yann2192 / pyelliptic Goto Github PK
View Code? Open in Web Editor NEWPython OpenSSL wrapper. For modern cryptography with ECC, AES, HMAC, Blowfish, ...
License: BSD 2-Clause "Simplified" License
Python OpenSSL wrapper. For modern cryptography with ECC, AES, HMAC, Blowfish, ...
License: BSD 2-Clause "Simplified" License
Your program, licensed under the GPL, links to OpenSSL libraries. Without granting an exemption, the OpenSSL License and the GPL are incompatible. An explanation as to why can be seen here: https://people.gnome.org/~markmc/openssl-and-the-gpl
To fix this, and still keep your software licensed under the GPL, all you need to do is add the following to your license file.
I don't know if this used to work or not, but I have noticed that when using ECC to decrypt it requires you to pass in the public key in addition to the private key when creating the object. I believe only the private key should be required.
It fails with
Traceback (most recent call last):
File "/Users/craig/Dropbox/codestuff/encryptr.py", line 221, in <module>
result = new_ecc.decrypt(ciphertext)
File "/usr/local/lib/python3.4/site-packages/pyelliptic/ecc.py", line 535, in decrypt
raise RuntimeError("Fail to verify data")
RuntimeError: Fail to verify data
Reproduce code:
import pyelliptic
ecc = pyelliptic.ECC(curve='prime256v1')
public_key = ecc.get_pubkey()
private_key = ecc.get_privkey()
plaintext = 'abc'
ciphertext = ecc.encrypt(plaintext, public_key)
# this works fine
new_ecc = pyelliptic.ECC(privkey=private_key, pubkey=public_key, curve='prime256v1')
result = new_ecc.decrypt(ciphertext)
# this raises exception
new_ecc = pyelliptic.ECC(privkey=private_key, curve='prime256v1')
result = new_ecc.decrypt(ciphertext)
Just FYI
[mbarkhau@localhost pyelliptic-master]$ uname -a
Linux localhost.localdomain 3.7.2-204.fc18.x86_64 #1 SMP Wed Jan 16 16:22:52 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
This is the only sytem dependency I think is required
[mbarkhau@localhost pyelliptic-master]$ sudo yum install openssl-devel
Loaded plugins: langpacks, presto, refresh-packagekit
Package 1:openssl-devel-1.0.1e-4.fc18.x86_64 already installed and latest version
Nothing to do
Installed pyelliptic from source
[mbarkhau@localhost pyelliptic-master]$ sudo python setup.py install
running install
running bdist_egg
running egg_info
...
Installed /usr/lib/python2.7/site-packages/pyelliptic-1.5.1-py2.7.egg
Processing dependencies for pyelliptic==1.5.1
Finished processing dependencies for pyelliptic==1.5.1
Import raises error
[mbarkhau@localhost pyelliptic-master]$ python -c "import pyelliptic"
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "pyelliptic/__init__.py", line 14, in <module>
from .openssl import OpenSSL
File "pyelliptic/openssl.py", line 398, in <module>
OpenSSL = _OpenSSL(libname)
File "pyelliptic/openssl.py", line 69, in __init__
self.EC_KEY_free = self._lib.EC_KEY_free
File "/usr/lib64/python2.7/ctypes/__init__.py", line 373, in __getattr__
func = self.__getitem__(name)
File "/usr/lib64/python2.7/ctypes/__init__.py", line 378, in __getitem__
func = self._FuncPtr((name_or_ordinal, self))
AttributeError: /lib64/libcrypto.so.10: undefined symbol: EC_KEY_free
Am I missing some library? If so, I think the readme should be updated with apt-get/yum instructions.
The MAC verification in ECC.decrypt
is not a constant-time operation (see here). I don't know whether this may lead to a timing attack, but it's better to be safe than sorry.
Suggest using streql or constant_time_compare.
It would be awesome to have this mode. It looks like it is present in
$ openssl version
OpenSSL 1.0.1f 6 Jan 2014
$ openssl enc -help 2>&1 | grep gcm
-aes-128-ecb -aes-128-gcm -aes-128-ofb
-aes-192-ecb -aes-192-gcm -aes-192-ofb
-aes-256-ecb -aes-256-gcm -aes-256-ofb
My system libraries may be deficient and am building my own. Unable to build the shared libraries.
In OpenBazaar we use the MIT license, and we also use pyelliptic. However, I believe this use may be incompatible with our licenses.
Would you please give us your opinion on how you think we should solve this licensing incompatibility?
As pyelliptic is a library, would it be reasonable to ask to switch to the LGPL so that it can be used as an external library in projects such as OpenBazaar?
Thank you very much!
Please, can you consider create functions for loading already created keys? Thanks!
Do you plan to support Python 3 in the short term?.
Thanks!.
File "/home/s/webapps/appt/lib/python3.4/site-packages/pyelliptic/ecc.py", line 89, in init
self.privkey, self.pubkey_x, self.pubkey_y = self._generate()
File "/home/s/webapps/appt/lib/python3.4/site-packages/pyelliptic/ecc.py", line 223, in _generate
raise Exception("[OpenSSL] EC_KEY_generate_key FAIL ... " + OpenSSL.get_error())
TypeError: Can't convert 'bytes' object to str implicitly
library should accept SHA type as an optional parameter and hash to the preferred method. This bug prevents the library from being used for things like JWT, VAPID and the like.
Hi @yann2192 , @fredigato, @ankitpopli1891, @arjan-s
I have few issues related to PyOpenSSL & Cryptography packages in Python. Can you please help in resolving these, if possible ? (Tried a lot but couldn't figure out the exact reason still)
Python Code which initiates the Error:
print("Salt: %s" % salt)
server_key = pyelliptic.ECC(curve="prime256v1")
print("Server_key: %s" % server_key)
server_key_id = base64.urlsafe_b64encode(server_key.get_pubkey()[1:])
http_ece.keys[server_key_id] = server_key
http_ece.labels[server_key_id] = "P-256"
encrypted = http_ece.encrypt(data, salt=salt, keyid=server_key_id,
dh=self.receiver_key, authSecret=self.auth_key)
Value of "Salt" is getting displayed in 100% of the cases. But
If value of "Server Key:" gets displayed, I see the the following EntryPoint Error because of http_ece.encrypt() call:
AttributeError("'EntryPoint' object has no attribute 'resolve'",)
(Ref. File Link: https://github.com/martinthomson/encrypted-content-encoding/blob/master/python/http_ece/__init__.py#L128 )
Otherwise I get the following Error because of pyelliptic.ECC() call:
Exception('[OpenSSL] EC_KEY_generate_key FAIL ... error:00000000:lib(0):func(0):reason(0)',)
(Ref. File Link: https://github.com/yann2192/pyelliptic/blob/master/pyelliptic/ecc.py#L214)
Other Details:
Partial Requirements.txt:
cryptography==1.5
pyelliptic==1.5.7
pyOpenSSL==16.1.0
The Django App is running on Debian8 Google Compute Engine VM Instance using Apache and mod_wsgi.
Can you please help in resolving this issue ?
Please let me know if any more information is required.
Thanks,
Traceback (most recent call last):
File "C:/Users/Maryam/PycharmProjects/bachproject/test.py", line 9, in
import pyelliptic
File "build\bdist.win32\egg\pyelliptic__init__.py", line 14, in
File "build\bdist.win32\egg\pyelliptic\openssl.py", line 342, in
Exception: Couldn't load OpenSSL lib ...
I'm still new to this module and this error arises when I use the commented example shown in the ecc.py file.
Are there any dependencies that I should download other than the openssl module? (I also have the pycrypto module I don't know if it's related or not)
i use tencent mars(https://github.com/Tencent/mars) which use this library.it's going wrong when i use command python gen_key.py.the stack trace is:
File "build\bdist.win-amd64\egg\pyelliptic_init_.py", line 43, in
File "build\bdist.win-amd64\egg\pyelliptic\openssl.py", line 528, in
File "build\bdist.win-amd64\egg\pyelliptic\openssl.py", line 67, in init
File "C:\Python27\lib\ctypes_init_.py", line 362, in init
self._handle = _dlopen(self._name, mode)
WindowsError: [Error 193] %1 不是有效的 Win32
How the ECC algorithm encrypt explain text with the priv_key and decrypt by pub_key?
Hi.
pyelliptic currently uses SHA-1 to hash messages before signing. I've heard SHA-1 is not considered very secure anymore so what do you think about optional ecdsa-with-sha256
mode (and maybe -sha512)?
>>> from pyelliptic.arithmetic import bin_to_b58check
>>> bin_to_b58check(b'a')
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/local/lib/python3.4/dist-packages/pyelliptic/arithmetic.py", line 156, in bin_to_b58check
inp_fmtd = '\x00' + inp
TypeError: Can't convert 'bytes' object to str implicitly
>>>
The problem seems to arise because python 3 differentiates between strings and bytes. Calling the function with a string doesn't work either.
Encryption is not possible with curves on fields smaller or equal than 224bits.
Can be circumvented by:
--- pyelliptic-1.5/pyelliptic/ecc.py 2012-12-10 22:47:00.000000000 +0100
+++ pyelliptic-1.5_mychanges/pyelliptic/ecc.py 2013-06-23 14:31:01.353120820 +0200
@@ -227,8 +227,8 @@
ecdh_keylen = OpenSSL.ECDH_compute_key(
ecdh_keybuffer, 32, other_pub_key, own_key, 0)
if ecdh_keylen != 32:
raise Exception("[OpenSSL] ECDH keylen FAIL ...")
# if ecdh_keylen != 32:
# raise Exception("[OpenSSL] ECDH keylen FAIL ...")
But I am not sure if this is a good idea to drop the exception..
I have some problems with Mac OS that is bundled with openssl OpenSSL 0.9.8y. Here's the traceback:
>>> import pyelliptic
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/Users/nopper/.pyenv/versions/mpotr/lib/python2.7/site-packages/pyelliptic/__init__.py", line 14, in <module>
from .openssl import OpenSSL
File "/Users/nopper/.pyenv/versions/mpotr/lib/python2.7/site-packages/pyelliptic/openssl.py", line 398, in <module>
OpenSSL = _OpenSSL(libname)
File "/Users/nopper/.pyenv/versions/mpotr/lib/python2.7/site-packages/pyelliptic/openssl.py", line 171, in __init__
self.EVP_aes_128_ctr = self._lib.EVP_aes_128_ctr
File "/Users/nopper/.pyenv/versions/2.7.5/lib/python2.7/ctypes/__init__.py", line 378, in __getattr__
func = self.__getitem__(name)
File "/Users/nopper/.pyenv/versions/2.7.5/lib/python2.7/ctypes/__init__.py", line 383, in __getitem__
func = self._FuncPtr((name_or_ordinal, self))
AttributeError: dlsym(0x1006166f0, EVP_aes_128_ctr): symbol not found
I would suggest to implement a try catch mechanism that simlpy disables functions that can not be imported from the .dylib
.
Currently the get_pubkey
and get_privkey
method returns public key and private key that is not compatible with other libraries like SpongyCastle and Cryptopp.
As per the standards, we should use Point Compression or Compact Point Representation.
The following reproduces: bin_to_b58check(hash_160('a'))
. I'm not sure where exactly it's going wrong but I can't understand the intention of the decode function with respect to the while
loop. I had go at fixing it and decided to "fail fast"! Cheers
Public keys of elliptic curves are made by addition/multiplication of private points. For generating public key, each curve needs a lot of parameters: prime P, base points Gx and Gy, coefficient a, coefficient b, order and seed.
By default, pyelliptic provides no means to convert private keys to public keys. In arithmetic.py, which is used in PyBitMessage, there is a method called "privtopub(privkey)", but parameters for multiplication are hardcoded only for secp256k1 curve, which makes most cool functions of arithmetic.py useless for other curves.
UPD: When you generate a key pair, you get a key pair of privkey, pubkeyX and pubkeyY. If you discard public key parameters, there are no means to get them back in pyelliptic. In any case, here is a code from PyBitmessage that can generate pubkeys back:
def point_multiplication(secret, curve_name):
k = OpenSSL.EC_KEY_new_by_curve_name(OpenSSL.get_curve(curve_name))
priv_key = OpenSSL.BN_bin2bn(secret, 32, None)
group = OpenSSL.EC_KEY_get0_group(k)
pub_key = OpenSSL.EC_POINT_new(group)
OpenSSL.EC_POINT_mul(group, pub_key, priv_key, None, None, None)
OpenSSL.EC_KEY_set_private_key(k, priv_key)
OpenSSL.EC_KEY_set_public_key(k, pub_key)
size = OpenSSL.i2o_ECPublicKey(k, None)
mb = OpenSSL.create_string_buffer(size)
OpenSSL.i2o_ECPublicKey(k, OpenSSL.byref(OpenSSL.pointer(mb)))
OpenSSL.EC_POINT_free(pub_key)
OpenSSL.BN_free(priv_key)
OpenSSL.EC_KEY_free(k)
return mb.raw
... so I'm closing the issue.
I am using pyelliptic 1.5.7
Any idea how I can fix this?
Subj. Currently you can't import pyelliptic with openssl 1.1 and greater. Also pyelliptic not understand LD_LIBRARY_* env for change lookup folder.
You could consider also adding the following smaller curves:
prime192v1 (very important curve which was defined together with secp224r1, prime256v1, secp384r1 and secp521r1 in FIPS186-3)
prime192v2
prime192v3
prime239v1
prime239v2
prime239v3
Greets,
erazortt
test.py
currently uses assert
for unit tests, which means they cannot be automated properly for a continuous-integration build. Let's switch to using proper unit tests, i.e. Python's unittest
framework.
I suggest to truncate the signature to the size returned by OpenSSL.ECDSA_sign since the rest is useless anyhow and makes the signature smaller on curves defined on smaller fields.
--- pyelliptic-1.5/pyelliptic/ecc.py 2012-12-10 22:47:00.000000000 +0100
+++ pyelliptic-1.5_mychanges/pyelliptic/ecc.py 2013-06-23 14:31:01.353120820 +0200
@@ -348,7 +348,7 @@
siglen.contents, key)) != 1:
raise Exception("[OpenSSL] ECDSA_verify FAIL ...")
return sig.raw
return sig.raw[0:siglen.contents.value]
finally:
OpenSSL.EC_KEY_free(key)
Greets,
erazortt
This seems problematic http://crypto.stackexchange.com/questions/6480/what-information-to-include-when-calculating-the-hmac-of-ciphertext
Under pyelliptic's current scheme an attacker could alter the IV or ephemeral public key and the hmac check would still pass.
Hi @yann2192 , @fredigato, @ankitpopli1891, @arjan-s
I have few issues related to PyElliptic package in Python. Can you please help in resolving these, if possible ? (Tried a lot but couldn't figure out the exact reason still)
Python Code which initiates the Error:
print("Salt: %s" % salt)
server_key = pyelliptic.ECC(curve="prime256v1")
print("Server_key: %s" % server_key)
server_key_id = base64.urlsafe_b64encode(server_key.get_pubkey()[1:])
http_ece.keys[server_key_id] = server_key
http_ece.labels[server_key_id] = "P-256"
encrypted = http_ece.encrypt(data, salt=salt, keyid=server_key_id,
dh=self.receiver_key, authSecret=self.auth_key)
Value of "Salt" is getting displayed in 100% of the cases. But
If value of "Server Key:" gets displayed, I see the the following EntryPoint Error because of http_ece.encrypt() call:
AttributeError("'EntryPoint' object has no attribute 'resolve'",)
(Ref. File Link: https://github.com/martinthomson/encrypted-content-encoding/blob/master/python/http_ece/__init__.py#L128 )
Otherwise I get the following Error because of pyelliptic.ECC() call:
Exception('[OpenSSL] EC_KEY_generate_key FAIL ... error:00000000:lib(0):func(0):reason(0)',)
(Ref. File Link: https://github.com/yann2192/pyelliptic/blob/master/pyelliptic/ecc.py#L214)
Other Details:
Partial Requirements.txt:
cryptography==1.5
pyelliptic==1.5.7
pyOpenSSL==16.1.0
The Django App is running on Debian8 Google Compute Engine VM Instance using Apache and mod_wsgi.
Can you please help in resolving this issue ?
Please let me know if any more information is required.
Thanks,
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.