How to load a public RSA key into Python-RSA from a file?
Question:
I generated a private and a public key using OpenSSL with the following commands:
openssl genrsa -out private_key.pem 512
openssl rsa -in private_key.pem -pubout -out public_key.pem
I then tried to load them with a python script using Python-RSA:
import os
import rsa
with open('private_key.pem') as privatefile:
keydata = privatefile.read()
privkey = rsa.PrivateKey.load_pkcs1(keydata,'PEM')
with open('public_key.pem') as publicfile:
pkeydata = publicfile.read()
pubkey = rsa.PublicKey.load_pkcs1(pkeydata)
random_text = os.urandom(8)
#Generate signature
signature = rsa.sign(random_text, privkey, 'MD5')
print signature
#Verify token
try:
rsa.verify(random_text, signature, pubkey)
except:
print "Verification failed"
My python script fails when it tries to load the public key:
ValueError: No PEM start marker "-----BEGIN RSA PUBLIC KEY-----" found
Answers:
Python-RSA uses the PEM RSAPublicKey format and the PEM RSAPublicKey format uses the header and footer lines:
openssl NOTES
-----BEGIN RSA PUBLIC KEY-----
-----END RSA PUBLIC KEY-----
Output the public part of a private key in RSAPublicKey format:
openssl EXAMPLES
openssl rsa -in key.pem -RSAPublicKey_out -out pubkey.pem
If on Python3, You also need to open the key in binary mode, e.g:
with open('private_key.pem', 'rb') as privatefile:
You can generate private key by ssh-keygen:
ssh-keygen -t rsa
and generate public key like this:
ssh-keygen -e -m pem -f xxx > pubkey.pem
http://blog.oddbit.com/2011/05/08/converting-openssh-public-keys/
To load an OpenSSL generated public key file with python-rsa library, try
with open('public_key.pub', mode='rb') as public_file:
key_data = public_file.read()
public_key = rsa.PublicKey.load_pkcs1_openssl_pem(key_data)
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.backends import default_backend
def load_keys(public_key_path, private_key_path):
with open(public_key_path, "rb") as f:
public = serialization.load_pem_public_key(
f.read(), backend=default_backend()
)
with open(private_key_path, "rb") as f:
private = serialization.load_pem_private_key(
f.read(), None, backend=default_backend()
)
return private, public
I generated a private and a public key using OpenSSL with the following commands:
openssl genrsa -out private_key.pem 512
openssl rsa -in private_key.pem -pubout -out public_key.pem
I then tried to load them with a python script using Python-RSA:
import os
import rsa
with open('private_key.pem') as privatefile:
keydata = privatefile.read()
privkey = rsa.PrivateKey.load_pkcs1(keydata,'PEM')
with open('public_key.pem') as publicfile:
pkeydata = publicfile.read()
pubkey = rsa.PublicKey.load_pkcs1(pkeydata)
random_text = os.urandom(8)
#Generate signature
signature = rsa.sign(random_text, privkey, 'MD5')
print signature
#Verify token
try:
rsa.verify(random_text, signature, pubkey)
except:
print "Verification failed"
My python script fails when it tries to load the public key:
ValueError: No PEM start marker "-----BEGIN RSA PUBLIC KEY-----" found
Python-RSA uses the PEM RSAPublicKey format and the PEM RSAPublicKey format uses the header and footer lines:
openssl NOTES
-----BEGIN RSA PUBLIC KEY-----
-----END RSA PUBLIC KEY-----
Output the public part of a private key in RSAPublicKey format:
openssl EXAMPLES
openssl rsa -in key.pem -RSAPublicKey_out -out pubkey.pem
If on Python3, You also need to open the key in binary mode, e.g:
with open('private_key.pem', 'rb') as privatefile:
You can generate private key by ssh-keygen:
ssh-keygen -t rsa
and generate public key like this:
ssh-keygen -e -m pem -f xxx > pubkey.pem
http://blog.oddbit.com/2011/05/08/converting-openssh-public-keys/
To load an OpenSSL generated public key file with python-rsa library, try
with open('public_key.pub', mode='rb') as public_file:
key_data = public_file.read()
public_key = rsa.PublicKey.load_pkcs1_openssl_pem(key_data)
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.backends import default_backend
def load_keys(public_key_path, private_key_path):
with open(public_key_path, "rb") as f:
public = serialization.load_pem_public_key(
f.read(), backend=default_backend()
)
with open(private_key_path, "rb") as f:
private = serialization.load_pem_private_key(
f.read(), None, backend=default_backend()
)
return private, public