Digital Rights Management für elektronische Patientenakten
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

crypto_functions.py 3.4KB

3 years ago
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384
  1. import os
  2. from Crypto.PublicKey import RSA
  3. from Crypto import Random
  4. from Crypto.Cipher import PKCS1_OAEP
  5. from Crypto.Hash import SHA256
  6. from Crypto.Signature import PKCS1_v1_5
  7. from base64 import b64decode, b64encode
  8. pub_key_contentserver = b'-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYI/jGk6f0LAT2Z6AAQUR7izbi\na5O4Zzaz4WtK00jr3AqbZMVeVZAs+As5RS35PY2BlCuEEza/J5XX1tlbUhGk/Nzu\nyYqlID6ILEk9kUqh1A6EAuNVrcCL174BRLy620pU5m+E61za0tIr1lU+Jhy4ikVK\niGQ+na5a5g0kuzZTHwIDAQAB\n-----END PUBLIC KEY-----'
  9. pub_key_own= "-----BEGIN PUBLIC KEY-----MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCG54kIgf8wi+WLrmg0OLXTsMF7BsYjJ8+mmx1/Ml1Hts2oVoisf8iKbfcC0jWBc1aEibi7EIZK9AWEmgpIHPZpf2Ezt36KX7pjA7CDgZBye/bw+G1CaDGxrN8a18db8c16hNxHMTMiqPm7WAgoyekOzlCT6/rqF+3w2oYuGx1tmQIDAQAB-----END PUBLIC KEY-----"
  10. priv_key_own = b"""-----BEGIN RSA PRIVATE KEY-----
  11. MIICWwIBAAKBgQCG54kIgf8wi+WLrmg0OLXTsMF7BsYjJ8+mmx1/Ml1Hts2oVois
  12. f8iKbfcC0jWBc1aEibi7EIZK9AWEmgpIHPZpf2Ezt36KX7pjA7CDgZBye/bw+G1C
  13. aDGxrN8a18db8c16hNxHMTMiqPm7WAgoyekOzlCT6/rqF+3w2oYuGx1tmQIDAQAB
  14. AoGAXPatHenHW0LseidDs8jos+p4SjlOzOcgV2VJHGAum77DVh/bq1ObdJl2wMDv
  15. EjfTBR6K6I3onTovm0MzlqIuw2BR2HoVkY9dkmv8v6j17jEImHvXqAXr4GyhLdcl
  16. NAG6lZ+5BAoZskDULVPSeHY04rVMvIHWAqoE4jGIbQbZOOkCQQC2XHV1KbM9VWIf
  17. H1PkrApsBiKMDa9AXSsbolawOUmsqlG38GuFv/5E0/9dVL2kSA2hDp8WfiaIsvvM
  18. Rhe0l+obAkEAvWE/kaUBjU6aVG8EtD+pm20biO4sA6eMydhXOiREriX2mUFRRef0
  19. y696P2Ge6GEGYSCdjwlZy/nwROQYoGsCWwJARyoHsEQorUuvseOA0qEMpCE0xCDm
  20. /iAdnXgZikWg6Z/Bqh1JaHWHHYb5hYt3Qi/YGbzh+l4aXYgzWQEVaSVLdwJAcjj9
  21. hnLnhLssClELnUvomH4uZWCB25JrMDL0KXVGl2L+YWEsC+XjmBa2vRO8LJyYpGxv
  22. m54gMw8FBAgvclIYkQJAdV52mWKano6+ikCAw1WCEp/HB5Eiz6HU6/RLOsVxN9em
  23. cz1snA0u3qV17TrZ920gzD/2od/bzU3Hul3yDhDRgQ==
  24. -----END RSA PRIVATE KEY-----"""
  25. def make_key_pair_public(username):
  26. random_generator = Random.new().read
  27. priv_key = RSA.generate(1024, random_generator)
  28. pub_key = priv_key.publickey()
  29. usercardpath = "/tmp/smartcards/" + str(username) + ".txt"
  30. file_object = open(usercardpath, "w+")
  31. file_object.write(priv_key.exportKey().decode('utf-8'))
  32. file_object.write("\n")
  33. file_object.write(pub_key.exportKey().decode('utf-8'))
  34. file_object.close()
  35. return pub_key.exportKey().decode('utf-8')
  36. def make_key_aes():
  37. return os.urandom(32)
  38. def make_encrypted_key_content_server():
  39. random_key = make_key_aes()
  40. key = RSA.importKey(pub_key_contentserver)
  41. pub_key = key.publickey()
  42. encrypted_key = encrypt(random_key, pub_key)
  43. return encrypted_key.hex()
  44. def decrypt(ciphertext, priv_key):
  45. cipher = PKCS1_OAEP.new(priv_key)
  46. return cipher.decrypt(ciphertext)
  47. def encrypt(message, pub_key):
  48. cipher = PKCS1_OAEP.new(pub_key)
  49. return cipher.encrypt(message)
  50. def sign(message, priv_key):
  51. priv_key = RSA.importKey(priv_key)
  52. signer = PKCS1_v1_5.new(priv_key)
  53. hash_gen = SHA256.new()
  54. hash_gen.update(message.encode())
  55. return b64encode(signer.sign(hash_gen)).decode('utf-8')
  56. def verify(message, signature, pub_key):
  57. pub_key = pub_key.replace("-----BEGIN PUBLIC KEY-----", "")
  58. pub_key = pub_key.replace("-----END PUBLIC KEY-----", "")
  59. pub_key = pub_key.replace(" ", "")
  60. pub_key = ('\n'.join(pub_key[i:i + 64] for i in range(0, len(pub_key), 64)))
  61. pub_key = "-----BEGIN PUBLIC KEY-----\n" + pub_key + "\n-----END PUBLIC KEY-----"
  62. signature = b64decode(signature)
  63. pub_key = RSA.importKey(pub_key)
  64. verifier = PKCS1_v1_5.new(pub_key)
  65. hash_gen = SHA256.new(message.encode())
  66. return verifier.verify(hash_gen, signature)