PKI version = 110200
module_name = C:\Windows\SYSTEM32\diCrPKI.DLL
compile_time = Aug 8 2017 15:29:14
platform = Win32
licence_type = D
sys.getdefaultencoding()= ascii
sys.getfilesystemencoding()= mbcs
sys.platform()= win32
cwd = C:\!Data\CryptoSys\Python\cryptosyspki\test
Expecting to find work dir: C:\!Data\CryptoSys\Python\cryptosyspki\test\work
Working in new temp directory: C:\!Data\CryptoSys\Python\cryptosyspki\test\work\pki.tmp.97857940
LOOKUP SOME ERROR CODES...
error_lookup(0)=OK, success, no error
error_lookup(1)=Cannot open input file
error_lookup(2)=Cannot create output file
error_lookup(3)=File read error
error_lookup(4)=File write error
error_lookup(5)=Not enough memory
error_lookup(6)=Parameter is wrong or missing
error_lookup(7)=Data in wrong format
error_lookup(8)=Invalid data
error_lookup(9)=Unexpected end of file found
TEST CNV FUNCTIONS...
b=0xFEDCBA9876543210
b64(b)=/ty6mHZUMhA=
b=0xFEDCBA9876543210
b64(b)=/ty6mHZUMhA=
b=0x00010966776006953D5567439E5E39F86A0D273BEED61967F6
b58(b)=16UwLL9Risc3QfPqBUvKofHmBQ7wMtjvM
00010966776006953D5567439E5E39F86A0D273BEED61967F6
Using Cnv.reverse_bytes()...
INPUT: DEADBEEF01
OUTPUT: 01EFBEADDE
Test empty string...
INPUT:
OUTPUT:
INPUT: 01
OUTPUT: 01
INPUT: 0102
OUTPUT: 0201
Using Cnv.num_from_bytes()...
INPUT: DEADBEEF
BE: 0xdeadbeefL
LE: 0xefbeaddeL
INPUT: DEADBE
BE: 0xdeadbe00L
LE: 0xbeaddeL
Using Cnv.num_to_bytes()...
BE: DEADBEEF
LE: EFBEADDE
BE: 00000001
LE: 01000000
TEST CNV WITH LATIN-1/UTF-8 CONVERSIONS...
A string containing a Latin-1 character
s='M�xico'
s=0x4DE97869636F
Cnv.utf8_check(s)= 0 (expecting 0)
0 ==> Not valid UTF-8
b=Cnv.utf8_from_latin1(s)=0x4DC3A97869636F
b='México'
Cnv.utf8_check(b)= 2 (expecting 2)
2 ==> Valid UTF-8, contains at least one multi-byte character equivalent to 8-bit ANSI
t=Cnv.utf8_to_latin1(b)='M�xico'
t=0x4DE97869636F
A string of simple ASCII characters
s='abc'
s=0x616263
Cnv.utf8_check(s)= 1 (expecting 1)
1 ==> Valid UTF-8, all characters are 7-bit ASCII
b=Cnv.utf8_from_latin1(s)=0x616263
Cnv.utf8_check(b)= 1 (expecting 1)
1 ==> Valid UTF-8, all characters are 7-bit ASCII
t=Cnv.utf8_to_latin1(b)='abc'
t=0x616263
Chinese characters: zhong guo (U+4E2D, U+56FD) encoded in UTF-8
b=0xE4B8ADE59BBD
Cnv.utf8_check(b)= 3 (expecting 3)
3 ==> Valid UTF-8, contains at least one multi-byte character that cannot be represented in a single-byte character set
Try Cnv.utf8_to_latin1(b)...
(Expected) PKIError: ERROR CODE 11: Value out of range
Cnv.utf8_check_to_string(42)=> KeyError
Bad UTF-8 (chopped)
b=0xC3B3C3A9C3ADC3A1C3
Cnv.utf8_check(b)= 0 (expecting 0)
0 ==> Not valid UTF-8
Bad UTF-8 (illegal)
b=0xEFBFBF
Cnv.utf8_check(b)= 0 (expecting 0)
0 ==> Not valid UTF-8
Check some files...
Cnv.utf8_check_file('test-iso88591.xml')= 0 (expecting 0)
0 ==> Not valid UTF-8
Cnv.utf8_check_file('test-utf8.xml')= 2 (expecting 2)
2 ==> Valid UTF-8, contains at least one multi-byte character equivalent to 8-bit ANSI
TEST BLOCK CIPHER FUNCTIONS...
Tdea/CBC/PKCS5
D76FD1178FBD02F84231F5C1D2A2F74A4159482964F675248254223DAF9AF8E4
This some sampe content.
This some sampe content.
Use default ECB mode (IV is ignored)
A5126617C395593808C17DC35006C537B76DD87AD86B37788ACAE196AAD2FE43
This some sampe content.
D76FD1178FBD02F84231F5C1D2A2F74A4159482964F675248254223DAF9AF8E4
This some sampe content.
Aes128/CBC/pkcs5
C3153108A8DD340C0BCB1DFE8D25D2320EE0E66BD2BB4A313FB75C5638E9E17753C7E8DF5975A36677355F5C6584228B
P': Now is the time for all good men to
Aes128/ECB/OneAndZeroes
CT: F0D1AD6F901FFFAE5572A6928DAB52B064B25C79F876730321E36DC01011ACCED7E53F5E5CB18233FE486CD4FFA79FE9
Pn: 4E6F77206973207468652074696D6520666F7220616C6C20676F6F64206D656E20746F80000000000000000000000000
P': 4E6F77206973207468652074696D6520666F7220616C6C20676F6F64206D656E20746F
P': Now is the time for all good men to
TEST CIPHER FUNCTIONS WITH EXACT BLOCK LENGTHS...
KY: 0123456789ABCDEFF0E1D2C3B4A59687
IV: FEDCBA9876543210FEDCBA9876543210
PT: Now is the time for all good men
PT: 4E6F77206973207468652074696D6520666F7220616C6C20676F6F64206D656E
CT: C3153108A8DD340C0BCB1DFE8D25D2320EE0E66BD2BB4A313FB75C5638E9E177
OK: C3153108A8DD340C0BCB1DFE8D25D2320EE0E66BD2BB4A313FB75C5638E9E177
P1: 4E6F77206973207468652074696D6520666F7220616C6C20676F6F64206D656E
P1: Now is the time for all good men
KY: DE2F3FBF72EDCDB3256C6DCB4BB79565B6C444754296CCD7
CT: BB87B1900C96A361BCC281CAD4C46640B7C11814ED72DF950141EAC7A24495EC
P1: 4E6F77206973207468652074696D6520666F7220616C6C20676F6F64206D656E
P1: Now is the time for all good men
TEST CIPHER FILE FUNCTIONS...
hello.txt: 68656C6C6F20776F726C640D0A
IV: 4C8F64D38BC3FFD59179E6071ADBB13A
hello.aes128.enc.dat: 4C8F64D38BC3FFD59179E6071ADBB13AC7C426D9F0DBC1BC551146EBFA
hello.aes128.chk.txt: 68656C6C6F20776F726C640D0A
TEST CIPHER KEY WRAP FUNCTIONS...
WK= 503D75C73630A7B02ECF51B9B29B907749310B77B0B2E054
UNWRAPPED K= 00112233445566778899AABBCCDDEEFF
WK= EAFB901F82B98D37F17497063DE3E5EC7246AB57200AE73EDDDDF24AA403DAFA0C5AE151D1746FA4
UNWRAPPED K= 8CBEDEC48D063E1BA46BE8E369A9C398D8E30EE542BC347C4F30E928DDD7DB49
Using Triple DES the result is always different, but will be 16 bytes longer...
WK= 6E1E635CB817BCA36A270FCCE2116F163381839194B5D7A9B6746F92E55084AA41AC048DBFED0A05
UNWRAPPED K= 84E7F2D878F89FCCCD2D5EBAFC56DAF73300F27EF771CD68
TEST CIPHER PAD....
Input data : FFFFFFFFFF
Padded data: FFFFFFFFFF030303
Unpadded : FFFFFFFFFF
Padded data: FFFFFFFFFF800000
Unpadded : FFFFFFFFFF
Input data :
Padded data: 10101010101010101010101010101010
Unpadded :
Input data : aaaaaa
Padded data: aaaaaa0505050505
Unpadded : aaaaaa
Padded data: aaaaaa8000000000
Unpadded : aaaaaa
TEST RSA KEY FUNCTIONS....
Making a new 512-bit RSA key pair...
prikeystr = PVTRmW0+4dQ9xVFPhNMtmMpAdOBQtplvIJF/6zk+dITOduh3UBuPuNy1n7zX4efj7tMgPEupSSMtqLV5Wc8WbEHX4nFpzDUCNLhL/En3OqST2rjVryETXIcDWsfLCPXSMc7m41YFmyAOeYF0K31Gyx7inKC7AhXXtkQq/j3fWOSjXxNZG3XfuyBAa3qeUZnxNdIGwNUQE4ssTUH5LuzDauCFVTxK27J906HytcJndCffBYU/3ipiCa56CKOWKTU7T2F0oPPMjuI9ftP6AR9ZAbyteHszH10llduXQyLXVld2D6yGz0krra/X0crjG6rQI2RlQPng9Y+VCy67GYDwEvFA0SyCEKpdMbt1Uh+dR6SZGZ4cygtHQoPIl5UU1nDPk5dgNFWCLncq3DY8bve1cHRfoWFy6bHv0ZWazD2qvmEv9QEqWKC3OtACv6lQN53L23DnnnSRFA5dDL8=
nbits = 512
hashcode = 20BFA89B
pubkeystr = PUBRxSD8AXlkgqc1C+CWoqrWtCKE/wtQP0zlBFMWZnS7g2CQcyYLjTVKbAMjQv+6H2lZJ0tLybfEZzLvWn/LH9OS42pA520kNIhi9nxmN/IAbW6SjZiHappYSBUpu4+L37H/
nbits = 512
hashcode = 20BFA89B
exponent in base64: AQAB
modulus in base64: pWOkVL/LmZtoMv9YtIZdp50dQUQYpqlkA8J3TJHUdGSyXMQffPZiExZ06V4YisvaIgqNqAWdUpHTO7MFSdTg5Q==
xml (hex): A563A454BFCB999B6832FF58B4865DA79D1D414418A6A96403C2774C91D47464B25CC41F7CF662131674E95E188ACBDA220A8DA8059D5291D33BB30549D4E0E5010001
xml: pWOkVL/LmZtoMv9YtIZdp50dQUQYpqlkA8J3TJHUdGSyXMQffPZiExZ06V4YisvaIgqNqAWdUpHTO7MFSdTg5Q==AQAB
new keystr: PUBR3nU5blxfcYzKLTZPP3KW0Y2fPWpFleYuoPNyauhUsboa15tafkbgQmNXkjI/jh9M98Tu50P/5/d/VYClznvHEbt7kv6cKdQLVAI7a7NA8srGYCJXP069L0x0qaqppbA1
hashcode = 20BFA89B
Try to use an invalid keystr...
(Expected) PKIError: ERROR: key_hashcode failed: key string probably invalid
TEST READING RSA KEYS THEN RE-SAVING IN DIFFERENT FORMAT....
FILE: AlicePrivRSASign.p8
KeyBits: 1024
KeyIsPrivate: True
KeyHashCode: 48BFEF2C
Save with stronger encryption...
FILE: alice-stronger.p8 --> PKCS8 ENCRYPTED PRIVATE KEY
KeyHashCode: 48BFEF2C
Save without encryption...
FILE: alice-noencrypt.p8 --> PKCS8 PRIVATE KEY INFO
KeyHashCode: 48BFEF2C
Convert private key string to a public key...
KeyBits: 1024
KeyIsPrivate: False
KeyHashCode: 48BFEF2C
Check the public and private key strings are matched...
Rsa.key_match() returns True
Save to a new file in Open-SSL format...
FILE: alice-ssl.pub --> PUBLIC KEY INFO
KeyHashCode: 48BFEF2C
TEST RSA SIGN....
Sign in two parts: encode then do raw RSA with private key...
PVTRntBEdpLcy6Szs1ZTS4rcVfjIwUOm0ADqMX5HIhLtohO/NiusY8LJvJUfN65dIzqEY4snGw9TP0Wq9o84pbxXSX/4ztHnTlGlJKnQTw9yQuUexqAe7T/GVopZFG0HGp3rFX/x8FP4ZwjqQbG82BRuOIAFTH9Bb6OaOvgllqmaL1+ZgCV9FY8HLToA/BT2KC+Jc56+m2bykh7djt5aEMRYtOg3BVZ0eaTdJzpY7SBCMQLvOQzXr2NN2La6jlNRdW981TMMLWU8ZhD5LGYGgzSIHesuQ28Won/XENaNZfTDtzr1J7RaBKYl/rIBDFDhTxhlOOvluo64ar8DKhd/KG53uym8U41il04ZAmLrxlnrYIrlODRAU5Ij0qlyzZhUVwZMlTfmPy//rPzFTrPaSLq7qe0Ar7AXKCaSciW7i8qG7fGGYWjqPoQFjUiEY9NpB5xkOrXebSyRyVXe7VABlUB22mEDbuyos/HeOxM9z+yC9ATutJiyY6x+kjNnIX/fpPL9oxD5A/NuY6ZqWhUGTOC2zIroZq/OqxXqDlONLHWMutn/gek4n9pYYO4B3h1eHqaCegHAnyANb901FzhXVHyVekEKYAVI8QOJyu4DyioovOJHEbnPuRXg/xFTe///x8LzQbp3qmXDera5tedB/tfDOkcsU4PEVWR61BO5q87tzUKlHBXShTL3lA2/tGmtpqy8txt1uI91oXirBjkZw8Bc2CC5AbaYNNT/bZQMSVz0CbpoiseNFvriMjKBEm0hciPZAghohGbxv5Z8JY9tF2TCfWCx9PsTcH6xiDZEsYAH4q3afxwTEs2+Gqaln/HwhvO4Jkn+xFjp/RM=
KEYBYTES = 128
BLK=[0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003021300906052B0E03021A05000414A9993E364706816ABA3E25717850C26C9CD0D89D]
SIG=[60AD5A78FB4A4030EC542C8974CD15F55384E836554CEDD9A322D5F4135C6267A9D20970C54E6651070B0144D43844C899320DD8FA7819F7EBC6A7715287332EC8675C136183B3F8A1F81EF969418267130A756FDBB2C71D9A667446E34E0EAD9CF31BFB66F816F319D0B7E430A5F2891553986E003720261C7E9022C0D9F11F]
PUBRorQdfM2foYeXwgiFj63xFtjPyJCauxPcxEILA961VrI0aIC8S//Tn5RfDtJ2n3RtwZy2UucYe9bCaAt2PaW5WGUYAdIbf67x71TvRjYj8ksHF79Eud1amhf0dg0eFrXd+aDFiZp32L7OHCWsKhQhErF1J4QLHCnAkyA4qnXnVsGXFS9rp1pxZKLTdXxQCkhiIu/muc4Z7q3D8BkHSs28Pw==
BLK=[0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003021300906052B0E03021A05000414A9993E364706816ABA3E25717850C26C9CD0D89D]
DIGINFO=[3021300906052B0E03021A05000414A9993E364706816ABA3E25717850C26C9CD0D89D]
DIG=[A9993E364706816ABA3E25717850C26C9CD0D89D]
SHA1('abc')= A9993E364706816ABA3E25717850C26C9CD0D89D
Do again but start with digest value, and use SHA-256...
SHA256('abc')= BA7816BF8F01CFEA414140DE5DAE2223B00361A396177A9CB410FF61F20015AD
BLK=[0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003031300D060960864801650304020105000420BA7816BF8F01CFEA414140DE5DAE2223B00361A396177A9CB410FF61F20015AD]
SIG=[B4BCBA84969D2F8C3D248FC0FEA2C21B4573D5F58F22B3CC583F0D1A6039C0FEC71E55080F9E1E973B5462BA5D9BD4457A1D1108C27AD7C770069808BADB99836A90DA2F6E314601D03BD9BE4C9E0FA32A9AD55AE2286073D48BAA18A029E3FE281EEFA048BB3C7DE1A44AFD59ADE49F899B3E9783D551D2CE0BBFAA2AE339A0]
BLK=[0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003031300D060960864801650304020105000420BA7816BF8F01CFEA414140DE5DAE2223B00361A396177A9CB410FF61F20015AD]
DIG=[BA7816BF8F01CFEA414140DE5DAE2223B00361A396177A9CB410FF61F20015AD]
TEST RSA ENCRYPT....
Encrypt in two parts: encode then do raw RSA with public key...
MSG: Hi Bob.
PUBRjCpBabsM9AQhv+deD+HJajJ4isQ/ZRIfO1o7ueuMGsIaAW7weRaLCkfLBAsRUto8C3jhD+wkNXYqZFcek/dbLUbNxlEz9pV0L32CChnP2Wq7XNfb9lxmhd8Z3RTgV5eR4GzJrrojRDDskFVuSU4AT944jiv58F7KAhfOLbKlf1PmdhWL9cVYcm6hVtF4HAE7g939y5fg7JcwJQ7uljTCmw==
KEYBYTES = 128
BLK=[000246EF6513EE555CC511FCCF3A545B5E92194639D84996D38A54954114B15B75AF240FD7DDA0551E6D039B99F086BC2D6107FB5DBB3873D68E0F03B8472B679A84EABD06BBE37A49FFE870614F90916B9768CBAC74A953EC6681B30DF650B55CD8F03E6EB994FF94ECD73B1E9980066E55EB2A30BE28CB00486920426F622E]
Note that the ciphertext block will be different each time...
CT =[3CAE4E561A6B31B7ACD54F06C01673DEAB7C0486FA2BD4D19152CF308518B1A0854D156492BFD086E1DAC3AFC8C70E1352429A9422649786936E5EB1836A67586FB83BCDFA1E697DF594A01EAC9A864DDF73A94E8232AD94BE6586558E896E358BE076784E45217ADC1E14BF3648C858E8B76E01DAFB1544DCD653483767156E]
Decrypt in two parts: do raw RSA with private key then decode...
PVTR0VffL8AWjPn183hEdLYWL+k/D5yilqDCJlfhOaQ8UBgp7Y24QxD5hIHIv1MjHZV/LKg1RXcrj70JfjC3Hr+5nYziRrWl3HbOHKfQS1TZAf5GvY0QN+sH4g28aES57yiLZwuYnImIonM/+kHb/uDk6RqLezb5U+KzziC2Bs9R1Xiho2azAtSP2ioDZo/lJZbQK0RKoTbav5ePKhZEwEIrghDQbM19dEAIjZrzFx/tzdwpI1FJlW/bGAlbv5D5WKMk8vzlbT/JNr8YR9REI39dr5U+UhZ5uN4mhVlSlccfiKolkgZCerql5d/wjOAjMTIw3uZImU9ccjWU4rrA59owGjwU0Od0CmI2CleVbbJKuzVzhYTL4mBL5xINzWJ436bvJuq7K+TcS5C4rlHt6ypHBnSycptgsT5NLYa0VyQOwVGIQS/7l9Y18TLuIg4KTdaT9lNXYr1f7ahsEwDYfe72CtEBa0cWipJxMPLERHLAargaUO7bJZ3VAjWuRSnS1O0cw2RWvxN2lBIH13cWDlFMuu+B25ZHDEwRYvTPPpG+T5zGtPbngxvu55EK/yH5bDk/jiRn33WsnP9NT5cSozqSrfY9B5wIlsWTPvgYU/W9A49EMXNYkvM1r/neYoPEYIHo/ZPYqvR/uGlhSdcJH6LOaW+gIjleUbLC/1WCIJYp0BSgqwYvcla5T7gGuLuIdCcq5P7T4IELX8r/RLdfzNt50n48IzWUOdrStPRD3NhKR9h69N5qbfGX33tXq9S+fFCq0VQ6Ineyl0wRgnFsLWqHbf/+V1vz8Ga/pzaSgipOfl4I+R2BNMiJLY49gD1QTUe1Hund1SWevOE=
BLK=[000246EF6513EE555CC511FCCF3A545B5E92194639D84996D38A54954114B15B75AF240FD7DDA0551E6D039B99F086BC2D6107FB5DBB3873D68E0F03B8472B679A84EABD06BBE37A49FFE870614F90916B9768CBAC74A953EC6681B30DF650B55CD8F03E6EB994FF94ECD73B1E9980066E55EB2A30BE28CB00486920426F622E]
PT =[3CAE4E561A6B31B7ACD54F06C01673DEAB7C0486FA2BD4D19152CF308518B1A0854D156492BFD086E1DAC3AFC8C70E1352429A9422649786936E5EB1836A67586FB83BCDFA1E697DF594A01EAC9A864DDF73A94E8232AD94BE6586558E896E358BE076784E45217ADC1E14BF3648C858E8B76E01DAFB1544DCD653483767156E]
PT='Hi Bob.'
Again using one-step encrypt() and decrypt() this time with OEAP method...
MSG: Hi Bob.
CT =[396ED60073607EDF55475E64655F0FE08ACF0D713D5D6495FAFE998FCD67BEBDB4943E247C3B403BBD1F08B141A227AA878D1C13339E348C8A67F8C70CE14ECEC7051A06DC2FFBE1A4098218D240651CE3756F916917459A0D91B95CE81F03005EDAE44537B571CDDBF8544478833B68BEF6327510F2E649D80C5FF17B4935DD]
PT='Hi Bob.'
TESTING RANDOM NUMBER GENERATOR...
Rng.initialize() returns 0 . Contents of seed file:
FEBB361F278CAB21E7E9BF1BD9DCB96D63F23BACF1525C3FEA18D8629D568778044BF7BAA8C4F54CA9C1FEA4E260972569DA35AD18B6461A7935593E7BFAA308
5 random byte arrays
3a043747
eaccf8d824e5
b65757e245f21ee9
0e87128615615a386550
a46ea5c95f9738981e2d683d
5 random numbers in the range [-1 million, +1 million]
-770840
851191
-91331
117087
365042
5 random octet values
186 211 210 31 50
Rng.update_seedfile() returns 0 . Contents of seed file:
CB30174DFA796BDA7F2187E84372C30DEE387BFF22821467BFFC97FCDC2E77D8A253DFC8A0183DC150DD1D7D4D300806EFEF215EC5CC9E575B20809A62BFDE4B
TESTING HASH...
FILE: abc.txt
---
abc
---
'abc' in hex: 616263
Using default SHA-1...
Hash.data('abc'): A9993E364706816ABA3E25717850C26C9CD0D89D
Hash.hex_from_data('abc'): a9993e364706816aba3e25717850c26c9cd0d89d
Hash.hex_from_data('abc'): a9993e364706816aba3e25717850c26c9cd0d89d
Hash.hex_from_hex(abc_hex): a9993e364706816aba3e25717850c26c9cd0d89d
Hash.file('abc.txt'): A9993E364706816ABA3E25717850C26C9CD0D89D
Hash.hex_from_file('abc.txt'): a9993e364706816aba3e25717850c26c9cd0d89d
Using SHA-256...
Hash.data('abc'): BA7816BF8F01CFEA414140DE5DAE2223B00361A396177A9CB410FF61F20015AD
Hash.hex_from_hex(abc_hex): ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad
Hash.file('abc.txt'): BA7816BF8F01CFEA414140DE5DAE2223B00361A396177A9CB410FF61F20015AD
Hash.hex_from_file('abc.txt'): ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad
Hash.double('abc',SHA256): 4F8B42C22DD3729B519BA6F68D2DA7CC5B2D606D05DAED5AD5128CC03E6C6358
SHA256(SHA256('abc')): 4F8B42C22DD3729B519BA6F68D2DA7CC5B2D606D05DAED5AD5128CC03E6C6358
TESTING HMAC...
Test case 4 from RFC 2202 and RFC 4231
key: 0102030405060708090A0B0C0D0E0F10111213141516171819
data: CDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCD
HMAC-SHA-1: 4C9007F4026250C6BC8414F9BF50C86C2D7235DA
HMAC-MD5: 697EAF0ACA3A3AEA3A75164746FFAA79
HMAC-SHA-256: 82558A389A443C0EA4CC819899F2083A85F0FAA3E578F8077A2E3FF46729665B
HMAC-SHA-256: 82558a389a443c0ea4cc819899f2083a85f0faa3e578f8077a2e3ff46729665b
HMAC-SHA-512: B0BA465637458C6990E5A8C5F61D4AF7E576D97FF94B872DE76F8050361EE3DBA91CA5C11AA25EB4D679275CC5788063A5F19741120C4F2DE2ADEBEB10A298DD
Test case 7 from RFC 4231
key: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
data: This is a test using a larger than block-size key and a larger than block-size data. The key needs to be hashed before being used by the HMAC algorithm.
HMAC-SHA-224: 3A854166AC5D9F023F54D517D0B39DBD946770DB9C2B95C9F6F565D1
Test case 1 from RFC 2202 and RFC 4231
key: 0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
data: 4869205468657265 ("Hi There")
HMAC-SHA-1: b617318655057264e28bc0b6fb378c8ef146be00
HMAC-SHA-256: b0344c61d8db38535ca8afceaf0bf12b881dc200c9833da726e9376c2e32cff7
TEST X509 FUNCTIONS....
Make a self-signed X.509 certificate:
Generating a new RSA 1024-bit keypair for the CA...
X509.make_cert_self() returns: 0
Created new self-signed X.509 certificate 'theca.cer'
FILE: theca.cer
X.509 CERTIFICATE
Version: 3
Serial Number:
#x01
Issuer:
C=AU;CN=theCA
Subject:
C=AU;CN=theCA
Validity:
NotBefore: 2017-08-12T09:22:01Z
NotAfter: 2022-08-12T09:22:01Z
Subject Public Key Algorithm: rsaEncryption
RSA key length: 1024 bits
Modulus:
B1 70 68 23 8D 6C 36 5C 84 9F EB 2A 01 10 EB 48
68 83 7E 58 0F 6B 2E 0C 65 71 6A 02 7D E4 AD 7B
FE 96 24 E7 38 DD 42 B4 C5 D7 FB 27 60 27 62 8D
B2 C9 36 E2 9A 05 77 E4 61 D9 94 1E 88 95 4C 49
88 26 EF 17 D5 48 58 57 5A 3D 51 6C D8 72 B2 9B
8C 2A D7 51 AC 6B C8 95 58 B7 F0 E7 F9 04 4A 66
5C 9E 60 5F 8D 6A 69 84 A7 3A 4E 99 48 06 89 6E
81 4C 7C 01 83 0E 6A 82 B8 68 CA C6 B4 09 71 0F
Exponent:
01 00 01
X509v3 Extensions:
Subject Type: CA
Signature Algorithm: sha1WithRSAEncryption
94 56 D9 48 49 21 9C 19 93 FB 1A 82 9F 0E 56 BA
4F 4C BD 27 6E 0A C2 77 64 C2 F9 C5 87 6B CB B5
BB ED 38 AD 5F 37 BE AF C1 35 AF BB CF 54 E3 7A
11 5C 03 04 19 FF 75 0F 72 65 EC 6A 62 22 41 AA
82 7F 5F AB 29 7C 05 E1 C1 20 92 ED AB 66 99 A0
57 76 E6 01 03 A8 C7 6E 73 83 2F 1B A9 1B 6D 80
23 4A 6F 88 2D 26 A1 2B A2 C8 A1 9C 3F 5D E5 12
D9 7C 9D DA A9 93 A3 1D 17 58 20 48 3E 41 F7 30
SHA-1 Thumbprint:
eb7249058aa0e9a9cbb11cc99293117e17a330c5
MD5 Thumbprint:
cd7f62d85ce2697528046b305b5e8f1b
Generating a new RSA 512-bit keypair for the USER...
X509.make_cert() returns: 0
Created X.509 certificate 'mycert.cer'
FILE: mycert.cer
X.509 CERTIFICATE
Version: 3
Serial Number:
#x0101
Issuer:
C=AU;CN=theCA
Subject:
C=AU;CN=me
Validity:
NotBefore: 2017-08-12T09:22:01Z
NotAfter: 2020-08-12T09:22:01Z
Subject Public Key Algorithm: rsaEncryption
RSA key length: 512 bits
Modulus:
C8 B6 B3 0E F1 C1 2A C7 AF BB 8F A5 8F 31 1E 47
CA 57 16 E2 8B 22 41 A7 0C 99 78 AB F8 F6 10 46
09 5E A0 B8 DD A5 C2 D7 88 72 60 F4 F9 36 61 45
3E D8 58 6C 74 6C 32 15 E1 EB 3D 38 90 10 91 C9
Exponent:
01 00 01
X509v3 Extensions:
Subject Type: End Entity
Key Usage:
digitalSignature,nonRepudiation
Subject Alternative Name:
RFC822 Name: me@myorg.com
Signature Algorithm: sha1WithRSAEncryption
0B 6E 74 EC 77 9C D8 A0 E6 B1 FF 74 36 7B BB 4B
F0 8F A8 9A 0D 4C 7E 7B EB F9 65 47 D3 E7 D1 8F
8C 05 9C 94 39 16 AD 0A 99 ED 71 5A 91 43 9C 0B
2E F8 EF 94 9C 83 75 47 AA C2 AF FE 25 E7 82 BB
30 BE DB D4 9A AE 49 17 BC 9F 93 3D 50 DB 99 D8
D7 47 E9 07 6C 33 84 0E 75 99 3E 8D 20 CC 50 B1
76 C2 70 D4 0B 24 34 D7 F0 49 61 DC 22 03 2B D9
C4 A1 E0 AA 10 9C D9 F9 B5 57 67 C5 D3 4D 83 95
SHA-1 Thumbprint:
4f32594d2446c7c72a39bf9925d209aaa48a8c31
MD5 Thumbprint:
0f319711bb6e5c78e6847bd89749e215
X509.cert_request() returns: 0
Created PKCS#10 certificate signing request 'mycsr.p10'
FILE: mycsr.p10
NEW CERTIFICATE REQUEST
Version: 0
Subject:
C=AU;CN=me;O=myorg
Subject Public Key Algorithm: rsaEncryption
RSA key length: 512 bits
Modulus:
C8 B6 B3 0E F1 C1 2A C7 AF BB 8F A5 8F 31 1E 47
CA 57 16 E2 8B 22 41 A7 0C 99 78 AB F8 F6 10 46
09 5E A0 B8 DD A5 C2 D7 88 72 60 F4 F9 36 61 45
3E D8 58 6C 74 6C 32 15 E1 EB 3D 38 90 10 91 C9
Exponent:
01 00 01
Extension Request:
Subject Alternative Name:
RFC822 Name: me.again@myorg.com
IP Address: 127.0.0.1
Key Usage:
dataEncipherment,keyAgreement
Signature Algorithm: sha1WithRSAEncryption
99 4B 45 4B A9 31 4D 34 D5 D7 8D 11 89 09 94 08
E1 50 D7 5A 18 F8 69 71 D3 EB E2 15 96 AF 5E 09
89 82 1C 81 45 E9 37 6D C4 EE E8 5A 0F C5 5D 8D
A8 D5 4E C0 C8 96 30 EB 89 8D 08 68 2C F7 3C E8
X509.make_cert() returns: 0
Created X.509 certificate 'mycertfromcsr.cer'
FILE: mycertfromcsr.cer
X.509 CERTIFICATE
Version: 3
Serial Number:
#x0102
Issuer:
C=AU;CN=theCA
Subject:
C=AU;CN=me;O=myorg
Validity:
NotBefore: 2017-08-12T09:22:01Z
NotAfter: 2019-08-12T09:22:01Z
Subject Public Key Algorithm: rsaEncryption
RSA key length: 512 bits
Modulus:
C8 B6 B3 0E F1 C1 2A C7 AF BB 8F A5 8F 31 1E 47
CA 57 16 E2 8B 22 41 A7 0C 99 78 AB F8 F6 10 46
09 5E A0 B8 DD A5 C2 D7 88 72 60 F4 F9 36 61 45
3E D8 58 6C 74 6C 32 15 E1 EB 3D 38 90 10 91 C9
Exponent:
01 00 01
X509v3 Extensions:
Subject Type: End Entity
Key Usage:
dataEncipherment,keyAgreement
Subject Alternative Name:
RFC822 Name: me.again@myorg.com
IP Address: 127.0.0.1
Signature Algorithm: sha256WithRSAEncryption
81 2B 30 DF 81 68 A2 EA 32 43 33 55 8A 3C 3F DE
5C D6 B6 A0 17 FE FF CB F0 EE CB 85 08 EA AE C5
90 D6 A8 30 FB 61 B3 3A 2D 64 0F 53 31 E7 EA 95
6C 18 83 9F B1 ED 17 8B 37 1F 8E 3F 2A 54 39 41
97 07 54 83 9C C1 ED A7 18 AB E7 8D 1E 78 FB 21
8D AD 7A 3A 8D 35 B5 B6 ED F1 7D 96 B7 BE A2 66
37 B9 38 D4 3C 8F 62 84 1A 30 53 96 01 6A 39 85
FE C6 0C DE 13 BE 76 69 27 7A 7E 64 7C 6D C2 4B
SHA-1 Thumbprint:
03ea56ebdb781aadeea0442b4d729fdbd2f29402
MD5 Thumbprint:
87a0833812c7239e0fc6b8c7cdbc1333
Check the keyUsage flags...
keyUsage bits: n = 0b011000
n & KeyUsageFlags.DATAENCIPHERMENT = True
n & KeyUsageFlags.KEYAGREEMENT = True
n & KeyUsageFlags.CRLSIGN = False
X509.make_crl() returns: 0
Created CRL file 'theca.crl'
FILE: theca.crl
X509 CERTIFICATE REVOCATION LIST (CRL)
Version: 1
Issuer:
C=AU;CN=theCA
This Update: 2020-04-25T00:01:00Z
Next Update: 2020-12-31T00:00:00Z
Revoked Certificates:
Serial Number: 01 01
Revocation Date: 2020-04-25T00:00:00Z
Signature Algorithm: sha256WithRSAEncryption
8B 69 95 1D 5F FF EF 31 67 C8 55 F9 A2 B1 EE 23
7F DF 49 6E 1F 17 A5 66 07 63 D5 84 04 48 1C A1
4F E7 70 CD 48 3A DB DB E0 B3 99 3E 42 B7 50 ED
DA C6 83 B9 BC 83 85 33 77 72 FF 78 E9 36 97 D4
33 62 96 55 CF 3E 8D DB 43 32 7D 99 E6 19 56 E7
4C 11 2C 29 A5 E1 FA 7B 5C 8C 4E 6A BD 8D 86 DA
17 B8 BC 97 89 24 58 59 91 CD 19 37 C0 76 44 74
51 6F D4 C0 18 D8 CF 33 68 F6 65 39 8B F7 C3 B8
X509.query_cert(theca.cer, subjectName): C=AU;CN=theCA
X509.query_cert(theca.cer, isCA): 1
X509.query_cert(mycert.cer, isCA): 0
X509.query_cert(mycertfromcsr.cer, keyUsageString): dataEncipherment,keyAgreement
Try an invalid query string...
(Expected) PKIError: ERROR CODE 29: Not a valid query
See if our certificates have been revoked at any time...
X509.cert_is_revoked('mycertfromcsr.cer') returns False
X509.cert_is_revoked('mycert.cer') returns True
See if certificate was revoked on a certain date...
X509.cert_is_revoked('mycert.cer, 2016-01-01') returns False
Read in X.509 cert as a base64 string
MIIBozCCAQygAwIBAgICAQEwDQYJKoZIhvcNAQEFBQAwHTELMAkGA1UEBhMCQVUxDjAMBgNVBAMTBXRoZUNBMB4XDTE3MDgxMjA5MjIwMVoXDTIwMDgxMjA5MjIwMVowGjELMAkGA1UEBhMCQVUxCzAJBgNVBAMTAm1lMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMi2sw7xwSrHr7uPpY8xHkfKVxbiiyJBpwyZeKv49hBGCV6guN2lwteIcmD0+TZhRT7YWGx0bDIV4es9OJAQkckCAwEAAaM5MDcwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBsAwFwYDVR0RBBAwDoEMbWVAbXlvcmcuY29tMA0GCSqGSIb3DQEBBQUAA4GBAAtudOx3nNig5rH/dDZ7u0vwj6iaDUx+e+v5ZUfT59GPjAWclDkWrQqZ7XFakUOcCy7475Scg3VHqsKv/iXngrswvtvUmq5JF7yfkz1Q25nY10fpB2wzhA51mT6NIMxQsXbCcNQLJDTX8Elh3CIDK9nEoeCqEJzZ+bVXZ8XTTYOV
Now save from this string to a new file in PEM textual format...
Created new cert file 'newcert.cer'
FILE: newcert.cer
------------------------
-----BEGIN CERTIFICATE-----
MIIBozCCAQygAwIBAgICAQEwDQYJKoZIhvcNAQEFBQAwHTELMAkGA1UEBhMCQVUx
DjAMBgNVBAMTBXRoZUNBMB4XDTE3MDgxMjA5MjIwMVoXDTIwMDgxMjA5MjIwMVow
GjELMAkGA1UEBhMCQVUxCzAJBgNVBAMTAm1lMFwwDQYJKoZIhvcNAQEBBQADSwAw
SAJBAMi2sw7xwSrHr7uPpY8xHkfKVxbiiyJBpwyZeKv49hBGCV6guN2lwteIcmD0
+TZhRT7YWGx0bDIV4es9OJAQkckCAwEAAaM5MDcwDAYDVR0TAQH/BAIwADAOBgNV
HQ8BAf8EBAMCBsAwFwYDVR0RBBAwDoEMbWVAbXlvcmcuY29tMA0GCSqGSIb3DQEB
BQUAA4GBAAtudOx3nNig5rH/dDZ7u0vwj6iaDUx+e+v5ZUfT59GPjAWclDkWrQqZ
7XFakUOcCy7475Scg3VHqsKv/iXngrswvtvUmq5JF7yfkz1Q25nY10fpB2wzhA51
mT6NIMxQsXbCcNQLJDTX8Elh3CIDK9nEoeCqEJzZ+bVXZ8XTTYOV
-----END CERTIFICATE-----
------------------------
Check if certs are valid now...
FILE: AliceRSASignByCarl.cer
2039-12-31T23:59:59Z
X509.cert_is_valid_now('AliceRSASignByCarl.cer')= True
X509.cert_is_valid_now('dims.cer')= False
Compute cert thumbprints...
FILE: AliceRSASignByCarl.cer
X509.cert_thumb(SHA-1): b30c48855055c2e64ce3196492d4b83831a6b3cb
X509.cert_thumb(SHA-256): 10e79a9993c26a87f2109ec1e81e0ac3ada0ee1bac1fe57fd85450e2c7c2406b
TESTING X.509 ANALYZE...
FILE: AliceRSASignByCarl.cer
X509.query_cert(serialNumber): 46346bc7800056bc11d36e2ec410b3b0
Use `opts=X509.Opts.DECIMAL`...
X509.query_cert(serialNumber): 93318145165434344057210696409401045936
cert_thumb(): b30c48855055c2e64ce3196492d4b83831a6b3cb
hash(issuer+serialnumber): f9827f007571ea1037205b906c312adcd18cb776
FILE: dims.cer
X509.query_cert(issuerName): C=US;ST=UT;L=Salt Lake City;O=The USERTRUST Network;OU=http://www.usertrust.com;CN=UTN-USERFirst-Object
Use `opts=X509.Opts.LDAP`...
X509.query_cert(issuerName): CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
FILE: smallca.cer
X509.query_cert(notAfter): 2039-12-31T23:59:59Z
X509.query_cert(cRLDistributionPointsURI):
Public key bits: 386
Rsa.key_hashcode(): 92866C8A
X509.cert_thumb(MD5): f240c7be5c316759af66e17e1f712db4
hash(issuer+serialnumber): 964b9b4d9b8750dd742d082bfd7eb9870f763419
TESTING X.509 VALIDATE...
1. A valid certificate and its issuer:
CERTFILE: AliceRSASignByCarl.cer
ISSUERFILE: CarlRSASelf.cer
Is cert valid now?
cert_is_valid_now: True
Was cert signed by issuer?
cert_is_verified: True
Validate the certificate path...
CERTLIST: AliceRSASignByCarl.cer;CarlRSASelf.cer
cert_path_is_valid: True
2. A valid but expired certificate and its issuer:
CERTFILE: dims.cer
ISSUERFILE: UTNUSERFirst-Object.cer
Is cert valid now?
X509.query_cert('notAfter'): 2011-11-30T23:59:59Z
cert_is_valid_now: False (expected False)
Was cert signed by issuer?
cert_is_verified: True
Validate the certificate path...
CERTLIST: dims.cer;UTNUSERFirst-Object.cer
a) This will fail because a cert has expired...
(Expected): ERROR CODE 16: Item has expired or is not yet valid: Certificate [1] has expired
b) Now try again with X509.Opts.NO_TIMECHECK...
cert_path_is_valid(NO_TIMECHECK): True
3. A valid certificate but the wrong issuer:
CERTFILE: AliceRSASignByCarl.cer
ISSUERFILE: UTNUSERFirst-Object.cer
Was cert signed by issuer?
cert_is_verified: False (expected False)
TESTING X.509 EXTRACT...
Extract cert files from a P7 chain file
P7 FILE: bob.p7b
X509.get_cert_count_from_p7()= 2
Count: 1
OUTFILE: bobcert1.cer
X509.get_cert_from_p7() returns: 555
X509_thumb(): 63f046d2dd7042e51fdc26a511ef7c81ea622d8b
Count: 2
OUTFILE: bobcert2.cer
X509.get_cert_from_p7() returns: 495
X509_thumb(): 4110908f77c64c0edfc2de6273bfa9a98a9c5ce5
Extract cert files from a PFX (p12) file
PFX FILE: alice.pfx
OUTFILE: alice_cert.cer
ASN1 TYPE(alice_cert.cer)=X509 CERTIFICATE
X509_thumb(): b30c48855055c2e64ce3196492d4b83831a6b3cb
X509_thumb(Carl): 4110908f77c64c0edfc2de6273bfa9a98a9c5ce5
X509_thumb(Alice): b30c48855055c2e64ce3196492d4b83831a6b3cb
X509_thumb(Bob): 63f046d2dd7042e51fdc26a511ef7c81ea622d8b
Extract all cert files as P7 chain from a PFX file
PFX FILE: alice.pfx
OUTFILE: alice_certs.p7
ASN1 TYPE(alice_certs.p7)=PKCS7 CERTIFICATE CHAIN
TESTING WIPE...
Note that Wipe.data() just zeroizes the data, it does not change the length
BEFORE b= 3A854166AC5D9F023F54D517D0B39DBD946770DB9C2B95C9F6F565D1
AFTER Wipe.data() b= 00000000000000000000000000000000000000000000000000000000
[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
BEFORE s='a string'
[97, 32, 115, 116, 114, 105, 110, 103]
AFTER Wipe.data() s=' '
[0, 0, 0, 0, 0, 0, 0, 0]
FILE: tobedeleted.txt
------------------------
Some secret text in this file.
------------------------
After Wipe.file(), isfile() returns False
TESTING ASN.1...
FILE: smallca.cer
Asn1.type(): X509 CERTIFICATE
Asn1.text_dump():
30 81 e0 --SEQUENCE/224=0xE0 L0
30 81 9a --SEQUENCE/154=0x9A L1
02 01 --INTEGER/1=0x1 L2
01
30 0d --SEQUENCE/13=0xD L2
06 09 --OBJECTIDENTIFIER/9=0x9 L3
2a 86 48 86 f7 0d 01 01 05
--sha1WithRSAEncryption (1.2.840.113549.1.1.5)
05 00 --NULL/0=0x0 L3
30 0c --SEQUENCE/12=0xC L2
31 0a --SET/10=0xA L3
30 08 --SEQUENCE/8=0x8 L4
06 03 --OBJECTIDENTIFIER/3=0x3 L5
55 04 03
--commonName (2.5.4.3)
13 01 --PRINTABLESTRING/1=0x1 L5
41
--'A'
30 1e --SEQUENCE/30=0x1E L2
17 0d --UTCTIME/13=0xD L3
39 39 30 39 31 39 30 31 30 38 34 37 5a
--'990919010847Z'
17 0d --UTCTIME/13=0xD L3
33 39 31 32 33 31 32 33 35 39 35 39 5a
--'391231235959Z'
30 0c --SEQUENCE/12=0xC L2
31 0a --SET/10=0xA L3
30 08 --SEQUENCE/8=0x8 L4
06 03 --OBJECTIDENTIFIER/3=0x3 L5
55 04 03
--commonName (2.5.4.3)
13 01 --PRINTABLESTRING/1=0x1 L5
41
--'A'
30 4a --SEQUENCE/74=0x4A L2
30 0d --SEQUENCE/13=0xD L3
06 09 --OBJECTIDENTIFIER/9=0x9 L4
2a 86 48 86 f7 0d 01 01 01
--rsaEncryption (1.2.840.113549.1.1.1)
05 00 --NULL/0=0x0 L4
03 39 --BITSTRING/57=0x39 L3
00 --0 unused bits
--encapsulates:
30 36 --SEQUENCE/54=0x36 L4
02 31 --INTEGER/49=0x31 L5
02 f9 09 6a 7d 83 55 c2 71 ae f1 6a cb 45 41 ba
b3 22 a2 83 b5 ad de 70 e3 37 19 a7 c9 bb ee 76
4b e2 fc b8 5c c7 9b e2 3f 27 1f 6f b7 b5 36 80
19
02 01 --INTEGER/1=0x1 L5
03
30 0d --SEQUENCE/13=0xD L1
06 09 --OBJECTIDENTIFIER/9=0x9 L2
2a 86 48 86 f7 0d 01 01 05
--sha1WithRSAEncryption (1.2.840.113549.1.1.5)
05 00 --NULL/0=0x0 L2
03 32 --BITSTRING/50=0x32 L1
00 --0 unused bits
01 9a 9b b2 ec b9 cd fd 66 c6 94 5b 2e d6 96 dc
32 87 68 da 5e 6f 2e 5d 5a 7f e6 09 2e 60 8f 8c
45 a5 18 7e 06 1c e9 81 aa ea d6 f2 e3 14 7d 25
91
--(227 bytes)
TESTING OCSP...
Issuer Cert= UTNUSERFirst-Object.cer
Cert File to check= dims.cer
OCSPRequest= MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRtl6lMY2+iPob4twryIF+FfgUdvwQUK8NGq7oOyWUqRtF5R8Ri4uHa/LgCEQD7xyMijIyAItiFkiPe5wZg
STRING: MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRtl6lMY2+iPob4twryIF+FfgUdvwQUK8NGq7oOyWUqRtF5R8Ri4uHa/LgCEQD7xyMijIyAItiFkiPe5wZg
30 52 --SEQUENCE/82=0x52
30 50 --SEQUENCE/80=0x50
30 4e --SEQUENCE/78=0x4E
30 4c --SEQUENCE/76=0x4C
30 4a --SEQUENCE/74=0x4A
30 09 --SEQUENCE/9=0x9
06 05 --OBJECTIDENTIFIER/5=0x5
2b 0e 03 02 1a
--sha1 (1.3.14.3.2.26)
05 00 --NULL/0=0x0
04 14 --OCTETSTRING/20=0x14
6d 97 a9 4c 63 6f a2 3e 86 f8 b7 0a f2 20 5f 85
7e 05 1d bf
04 14 --OCTETSTRING/20=0x14
2b c3 46 ab ba 0e c9 65 2a 46 d1 79 47 c4 62 e2
e1 da fc b8
02 11 --INTEGER/17=0x11
00 fb c7 23 22 8c 8c 80 22 d8 85 92 23 de e7 06
60
--(84 bytes)
Cert SerialNumber= #x 00 FB C7 23 22 8C 8C 80 22 D8 85 92 23 DE E7 06 60
OCSPRequest= MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRtl6lMY2+iPob4twryIF+FfgUdvwQUK8NGq7oOyWUqRtF5R8Ri4uHa/LgCEQD7xyMijIyAItiFkiPe5wZg
ResponseFile= ocsp_response_ok_dims.dat
OCSPResponse: Successful response:
Produced at 2010-03-18T00:09:28Z
CertStatus=good
SerialNumber=00FBC723228C8C8022D8859223DEE70660
TESTING ECC...
FILE: myeckeyp256.pub
30 59 --SEQUENCE/89=0x59
30 13 --SEQUENCE/19=0x13
06 07 --OBJECTIDENTIFIER/7=0x7
2a 86 48 ce 3d 02 01
--ecPublicKey (1.2.840.10045.2.1)
06 08 --OBJECTIDENTIFIER/8=0x8
2a 86 48 ce 3d 03 01 07
--secp256r1 (1.2.840.10045.3.1.7)
03 42 --BITSTRING/66=0x42
00 --0 unused bits
04 81 5d b5 25 94 65 f3 8b 6d f3 6a 9c 35 27 4c
15 2f 36 a4 96 1f 9b 26 ea 7b 60 2d 7a 30 3f 39
03 8a ef cb 05 b1 a7 43 c7 af 03 a4 df 9a ef 04
4f 2b a9 54 6e 36 12 c7 f5 9a 60 df aa 57 4e 9e
ad
--(91 bytes)
myeckeyp256.pub: PUBLIC KEY INFO
myeckeyp256.p8: PKCS8 ENCRYPTED PRIVATE KEY
PVECtn9jHhkVCmTBmSB9iJDvkL8wfObaD4ZS1SJ33rdIoDqXS7vxR+vcMQhdn1WaAzefycLlnhDuWOPf3kimeYbpvpVPUajcw1ay
key_hash_code=9AC87677
Ecc.query_key(keyBits)= 256
Ecc.query_key(curveName)= secp256r1
Ecc.query_key(privateKey)= 1deef710c5b804d89d72298d50fa77606b2e1377b62c92b66664df4f142b8975
A NIST P-192 public key in X9.63 uncompressed format
KEYHEX: 0496C248BE456192FA1380CCF615D171452F41FF31B92BA733524FD77168DEA4425A3EA8FD79B98DC7AFE83C86DCC39A96
CURVE: prime192v1
keyBits= 192
isPrivate= 0
A Bitcoin private key in base58 form
KEYB58: 6ACCbmy9qwiFcuVgvxNNwMPfoghobzznWrLs3v7t3RmN
CURVE: secp256k1
keyBits= 256
isPrivate= 1
key_hash_code=BA36523B
Extract the public key in hex form from the internal private key string
publicKey= 04654bacc2fc7a3bde0f8eb95dc5aac9ba1df732255cf7f2eb7e1e8e6edbb1f4188ff3752ac4bdf1e3a31a488747745dddcbabd33a10c3b52d737c092851da13c0
Extract the public key as an internal key string
intpubstr= MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEZUuswvx6O94PjrldxarJuh33MiVc9/Lrfh6Obtux9BiP83UqxL3x46MaSIdHdF3dy6vTOhDDtS1zfAkoUdoTwA==
key_hash_code=BA36523B
Query this internal public key string...
Ecc.query_key(keybits)= 256
Ecc.query_key(curvename)= secp256k1
Ecc.query_key(isPrivate)= 0
Save keys in various new file forms...
File: myecpublic.key --> PUBLIC KEY INFO
File: myecprivate.key --> EC PRIVATE KEY
File: myecprivate.p8 --> PKCS8 PRIVATE KEY INFO
File: myecprivate_enc.p8 --> PKCS8 ENCRYPTED PRIVATE KEY
File: myecprivate_encx.p8 --> PKCS8 ENCRYPTED PRIVATE KEY
FILE: myecprivate_encx.p8
30 81 ec --SEQUENCE/236=0xEC
30 57 --SEQUENCE/87=0x57
06 09 --OBJECTIDENTIFIER/9=0x9
2a 86 48 86 f7 0d 01 05 0d
--pkcs5PBES2 (1.2.840.113549.1.5.13)
30 4a --SEQUENCE/74=0x4A
30 29 --SEQUENCE/41=0x29
06 09 --OBJECTIDENTIFIER/9=0x9
2a 86 48 86 f7 0d 01 05 0c
--pkcs5PBKDF2 (1.2.840.113549.1.5.12)
30 1c --SEQUENCE/28=0x1C
04 08 --OCTETSTRING/8=0x8
f8 8f a4 71 2b 79 f5 8f
02 02 --INTEGER/2=0x2
17 6f
--5999
30 0c --SEQUENCE/12=0xC
06 08 --OBJECTIDENTIFIER/8=0x8
2a 86 48 86 f7 0d 02 09
--hmacWithSHA256 (1.2.840.113549.2.9)
05 00 --NULL/0=0x0
30 1d --SEQUENCE/29=0x1D
06 09 --OBJECTIDENTIFIER/9=0x9
60 86 48 01 65 03 04 01 2a
--aes256-CBC (2.16.840.1.101.3.4.1.42)
04 10 --OCTETSTRING/16=0x10
1f 82 5b ce d9 ca ca 0f 30 eb af 54 83 aa 2c 04
04 81 90 --OCTETSTRING/144=0x90
a4 f6 e7 82 26 25 49 ab 18 0b d6 4c 87 9d a8 23
e4 1d d0 1b 37 67 36 e6 bc 9f 4a 53 01 f0 9e 80
55 87 36 ff b9 b9 a0 cc 14 1d f1 76 7a de f1 ac
69 16 d8 b4 4f 64 26 2c 5d ee 35 51 0c 3c 40 9e
bd 56 a8 92 d3 1c 97 7c dc 11 3e c1 33 d1 88 60
48 d7 2c bb 08 5d df 4e 33 c8 bb 32 e9 7a a9 9c
08 66 25 50 67 a6 33 f6 a3 20 e4 63 8b 9c f4 1a
d3 e2 8e 65 ee e3 cd f5 d2 7a 95 92 24 48 a8 d9
16 34 07 8b ee d6 e7 b1 d1 55 75 23 21 24 97 70
--(239 bytes)
TESTING PASSWORD-BASED ENCRYPTION (PBE)...
password = 'password'
salt = 0x78578E5A5D63CB06
count = 2048
dklen = 24
dk = BFDE6BE94DF7E11DD409BCE20A0255EC327CB936FFE93643
dklen = 64
dk = BFDE6BE94DF7E11DD409BCE20A0255EC327CB936FFE93643C4B150DEF77511224479994567F2E9B4E3BD0DF7AEDA3022B1F26051D81505C794F8940C04DF1144
dk(HMAC-SHA-1) = BFDE6BE94DF7E11DD409BCE20A0255EC327CB936FFE93643
dk(HMAC-SHA-256) = 97B5A91D35AF542324881315C4F849E327C4707D1BC9D322
dk(HMAC-SHA-224) = 10CFFEDFB13503519969151E466F587028E0720B387F9AEF
TESTING PFX (PKCS#12) FILE FUNCTIONS...
Created new PKCS#12 file: bob1.pfx
Asn1.Type(bob1.pfx) --> PKCS12 PFX
Check signature is valid against password...
isvalid= True
Use the wrong password...
isvalid= False
TESTING PEM/BINARY FILE CONVERSIONS...
Create a PEM-format CERTIFICATE file from binary file...
Binary file: smallca.cer
Created file: smallca.pem
Check certificate thumbprints...
X509.cert_thumb(smallca.cer)=b9f8c37b6f08b7935f379afa2a226e8bfec6587a
X509.cert_thumb(smallca.pem)=b9f8c37b6f08b7935f379afa2a226e8bfec6587a
Convert PEM to binary...
Created file: smallca-copy.bin
Binary files should be identical...
Hash.hex_from_file(smallca.cer)= b9f8c37b6f08b7935f379afa2a226e8bfec6587a
Hash.hex_from_file(smallca-copy.bin)= b9f8c37b6f08b7935f379afa2a226e8bfec6587a
TESTING CMS ENV-DATA...
Creating an enveloped-data message for Bob and Carl, using file-->file mode
Cms.make_envdata() returns 2 (expected 2 = # of recipients)
FILE: cms2bobandcarl.p7m
30 80 --SEQUENCE/NDEF
06 09 --OBJECTIDENTIFIER/9=0x9
2a 86 48 86 f7 0d 01 07 03
--envelopedData (1.2.840.113549.1.7.3)
a0 80 --[0]/NDEF
30 80 --SEQUENCE/NDEF
02 01 --INTEGER/1=0x1
00
31 82 01 80 --SET/384=0x180
30 81 bd --SEQUENCE/189=0xBD
02 01 --INTEGER/1=0x1
00
30 26 --SEQUENCE/38=0x26
30 12 --SEQUENCE/18=0x12
31 10 --SET/16=0x10
30 0e --SEQUENCE/14=0xE
06 03 --OBJECTIDENTIFIER/3=0x3
55 04 03
--commonName (2.5.4.3)
13 07 --PRINTABLESTRING/7=0x7
43 61 72 6c 52 53 41
--'CarlRSA'
02 10 --INTEGER/16=0x10
46 34 6b c7 80 00 56 bc 11 d3 6e 2e cd 5d 71 d0
30 0d --SEQUENCE/13=0xD
06 09 --OBJECTIDENTIFIER/9=0x9
2a 86 48 86 f7 0d 01 01 01
--rsaEncryption (1.2.840.113549.1.1.1)
05 00 --NULL/0=0x0
04 81 80 --OCTETSTRING/128=0x80
58 69 b8 56 64 cf a1 c2 b4 54 cd 3a aa 70 83 50
ca 59 92 92 db 96 80 a1 03 df d0 11 61 3b 77 1f
f5 8e a1 38 ed bf b0 ff f6 42 a2 47 7a c0 69 ed
10 87 76 34 ba 8e ef 4c af 75 93 82 ce ac 64 f7
87 f8 8c c8 1c c9 e9 c6 b2 c9 82 c4 81 a0 d6 b5
2d af fc b3 65 3f a8 9b ca f8 14 30 45 c9 30 66
7c ac 82 fd 14 a6 8d 3d 96 58 7d 4b df 04 64 3d
0b 52 01 c2 d4 78 bf dd 44 60 43 c4 ef 47 5a f0
30 81 bd --SEQUENCE/189=0xBD
02 01 --INTEGER/1=0x1
00
30 26 --SEQUENCE/38=0x26
30 12 --SEQUENCE/18=0x12
31 10 --SET/16=0x10
30 0e --SEQUENCE/14=0xE
06 03 --OBJECTIDENTIFIER/3=0x3
55 04 03
--commonName (2.5.4.3)
13 07 --PRINTABLESTRING/7=0x7
43 61 72 6c 52 53 41
--'CarlRSA'
02 10 --INTEGER/16=0x10
46 34 6b c7 80 00 56 bc 11 d3 6e 2e 9f f2 50 20
30 0d --SEQUENCE/13=0xD
06 09 --OBJECTIDENTIFIER/9=0x9
2a 86 48 86 f7 0d 01 01 01
--rsaEncryption (1.2.840.113549.1.1.1)
05 00 --NULL/0=0x0
04 81 80 --OCTETSTRING/128=0x80
a2 f5 77 c4 16 e2 48 44 3b 3f 6c 56 4c b2 8b 5e
5b 2c 2b 18 96 7a 1e 2e 1d 0d 9d a9 b7 70 c5 a1
5d a5 0f 29 52 07 c0 39 b1 c5 29 c3 24 5f 13 d2
89 37 1e 16 21 4f 33 33 1c a4 cb 45 13 fd 29 2d
9b 81 e3 66 5a 98 5c 92 30 91 d9 38 6e b6 ec 0c
95 a7 d6 c2 29 40 5c 4d 5f ff 8b 99 f9 fd 0f 95
ae 89 c5 c5 03 46 71 75 5e ca 93 a8 d4 f7 fd 4c
9b 7e fd ae 08 95 5b f9 ac 1c 5b e3 75 60 e1 4d
30 80 --SEQUENCE/NDEF
06 09 --OBJECTIDENTIFIER/9=0x9
2a 86 48 86 f7 0d 01 07 01
--data (1.2.840.113549.1.7.1)
30 14 --SEQUENCE/20=0x14
06 08 --OBJECTIDENTIFIER/8=0x8
2a 86 48 86 f7 0d 03 07
--des-EDE3-CBC (1.2.840.113549.3.7)
04 08 --OCTETSTRING/8=0x8
b8 36 aa bf cc 76 20 9b
a0 80 --[0]/NDEF
04 20 --OCTETSTRING/32=0x20
66 23 c1 62 22 53 23 58 df 51 6b f1 1a be 82 90
22 c7 fd 22 b2 3e 3c ec a8 21 57 35 fa d1 e8 72
00 00 --EOC/0=0x0
00 00 --EOC/0=0x0
00 00 --EOC/0=0x0
00 00 --EOC/0=0x0
00 00 --EOC/0=0x0
--(489 bytes)
Asn1.type('cms2bobandcarl.p7m')-->PKCS7/CMS ENVELOPED DATA
Cms.query_envdata(cms2bobandcarl.p7m, recipientIssuerName): CN=CarlRSA
Cms.query_envdata(cms2bobandcarl.p7m, iv): b836aabfcc76209b
Bob reads the message, outputting to a new file
Cms.read_envdata_to_file() returns 0 (expected 0)
FILE: bobsdata.txt
------------------------
This is some sample content.
------------------------
Do the same but using string-->file mode...
DATA: This is some sample content.
Cms.make_envdata_from_string() returns 2 (expected 2 = # of recipients)
Asn1.type('cms2bobandcarl1.p7m')-->PKCS7/CMS ENVELOPED DATA
This is some sample content.
TESTING CMS SIG-DATA...
Create an signed-data message from Alice, using file-->file mode
Cms.make_sigdata() returns 0 (expected 0)
Asn1.type('cms_signedbyalice.p7m')-->PKCS7/CMS SIGNED DATA
Query this CMS object file...
Cms.query_sigdata(cms_signedbyalice.p7m, signatureAlgorithm): rsaEncryption
Cms.query_sigdata(cms_signedbyalice.p7m, CountOfSignerInfos): 1
Read in the content from the signed-data file...
Cms.read_sigdata_to_file() returns 0 (expected 0)
FILE: alicesdata.txt
------------------------
This is some sample content.
------------------------
Verify the signature in the sigdata file...
Cms.verify_sigdata() returns True
Use string-->file mode...
DATA: This is some sample content.
Cms.make_sigdata_from_string() returns 0 (expected 0)
Asn1.type('cms_signedbyalice1.p7m')-->PKCS7/CMS SIGNED DATA
This is some sample content.
signed-data files should be identical...
SHA1('cms_signedbyalice.p7m')= 7d62d7f492cbf7c89c6ef132dcdf6a091f1c0c93
SHA1('cms_signedbyalice1.p7m')= 7d62d7f492cbf7c89c6ef132dcdf6a091f1c0c93
Make a 'detached signature' signed-data object using the message digest of the content...
SHA256('This is some sample content.')=c875df2a4210704a9edddbb6dfcc870471168f904d183318bbf184ac0b045e53
Cms.make_detached_sig() returns 0 (expected 0)
Verify the signature in the detached sigdata file against the digest value...
First try verifying against the eContent (which is missing)...
Woops! PKIError: ERROR CODE 20: No data found to process: No eContent found in SignedData object
Now pass the digest we expect...
Cms.verify_sigdata(file,hexdigest) returns True
Create signed-data from a pre-computed signature value...
DATA: 5468697320697320736F6D652073616D706C6520636F6E74656E742E
SIG: 2F2382D2F3095FB80C58EB4E9DBF899A81E575C4913DD3D0D57BB6D5FE94A18AACE3C484F5CD604E2795F6CF008676753F2BF0E7D40267A7F5C78D1604A5B3B5E7D932F024EFE72044D59F07C55324FACE011D0F1713A72A959D2BE40395140BE9390DBACE6E9C9E0CE898E65513D4686FD007D7A2B1624CE38FAFFDE0D55DC7
Cms.make_sigdata_from_sigvalue() returns 0 (expected 0)
SHA1(outputfile)= 7d62d7f492cbf7c89c6ef132dcdf6a091f1c0c93
SHA1('4.2.bin' )= 7d62d7f492cbf7c89c6ef132dcdf6a091f1c0c93
TESTING CMS COMPRESSED-DATA...
Creating an compressed-data object...
INPUT: sonnets.txt 106081 bytes
Cms.make_comprdata() returns 0 (expected 0)
COMPR: sonnets.p7z 40862 bytes
Asn1.type('sonnets.p7z')-->PKCS7/CMS COMPRESSED DATA
Reading an compressed-data object...
Cms.read_comprdata() returns 106081 (expected +ve)
UNCPR: sonnets-uncompr.txt 106081 bytes
SHA1(basefile)= 13d93bb1baa7ebc360a35c05bbfd23570ce42400
SHA1(uncmfile)= 13d93bb1baa7ebc360a35c05bbfd23570ce42400
Read with no-inflate option...
NOINF: sonnets-noinflate.txt 40770 bytes
TESTING S/MIME...
First create an enveloped-data message for Bob and Carl...
Cms.make_envdata() returns 2 (expected 2 = # of recipients)
Asn1.type('cms2bobandcarl.p7m')-->PKCS7/CMS ENVELOPED DATA
Now wrap in S/MIME headers...
Smime.wrap() returns 851 (expected +ve)
FILE: cms2bobandcarl-smime-env.txt
------------------------
Content-Type: application/pkcs7-mime;
smime-type=enveloped-data;
name=smime.p7m
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename=smime.p7m
MIAGCSqGSIb3DQEHA6CAMIACAQAxggGAMIG9AgEAMCYwEjEQMA4GA1UEAxMHQ2Fy
bFJTQQIQRjRrx4AAVrwR024uzV1x0DANBgkqhkiG9w0BAQEFAASBgBJyP9L2tLaS
hZsMVsua27JNCVPxsFX4BgK3uG6juoZ+zwj8PJNcy+HgUBIPP489CkkQ/hJU3PgX
qIgL+hjOVkOTASXQJBYL7rN8uOY5nqrpqZpjTnzpOAlpUN20aWmB698+YJhZUQWO
Fn0L6JklGuCXm0Tr1nQ4Gbw8ES6fS88tMIG9AgEAMCYwEjEQMA4GA1UEAxMHQ2Fy
bFJTQQIQRjRrx4AAVrwR024un/JQIDANBgkqhkiG9w0BAQEFAASBgNaU1JWXi/kJ
lVzPz5Rb2pZXtYwqGhZwFmcnUdbuc5FKFI/Y57qzRfPjanCfCn1+5QGcUngTWIoN
y5u617Gm1UeHLtrWJub6gP5FN4CIZcGEPW9eg5xwIFKsnhm4wdB+Wrbz7docKr1h
Cl5zRabkfV3aYikkPOsrskMsSo0WZrPMMIAGCSqGSIb3DQEHATAUBggqhkiG9w0D
BwQIrwSD8jH5GgqggAQgNRt07p1cxf+V0NYglCwsSuIk9JUTb0erjdHicZ1EAc4A
AAAAAAAAAAAA
------------------------
Query this S/MIME entity for info...
Smime.query('content-type')=[application/pkcs7-mime]
Smime.query('smime-type')=[enveloped-data]
Extract the original CMS env-data object in base64
Smime.extract() returns 674 (expected +ve)
Asn1.type('cms2bobandcarl-extracted.txt')-->PKCS7/CMS ENVELOPED DATA
TESTING SIG FUNCTIONS USING RSA...
Sign the string 'abc' using Alice's private RSA key...
sign_data: YK1aePtKQDDsVCyJdM0V9VOE6DZVTO3ZoyLV9BNcYmep0glwxU5mUQcLAUTUOETImTIN2Pp4GffrxqdxUoczLshnXBNhg7P4ofge+WlBgmcTCnVv27LHHZpmdEbjTg6tnPMb+2b4FvMZ0LfkMKXyiRVTmG4ANyAmHH6QIsDZ8R8=
sign_digest: YK1aePtKQDDsVCyJdM0V9VOE6DZVTO3ZoyLV9BNcYmep0glwxU5mUQcLAUTUOETImTIN2Pp4GffrxqdxUoczLshnXBNhg7P4ofge+WlBgmcTCnVv27LHHZpmdEbjTg6tnPMb+2b4FvMZ0LfkMKXyiRVTmG4ANyAmHH6QIsDZ8R8=
Different encodings...
sign_data: YK1aePtKQDDsVCyJdM0V9VOE6DZVTO3ZoyLV9BNcYmep0glwxU5mUQcLAUTUOETImTIN2Pp4GffrxqdxUoczLshnXBNhg7P4ofge-WlBgmcTCnVv27LHHZpmdEbjTg6tnPMb-2b4FvMZ0LfkMKXyiRVTmG4ANyAmHH6QIsDZ8R8
sign_data: 60ad5a78fb4a4030ec542c8974cd15f55384e836554cedd9a322d5f4135c6267a9d20970c54e6651070b0144d43844c899320dd8fa7819f7ebc6a7715287332ec8675c136183b3f8a1f81ef969418267130a756fdbb2c71d9a667446e34e0ead9cf31bfb66f816f319d0b7e430a5f2891553986e003720261c7e9022c0d9f11f
Verify the signature over the data
Sig.data_is_verified() returns True
Use the wrong cert...
Sig.data_is_verified() returns False (expected False)
Verify the signature over the message digest value
Sig.digest_is_verified() returns True
Sign a file containing 'abc' using Alice's private RSA key...
sign_file: YK1aePtKQDDsVCyJdM0V9VOE6DZVTO3ZoyLV9BNcYmep0glwxU5mUQcLAUTUOETImTIN2Pp4GffrxqdxUoczLshnXBNhg7P4ofge+WlBgmcTCnVv27LHHZpmdEbjTg6tnPMb+2b4FvMZ0LfkMKXyiRVTmG4ANyAmHH6QIsDZ8R8=
Sig.file_is_verified() returns True
TESTING SIG FUNCTIONS USING ECC...
KEYHEX: 6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4
CURVE: P-192
NBITS= 192
SIG: 0f2141a0ebbc44d2e1af90a50ebcfce5e197b3b7d4de036deb18bc9e1f3d7387500cb99cf5f7c157070a8961e38700b7
Verify the signature over the data...
Sig.data_is_verified() returns True
Removing temp directory: C:\!Data\CryptoSys\Python\cryptosyspki\test\work\pki.tmp.97857940
DETAILS OF CORE DLL...
DLL Version=110200 [Win32] Lic=D Compiled=[Aug 8 2017 15:29:14]
[C:\Windows\SYSTEM32\diCrPKI.DLL]
ALL DONE.