Python Asymmetric Encryption: Using pre-generated prv/pub keys

Question

Ok first off yes I have searched google and stackoverflow and done some reading (over 4 hours JUST in this sitting) have not found what I need for these reasons:

• Many of them suggest just launching an exe like gpg.exe (http://stackoverflow.com/questions/1020320)

• Some suggested using PyCrypto or other libraries and looking at them, either a) I can't find how to use any of their API, b) I can't find how to import a pre-existing prv/pub key or c) they use the insecure RandomPool (and me trying to updated it is just asking for trouble)

• Some mention it in passing but I could not find what they where linking to (or their was no link at all.

So I know ask you fellow stackoverflow users how can I do this, take a string of a public key (or path (I could just write it to a temp file, (I plan to just have it as a string pub_key = "..." ) ) ) and use it to sign and secure a string (that will be posted on a forum (JSON for updating my application)?

Also these are RSA keys (Putty Gen 4096 bits SSH-2-RSA) that are generated using PuttyGen (can be in any format (OpenSSH, ssh.com, ppk)

This is what the public key looks like

---- BEGIN SSH2 PUBLIC KEY ----

Comment: "rsa-key-20101003"

AAAAB3NzaC1yc2EAAAABJQAAAgEAi+91fFsxZ7k1UuudSe5gZoavwARUyZScCtdf WQ0ROoJC+XIqW5vVJfgmr+A1jLS5m4wNsrCqeyoX2B22T6iEwqVXrXt3QcbccKMu WkLKFK1h67q6Coc+3eOTmKrOuZbWc19YQgybdkR/GxF7XAbq4NCGNaCDtMOqX8Q2 L/a9fAYqVdTwg9trpcz3whNmdLk/B0edOABKuVX51UdLV+ZggK503+uAb1JiIIj0 mARwR/HNo4oRLMLf2PjuZsGVYYjJDdVJBU6AN4PUQSRRRPL4+YmsrLJb/TpfJeXA vj4KZMNJv15YXz7/iMZMKznDtr2RJX5wbSpuTUBNZveA7YiIHxvvvis38b/lX9SJ SYPfZ9CeQY6MvQgG2zwDTOOvKgOIB4sTGMXfcoxB8AF/QXOcxWFJkZoj36rvMd9n Po6szLjHXwcEUOUvvQfG4VvdQA0H5gGLHqYL1EehRsgi5qcCoFPaZW2K09ErKcS0 MbrLFjBkQ9KmqAM38bvM8UhCWAMA9VXOGHMxUHBV4Bir9alGS4VX0B8Y0b3dZ+7I MKkHMCwdEUJf7QVdGxGuSQtVsq8RZbIpk3g7wtv8f6I/iEC58ekdrH35tq5+1ilW dkk9+rrhUy4qrZ+HFi7AeemybpiumbSnebvnkMaIPAOo23V8C9BQ0iuxx4gIZf10 o+TPSK8=

---- END SSH2 PUBLIC KEY ----

NOT THIS --> Key Format seems to be PKCS1 so M2Crypto will NOT work (its load key function expects PEM)

Latest reading I think it is SSH Public Key File Format (RFC: http://www.ietf.org/rfc/rfc4716.txt )

I also think below it wrong, I don't think it handles SSH Public Key File Format :(

Also looks like Twisted might be where I should look

http://www.java2s.com/Open-Source/Python/Network/Twisted/Twisted-1.0.3/Twisted-1.0.3/twisted/conch/ssh/keys.py.htm

Also why does SO not allow me to post a bounty immediately??

Answer 1

Ok I found how to load it

from twisted.conch.ssh import keys as Keys
import base64

public_key = """\
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "rsa-key-20101003"
AAAAB3NzaC1yc2EAAAABJQAAAgEAi+91fFsxZ7k1UuudSe5gZoavwARUyZScCtdf
WQ0ROoJC+XIqW5vVJfgmr+A1jLS5m4wNsrCqeyoX2B22T6iEwqVXrXt3QcbccKMu
WkLKFK1h67q6Coc+3eOTmKrOuZbWc19YQgybdkR/GxF7XAbq4NCGNaCDtMOqX8Q2
L/a9fAYqVdTwg9trpcz3whNmdLk/B0edOABKuVX51UdLV+ZggK503+uAb1JiIIj0
mARwR/HNo4oRLMLf2PjuZsGVYYjJDdVJBU6AN4PUQSRRRPL4+YmsrLJb/TpfJeXA
vj4KZMNJv15YXz7/iMZMKznDtr2RJX5wbSpuTUBNZveA7YiIHxvvvis38b/lX9SJ
SYPfZ9CeQY6MvQgG2zwDTOOvKgOIB4sTGMXfcoxB8AF/QXOcxWFJkZoj36rvMd9n
Po6szLjHXwcEUOUvvQfG4VvdQA0H5gGLHqYL1EehRsgi5qcCoFPaZW2K09ErKcS0
MbrLFjBkQ9KmqAM38bvM8UhCWAMA9VXOGHMxUHBV4Bir9alGS4VX0B8Y0b3dZ+7I
MKkHMCwdEUJf7QVdGxGuSQtVsq8RZbIpk3g7wtv8f6I/iEC58ekdrH35tq5+1ilW
dkk9+rrhUy4qrZ+HFi7AeemybpiumbSnebvnkMaIPAOo23V8C9BQ0iuxx4gIZf10
o+TPSK8=
---- END SSH2 PUBLIC KEY ----"""

key_data = ''.join(public_key.splitlines()[2:-1])# remove begin, end tags and comment
blob = base64.decodestring(key_data)
key = Keys.Key._fromString_BLOB(blob)

Answer 2

I can think of at least two relatively simple options

1. Use OpenSSL (or pyOpenSSL) to convert the BER to PEM
2. Use paramiko, twisted or any other python SSH implementation to work with the keys directly