error when trying to import a ECC private key
172 views
Skip to first unread message
Abdelkrim Fitouri
Jan 26, 2018, 7:42:17 PM1/26/18
to PyCryptodome
Hello,
I have a purpose to create the same private key / public key based on an input string:
I am facing a problem when trying to import a ECC private key:input = sys.argv[1]
input_hash = SHA256.new(input)
private_pem = PEM.encode(input_hash.digest(), "PRIVATE KEY", passphrase=None, randfunc=None)
key = ECC.import_key(private_pem)
Traceback (most recent call last):
File "request.py", line 29, in <module>
key = ECC.import_key(private_pem)
File "C:\Python27\lib\site-packages\Crypto\PublicKey\ECC.py", line 792, in import_key
return _import_der(der_encoded, passphrase)
File "C:\Python27\lib\site-packages\Crypto\PublicKey\ECC.py", line 725, in _import_der
raise ValueError("Not an ECC DER key")
ValueError: Not an ECC DER key
Helder Eijs
Jan 27, 2018, 7:42:11 AM1/27/18
to Abdelkrim Fitouri, PyCryptodome
Hi Abdelkrim,
You are not creating a valid PEM-encoded key in this way.
You could instead:
* Use scrypt() to derive a secret seed from the password taken from
the input (as opposed to a single round of hash, which is not secure
against dictionary attacks)
* Create a PRNG using Hash.SHAKE128 (for instance) and passing the
seed from the previous step. As an example, see the function
get_fixed_prng() in test_import_ECC.py
* Generate the key using ECC.generate() and the parameter "randfunc"
set to the PRNG created in the previous step
The result is an ECC key pair that depends only on the password.
It also means that the ECC key pair will not be more secure than the
password you choose of course...
H.E.
> --
> You received this message because you are subscribed to the Google Groups
> "PyCryptodome" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to pycryptodome...@googlegroups.com.
> To post to this group, send email to pycryp...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
You are not creating a valid PEM-encoded key in this way.
You could instead:
* Use scrypt() to derive a secret seed from the password taken from
the input (as opposed to a single round of hash, which is not secure
against dictionary attacks)
* Create a PRNG using Hash.SHAKE128 (for instance) and passing the
seed from the previous step. As an example, see the function
get_fixed_prng() in test_import_ECC.py
* Generate the key using ECC.generate() and the parameter "randfunc"
set to the PRNG created in the previous step
The result is an ECC key pair that depends only on the password.
It also means that the ECC key pair will not be more secure than the
password you choose of course...
H.E.
> You received this message because you are subscribed to the Google Groups
> "PyCryptodome" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to pycryptodome...@googlegroups.com.
> To post to this group, send email to pycryp...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Abdelkrim Fitouri
Jan 28, 2018, 5:16:12 PM1/28/18
to Helder Eijs, PyCryptodome
Hi Helder,
thanks for your reply,> email to pycryptodome+unsubscribe@googlegroups.com.
> To post to this group, send email to pycryp...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
Cordialement / Best Regards.
Abdelkarim FITOURI
LPIC/CEH/ITIL
System And Security Engineer
Helder Eijs
Jan 29, 2018, 7:59:07 AM1/29/18
to Abdelkrim Fitouri, PyCryptodome
Indeed there are no methods in the library to encrypt with ECC today.
To be hones, ECC cannot be used for encryption even for short
payloads: it always needs to be combined with AES into a hybrid scheme
like ECIES.
If that's an option, you could use RSA instead of ECC.
This example shows encryption done with RSA:
https://www.pycryptodome.org/en/latest/src/examples.html#encrypt-data-with-rsa
H.E.
>> > email to pycryptodome...@googlegroups.com.
To be hones, ECC cannot be used for encryption even for short
payloads: it always needs to be combined with AES into a hybrid scheme
like ECIES.
If that's an option, you could use RSA instead of ECC.
This example shows encryption done with RSA:
https://www.pycryptodome.org/en/latest/src/examples.html#encrypt-data-with-rsa
H.E.
Abdelkrim Fitouri
Jan 29, 2018, 1:11:03 PM1/29/18
to PyCryptodome
Ok i see,
it is sad, because i cannot find a python lib which can generate key basing on a PRNG + can sign/verif and encrypt/decrypt.
all the libs can only do a part and not both parts.
Are your planning to add ECIES on pycrypto on the next releases ?
Kind regards.
it is sad, because i cannot find a python lib which can generate key basing on a PRNG + can sign/verif and encrypt/decrypt.
all the libs can only do a part and not both parts.
Are your planning to add ECIES on pycrypto on the next releases ?
Kind regards.
Helder Eijs
Feb 2, 2018, 5:42:03 AM2/2/18
to Abdelkrim Fitouri, PyCryptodome
>> Are your planning to add ECIES on pycrypto on the next releases ?
Yes, probably by the end of the year.
It is not the highest prio right now.
H.E.
Reply all
Reply to author
Forward
0 new messages