGZrrZ+t+8lJmbKijaBjyeKg+8ccWl6XuEolbP/L+0UaV6TOEzWOIPuA/4bGEUYJF0/ITY3s/m2X1Zaf5Tcr7OwbIGg8JlBB+WrJ1pd0n48vg1ivdh27OvTehwNA+dx04V0NN1oCF0aGGv0XoIhVpLu8NgMjs3K0ZWtwUGFhRYpSKKkdZXf08GolpnnjMS/WMEEPDWEUAEv5T2ys9EhVNc3zm2eE+kNxtrF3ueldz8JPZHxJbm2H50mYPSvQsIXFxjdMPErYvs6Xixa/YtucCHwLmpYRxSESlnxZ5AhcusxiiyCyxsF63yd3MpoI5C1X//xEhr6OB2iw==
PublicExponent: AQAB
PrivateExponent: A2AGRDwCyMVcXphmaLUzygc4zQXJV4hU4C8+r1afCMHU6zd10hq1/TZ4GWmuDJ7W7/LMCSecu1a4t+C4LxvqDGy59rBVWLKXIR5v5I7+VZ9Iq5iZVzA2wj0+sYB7fxvNzELfovgPVJ7s5N6pNvqoMTBvlhMQiXnuImU1KnnTQqiZ+Iegcc4v6R+WoJVysjVxcGa4gdjD5yiZej+gPGHMCJqUur4utYDb01p0VOm15gAbBiRQDhnS1xXLbyKv8svLr/NI1jEpkDeuLU7LbZJLFVB52YSZgRTfqAlKUY9oB7KHY4wjA8SxxqRBQ1gcEsAogSSasOhjLTuy6EnQ3RN4kQ==
Prime1: 5Pwr5q3MJshI1Jpy+XSQeP2zCNe1lgiqqiUmRWkpe02qUWovoGLdSQjfsyiS1Al4uj/TddNWoXHerUMCZgJ+3Q5SvrieHpJwsAfQH72a06FeBjbbf0xod4Jrs14zUeB1a0aNB+v6bI5CGkbTIh2339LcfYyWG8dw6t8iANLMb1c=
Prime2: ywdwP3liUR1FYC0ttmPU6A215FS5pwIQ6e09pGlygjbv1JmZ3w0dGhkhVJL8iZ5KnrcCEzwI44vdfAtu3QDt1c+Bn0RSD8BpTlTJdBkyHfzzwDoN2w1sFe/rGfvSYyncHNkf0Mqj8pdQ9tpW46XXH2aP+zVfH5FyrX0rOHSW1e0=
Exponent1: QamSSTbjSOe8AsM7Xw8u8pMFiO6aUqivj9TRUawjSgluYqRJfft7qxrRUwW6fPUuWnI9CBePSwJlMVf60xe6G1elIK2+IdQqXkAPTVrIkBFA7hVDAhD+D+8lRS0pGDx+T0HO5Uuk5wYwLGrM1oahGJzVv2bWEKczWRadIJFSMEc=
Exponent2: fRUAGpr173NRIoey+gNXT//iZ+Gq3zFuqi/3Iiu02HRwHVLkcX7qxwFkf25vF3nmDxJAvQjnkQjCU4HXs2C3JlrJSQ4WYI3yUsf5tQUw0zjcEzmw/5utU3aUKVXzsBRB/6Pk7gVqLDL9Npgdn/K0LixJ2EJxcElzlV7gGc/6faE=
Coefficient: 11MhOHYowmSXQGZhv4cJk9ZYupHuGbzqj+qv10xOuFWbvPGnkKAmuxUJ5MeYhFS/rZQ+VjroDh0sAPe7ycX1lyyn2KWH8/92tVoy77pnJvWyxBxZCKWFK2p1rGOfxhCjyyzOlQ071uv0CeloK1lsvlE9tJgseCcP4QQr9Qec6gA=

例如要在debian(破坏者)下使用,您需要安装软件包python3-ldns