我希望能够使用Python创建自己的RSA/Sha256密钥生成器,用于DNSSEC。我知道已经有内置的密钥生成器(dnssec-keygen),但我想自己构建一个。接受的密钥看起来像这样:
Private-key-format: v1.2
Algorithm: 8 (RSASHA256)
Modulus: wVwaxrHF2CK64aYKRUibLiH30KpPuPBjel7E8ZydQW1HYWHfoGm
idzC2RnhwCC293hCzw+TFR2nqn8OVSY5t2Q==
PublicExponent: AQAB
PrivateExponent: UR44xX6zB3eaeyvTRzmskHADrPCmPWnr8dxsNwiDGHzrMKLN+i/
HAam+97HxIKVWNDH2ba9Mf1SA8xu9dcHZAQ==
Prime1: 4c8IvFu1AVXGWeFLLFh5vs7fbdzdC6U82fduE6KkSWk=
Prime2: 2zZpBE8ZXVnL74QjG4zINlDfH+EOEtjJJ3RtaYDugvE=
Exponent1: G2xAPFfK0KGxGANDVNxd1K1c9wOmmJ51mGbzKFFNMFk=
Exponent2: GYxP1Pa7CAwtHm8SAGX594qZVofOMhgd6YFCNyeVpKE=
Coefficient: icQdNRjlZGPmuJm2TIadubcO8X7V4y07aVhX464tx8Q=
https://www.rfc-editor.org/rfc/rfc5702
我的Python脚本可以生成RSA部分,但我不知道如何将其与SHA256混合使用。
#!/usr/bin/python
from Crypto.PublicKey import RSA
from Crypto.Hash import SHA256
import base64
import hashlib
key = RSA.generate(2048)
expo1 = ((key.d)%((key.p)-1))
expo2 = ((key.d)%((key.q)-1))
KEYVORLAGE = """Private-key-format: v1.2
Algorithm: 8 (RSASHA256)
Modulus: {0}
PublicExponent: {1}
PrivateExponent: {2}
Prime1: {3}
Prime2: {4}
Exponent1: {5}
Exponent2: {6}
Coefficient: {7}"""
keystring = KEYVORLAGE.format(key.n,key.e,key.d,key.p,key.q,expo1,expo2,key.u)
print keystring
顺便说一下:这个脚本生成的所有关键部分只有数字,而没有像有效密钥一样的随机字母。