Geek Answers Handbook

Openssl_seal () in Python

To connect to the server, I found that using PHP I need to use openssl_seal() . This is fine, but I want to use Python. I cannot convert openssl_seal() to an equivalent function.

Can you help me?

This is what openssl_seal() does:

Description int openssl_seal (string $ data, string & $ sealed_data, array & $ env_keys, array $ pub_key_ids)

 openssl_seal() seals (encrypts) data by using RC4 with a randomly generated secret key. The key is encrypted with each of the public keys associated with the identifiers in pub_key_ids and each encrypted key is returned in env_keys. This means that one can send sealed data to multiple recipients (provided one has obtained their public keys). Each recipient must receive both the sealed data and the envelope key that was encrypted with the recipient public key.
+6
python openssl
source share
2 answers

this blogpost contains a very detailed description of what is going on inside openssl_seal() . It also has an implementation in Java.

From this, I would think that it should be relatively simple ("proof on the left as an exercise for the reader") to perform an equivalent implementation in python using pyopenssl , which includes RC4 or newer, but for this purpose more focused tlslite .

+2
source share

What opens openssl_seal:

  • Extract public_key from certificate
  • Generate 128 bits (16 bytes) long random_key (this will be used to encrypt the message using a symmetric algorithm, since it is faster)
  • Encrypt random_card with PKCS # 1
  • Encrypt message with ARC4 and random_key
  • Print encrypted_random_key and encrypted_message

The receiving party can then decrypt encrypted_random_key with its private_key, and then decrypt the encrypted_ value with random_key.

Since in Python there is no way to do this through the standard library, I'm just going to throw away the three approaches I tried:

 # pyca/cryptography (cryptography.io) version # pip install cryptography import os import cryptography from cryptography import x509 message = 'Super secret secret message' message = message.encode('utf-8') certificate_data = open('/path/to/certificate.cer', 'r').read() certificate_data = certificate_data.encode('utf-8') certificate = cryptography.x509.load_pem_x509_certificate(data=certificate_data, backend=cryptography.hazmat.backends.default_backend()) public_key = certificate.public_key() random_key = os.urandom(16) encrypted_random_key = public_key.encrypt(plaintext=random_key, padding=cryptography.hazmat.primitives.asymmetric.padding.PKCS1v15()) print(encrypted_random_key) algorithm = cryptography.hazmat.primitives.ciphers.algorithms.ARC4(random_key) cipher = cryptography.hazmat.primitives.ciphers.Cipher(algorithm=algorithm, mode=None, backend=cryptography.hazmat.backends.default_backend()) encryptor = cipher.encryptor() encrypted_message = encryptor.update(message) print(encrypted_message)

.

 # M2Crypto version # pip install pip install git+https://gitlab.com/m2crypto/ m2crypto@python3 import M2Crypto message = 'Super secret secret message' message = message.encode('utf-8') certificate = M2Crypto.X509.load_cert('/path/to/certificate.cer') public_key = certificate.get_pubkey() rsa_pub = public_key.get_rsa() random_key = M2Crypto.Rand.rand_bytes(16) encrypted_random_key = rsa_pub.public_encrypt(random_key, M2Crypto.RSA.pkcs1_padding) print(encrypted_random_key) cipher = M2Crypto.EVP.Cipher(alg='rc4', key=random_key, iv=b'', op=M2Crypto.encrypt) encrypted_message = cipher.update(message) encrypted_message += cipher.final() print(encrypted_message)

.

 # PyCrypto version # pip install pycrypto # Please bear in mind that PyCrypto cannot handle x509 certificates. # You will have to extract the public_key to a pem file: # openssl x509 -inform pem -in certificate.cer -pubkey -noout > public_key.pem from Crypto import Random from Crypto.Cipher import ARC4 from Crypto.Cipher import PKCS1_OAEP from Crypto.Cipher import PKCS1_v1_5 from Crypto.PublicKey import RSA message = 'Super secret secret message' message = message.encode('utf-8') public_key_data = open('/path/to/public_key.pem', 'r').read() public_key = RSA.importKey(public_key_data) random_key = Random.new().read(16) cipher = PKCS1_v1_5.new(public_key) encrypted_random_key = cipher.encrypt(random_key) print(encrypted_random_key) cipher = ARC4.new(random_key) encrypted_message = cipher.encrypt(message) print(encrypted_message)

You can check my post at => http://helpfulsheep.com/2017-09-01-openssl-seal-in-python/

+1
source share

More articles:


All Articles