How Bona! : Pythonで学ぶRSAを利用したユーザー認証

キーワード:Python,RSA, SSH,チャレンジ・レスポンス認証,公開鍵・秘密鍵

pythonを使ったサンプル


pycryptoを使ったサンプルを作ってみました.これで一通り,動作が確認できます.
samp_rsa.py←右クリックで保存できます.
#!/usr/bin/env python
#encoding: utf-8

import sys
import time
import base64

import Crypto.PublicKey.RSA as RSA
import Crypto.Util.randpool as RANDOM

#################
# 0. parameters #
#################

def error(msg):
	time.sleep(2)
	print 'ERROR: ' + msg
	sys.exit()

passphrase = 'passphrase'
nbits = 2048
nbyteschallenge = nbits/8-1

###################################
# 1. [local] RSA keys' generation #
###################################
rand = RANDOM.RandomPool()

# generate the RSA keys
rsa = RSA.generate(nbits, rand.get_bytes )

# save the RSA keys with path phrase
rsa_key = rsa.exportKey(passphrase=passphrase)
with file('rsa', 'w') as fp:
	fp.write(rsa_key)

# save the public key
pub_rsa = rsa.publickey()
pub_rsa_key = pub_rsa.exportKey()
with file('rsa.pub', 'w') as fp:
	fp.write(pub_rsa_key)

print 'rsa:'
print ' n: ' + str( hasattr( rsa, 'n' ) )
print ' e: ' + str( hasattr( rsa, 'e' ) )
print ' d: ' + str( hasattr( rsa, 'd' ) )
print

print 'pub_rsa:'
print ' n: ' + str( hasattr( pub_rsa, 'n' ) )
print ' e: ' + str( hasattr( pub_rsa, 'e' ) )
print ' d: ' + str( hasattr( pub_rsa, 'd' ) )
print

print 'rsa.n == pub_rsa.n -> ' + str( rsa.n == pub_rsa.n )
print 'rsa.e == pub_rsa.e -> ' + str( rsa.e == pub_rsa.e )
print

#################################################
# 2. [local] decode the RSA key with passphrase #
#################################################

# read the RSA key
try:
	with file('rsa', 'r') as fp:
		rsa_key = fp.read()
except:
	error('The RSA file is not found.')

# decode the RSA key with the given passpharse
try:
	rsa = RSA.importKey(rsa_key,passphrase=passphrase)
except:
	error('The passphraes may be wrong.')



######################################
# 3. [server] generate the challenge #
######################################

# read and import the public key
try:
	with file('rsa.pub', 'r') as fp:
		pub_rsa_key = fp.read()
	pub_rsa = RSA.importKey(pub_rsa_key)
except:
	error('The public key cannot be imported.')

try:
# generate the random bits for the challenge
	challengebits = RANDOM.RandomPool().get_bytes(nbyteschallenge)

# encrypt the generated bits with the public key
	challenge, = pub_rsa.encrypt(challengebits, '')

# encode the challenge 
	challenge_b64 = base64.urlsafe_b64encode(challenge)
except:
	error('The challenge cannot be generated.')

######################################################
# 4. [local] generage the response for the challenge #
######################################################

try:
# decode the challenge
	challenge = base64.urlsafe_b64decode(challenge_b64)

# decrypt the challenge with the RSA key to generate the response
	response = rsa.decrypt(challenge)

# encode the response
	response_b64 = base64.urlsafe_b64encode(response)
except:
	error('The response cannot be generated.')

###################################
# 5. [server] velify the response #
###################################

# decode the response
response = base64.urlsafe_b64decode(response_b64)

if( response != challengebits ):
	error('The response does not match.')
	
print 'User is certificated.'


QLOOKアクセス解析