### PKCS12 Private Key and Certificates Example Setup Source: https://github.com/pyca/cryptography/blob/main/docs/hazmat/primitives/asymmetric/serialization.rst Provides example private key and certificate data in PEM format for testing PKCS12 functionalities. This setup is used in test cases. ```python ca_key = b"""----BEGIN PRIVATE KEY----- MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgA8Zqz5vLeR0ePZUe jBfdyMmnnI4U5uAJApWTsMn/RuWhRANCAAQY/8+7+Tm49d3D7sBAiwZ1BqtPzdgs UiROH+AQRme1XxW5Yr07zwxvvhr3tKEPtLnLboazUPlsUb/Bgte+xfkF -----END PRIVATE KEY----- ".strip() ``` ```python ca_cert = b"""-----BEGIN CERTIFICATE----- MIIBUTCB96ADAgECAgIDCTAKBggqhkjOPQQDAjAnMQswCQYDVQQGEwJVUzEYMBYG A1UEAwwPY3J5cHRvZ3JhcGh5IENBMB4XDTE3MDEwMTEyMDEwMFoXDTM4MTIzMTA4 MzAwMFowJzELMAkGA1UEBhMCVVMxGDAWBgNVBAMMD2NyeXB0b2dyYXBoeSBDQTBZ MBMGByqGSM49AgEGCCqGSM49AwEHA0IABBj/z7v5Obj13cPuwECLBnUGq0/N2CxS JE4f4BBGZ7VfFblivTvPDG++Gve0oQ+0uctuhrNQ+WxRv8GC177F+QWjEzARMA8G A1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhANES742XWm64tkGnz8Dn pG6u2lHkZFQr3oaVvPcemvlbAiEA0WGGzmYx5C9UvfXIK7NEziT4pQtyESE0uRVK Xw4nMqk= -----END CERTIFICATE----- ".strip() ``` ```python ca_cert_rsa = b"""-----BEGIN CERTIFICATE----- MIIExzCCAq+gAwIBAgIJAOcS06ClbtbJMA0GCSqGSIb3DQEBCwUAMBoxGDAWBgNV BAMMD2NyeXB0b2dyYXBoeSBDQTAeFw0yMDA5MTQyMTQwNDJaFw00ODAxMzEyMTQw NDJaMBoxGDAWBgNVBAMMD2NyeXB0b2dyYXBoeSBDQTCCAiIwDQYJKoZIhvcNAQEB BQADggIPADCCAgoCggIBANBIheRc1HT4MzV5GvUbDk9CFU6DTomRApNqRmizriRq m6OY4Ht3d71BXog6/IBkqAnZ4/XJQ40G4sVDb52k11oPvfJ/F5pc+6UqPBL+QGzY -----END CERTIFICATE----- ".strip() ``` -------------------------------- ### Data Construction with Counter and Key (COUNT=21) Source: https://github.com/pyca/cryptography/blob/main/vectors/cryptography_vectors/KDF/nist-800-108-KBKDF-CTR.txt This example shows the initial setup for data construction with a counter and key for COUNT=21. It includes the preliminary data and key information. ```text DataBeforeCtrLen = 50 DataBeforeCtrData = 58c28d7ff9e08bab19cce15e9a535eebb68c2cc7bad289420d5e1a3a46e38cbaf7c363bd8623319d5022cf0f26b465fd8201 DataAfterCtrLen = 10 DataAfterCtrData = 33a9a38385147b82e8df Binary rep of i = 0001 ``` -------------------------------- ### Coefficient Calculation Example Source: https://github.com/pyca/cryptography/blob/main/vectors/cryptography_vectors/asymmetric/RSA/oaep-custom/oaep-sha512-sha384.txt Shows an example of coefficient calculation. ```text 5d3e3ed7d1f9d16f629b12e94c888e0e05e975a970cc0107a01d23b199a5a1668bc84c3042ee589c8c032ca50095599a8301b80e6a76dc9a10fb5f0405d1c2f4852ad1fe2dc349a027ea324c56b86b781cf823662a6b8628da14cdfa6e530aaf83bd116ba05383161a489e15e5e60562b8601c4eb250f1c6395d10070e86fbbc ``` -------------------------------- ### Install Cryptography Dynamically Linking OpenSSL (Homebrew) Source: https://github.com/pyca/cryptography/blob/main/docs/installation.rst Installs OpenSSL 3 and Rust using Homebrew, then installs cryptography, dynamically linking against the Homebrew-provided OpenSSL. ```console $ brew install openssl@3 rust $ pip install --no-binary cryptography cryptography ``` -------------------------------- ### OAEP Encryption Example 4 Source: https://github.com/pyca/cryptography/blob/main/vectors/cryptography_vectors/asymmetric/RSA/oaep-custom/oaep-sha384-sha256.txt Example of OAEP encryption using SHA256 for hashing and SHA384 for MGF1. Requires appropriate library setup. ```text 6cc641b6b61e6f963974dad23a9013284ef1 ``` ```text 1cd173342912b51c6e9b0eca2f84b551df2fc24851b5f174db16617fa09ea2980a4aed469568ba48758992b7403db7f7448f51230bdafa65daa8dfddbb474fc2e0f60e001a9b7e3cc3b24deabda3837ffdb2b151bb247eccc21f0c367b141a3e4646a150c33c0e26eaa7bc494b4a6e3479b84eeb4949410a658abd226b29c79c0adc239514de979c38c88e95c294ddac1a23f68bdc1d1d65ed389d171c6af2cf779dfd6f251a3d4856fdc88e3a279d03a50d251c91538e7cea72f41f3ecad51e558c67f09ed400134015c1fdf1a60bd8bb57cf5d09d017622e1e53251caa0399a3e85a51b9bca076d9e66df874bafae72b841a63bd585bd66beba862ed85e6f8 ``` -------------------------------- ### Example 1: Initial Data and Key Source: https://github.com/pyca/cryptography/blob/main/vectors/cryptography_vectors/KDF/nist-800-108-KBKDF-CTR.txt This snippet shows an initial input string, its binary representation, and derived keys (KO, KI). It also includes data before and after a counter length. ```text instring = 69df2235d408ed41721fee54c7416b4f97b1eddcdb1f2936c0b144c7937803c99f28e0393e0c118a674071f6316f4db1c81e00000003b9c24347bcfc81f8c5fa Binary rep of i = 00000004 instring = 69df2235d408ed41721fee54c7416b4f97b1eddcdb1f2936c0b144c7937803c99f28e0393e0c118a674071f6316f4db1c81e00000004b9c24347bcfc81f8c5fa KO = d3e579784d8121c383ae47e383cb1278298c29df24c5b0bbce42f633e6c6ac0f COUNT=11 L = 256 KI = 0ffe03355f61ddd0acdc1dc1b675dc50 DataBeforeCtrLen = 50 DataBeforeCtrData = 76a35451d0ee2d65dc554e08e00e23a701e91818c7d2585ad807a500ff7f3abdf0221c9764bc995eba9d4ed48975b7c5668e DataAfterCtrLen = 10 DataAfterCtrData = 6f40b90ce58c5beeba84 ``` -------------------------------- ### OAEP Encryption Example 3 Source: https://github.com/pyca/cryptography/blob/main/vectors/cryptography_vectors/asymmetric/RSA/oaep-custom/oaep-sha384-sha256.txt Example of OAEP encryption using SHA256 for hashing and SHA384 for MGF1. Requires appropriate library setup. ```text d94cd0e08fa404ed89 ``` ```text 2a960824ed64eef6b3a264a8cb5ed3f7bf13d3ddf350c30774f419a5052b6a59d7640a95339b60deb1163dd3c14bb3ef06390f2c3bfd6507521c9583972cff7ff43f97209be6ba76b3fde7f44866e99367db3f9d9d5dc41961b9ba0ddc544915b1da6ffca8319b85e5eca531e2b07b2319b67363be55d4f60aa131f3fa9e333abf439815ef37ebd7a51104c8da234ef941fcf53156275a6388aa4aed3f1e08ea73388b6872d8c65f906b50741364672ad31eb207029a9e5ce8861ef79a6e5f9031d39e784fbd70a111bcc4ff70cf76ab88399dc22dc3a1a3bd8f09863bed74406a83671219d8dbe79541338b2699b0c527db9c462c233caf09f027aaf1a612f6 ``` -------------------------------- ### OAEP Encryption Example 2 Source: https://github.com/pyca/cryptography/blob/main/vectors/cryptography_vectors/asymmetric/RSA/oaep-custom/oaep-sha384-sha256.txt Example of OAEP encryption using SHA256 for hashing and SHA384 for MGF1. Requires appropriate library setup. ```text 4653acaf171960b01f52a7be63a3ab21dc368ec43b50d82ec3781e04 ``` ```text 2a449e29d12c097fe4b94ebf47676c96ddebcfdf236b9f10d85ca22c3b74ec35e1952adcb2ecd6dc95211fa0987dfed86398465da23c70d91b75dd721ddd7142ed54859fe1ecd0072dd00ad85d7af5621770a8f3b8bd9476dea5bf8a7c3b21efa7f9a583bd8ce0bcf4e50f16b6b49cea482f322cc74a1e2f288e82eef49c01a00cfe0741519fa9f670ea4633f42627e6f012ed4f0ac64ccc92fc905959fdb1e2cf8306cb61a01754bf5535f23c6075a7b54ef2e874a09b065ca93a563f92418f5637ee0d2654f1693c018c6e949fa884d1b1462f5d89a0274310ef8b88c1023e05c175f6a0d39b532d5bd908340ebe765cafa48626fbeb5e94be01063595f69e ``` -------------------------------- ### KBKDFHMAC Usage Example Source: https://github.com/pyca/cryptography/blob/main/docs/hazmat/primitives/key-derivation-functions.rst Demonstrates how to initialize and use KBKDFHMAC for key derivation and verification. Ensure correct algorithm, mode, and length parameters are provided. ```python import os >>> from cryptography.hazmat.primitives import hashes >>> from cryptography.hazmat.primitives.kdf.kbkdf import ( ... CounterLocation, ... KBKDFHMAC, ... Mode ... ) >>> label = b"KBKDF HMAC Label" >>> context = b"KBKDF HMAC Context" >>> kdf = KBKDFHMAC( ... algorithm=hashes.SHA256(), ... mode=Mode.CounterMode, ... length=32, ... rlen=4, ... llen=4, ... location=CounterLocation.BeforeFixed, ... label=label, ... context=context, ... fixed=None, ... ) >>> key = kdf.derive(b"input key") >>> kdf = KBKDFHMAC( ... algorithm=hashes.SHA256(), ... mode=Mode.CounterMode, ... length=32, ... rlen=4, ... llen=4, ... location=CounterLocation.BeforeFixed, ... label=label, ... context=context, ... fixed=None, ... ) >>> kdf.verify(b"input key", key) ``` -------------------------------- ### Data Construction with Counter and Key (COUNT=20) Source: https://github.com/pyca/cryptography/blob/main/vectors/cryptography_vectors/KDF/nist-800-108-KBKDF-CTR.txt This example illustrates data construction for COUNT=20, featuring a different key and data lengths. It's useful for understanding how varying parameters affect the output. ```text DataBeforeCtrLen = 50 DataBeforeCtrData = e24b4b26f50a1e10e068f9e773d6aa3bc45a122889a4faa0c5d4bc3df4cb85a4faf3da3918e387ab81d0f8295db16b7e97cc DataAfterCtrLen = 10 DataAfterCtrData = d40f2690dc4a1bee534e Binary rep of i = 0001 instring = e24b4b26f50a1e10e068f9e773d6aa3bc45a122889a4faa0c5d4bc3df4cb85a4faf3da3918e387ab81d0f8295db16b7e97cc0001d40f2690dc4a1bee534e Binary rep of i = 0002 instring = e24b4b26f50a1e10e068f9e773d6aa3bc45a122889a4faa0c5d4bc3df4cb85a4faf3da3918e387ab81d0f8295db16b7e97cc0002d40f2690dc4a1bee534e Binary rep of i = 0003 instring = e24b4b26f50a1e10e068f9e773d6aa3bc45a122889a4faa0c5d4bc3df4cb85a4faf3da3918e387ab81d0f8295db16b7e97cc0003d40f2690dc4a1bee534e ``` ```text KO = 055e26a0f1afa27e888df0ce620d177db1b41c81 ``` -------------------------------- ### OAEP Encryption Example 1 Source: https://github.com/pyca/cryptography/blob/main/vectors/cryptography_vectors/asymmetric/RSA/oaep-custom/oaep-sha384-sha256.txt Example of OAEP encryption using SHA256 for hashing and SHA384 for MGF1. Requires appropriate library setup. ```text 087820b569e8fa8d ``` ```text 68521853597e141e87689a027f72f361e13de49b3a12a9a4cc6aea7bc062074ad4d6b55e55c5360471b2de9fcfc9f9b90f47efc2a4b7e6d59b354d09cb4564d4815a936360cd84ea8e82f20c2be4eeb8f1f18aeaa9baebf655ad7acc8df2b184c4b1e2924d2d0197015a2227fe2f95d6662dbd87f89262861ed91f56d3fc6475057e2b087c713dabf867e134eec06031a98560ea22b44f4959a267e6671a019aa3703c80137e841cf437ef5a27ffe2250f2f7ddb0f6b15532a9574ff061b0f334704389d119b5bac785a432110ef3732b37fdf076f60b5042be708a503bed6ebb4660dbb82863333d0d4267aa3893dde95e1c61a07d1168f81663ebac0676aa5 ``` -------------------------------- ### ML-DSA Public Key Generation and Loading Example Source: https://github.com/pyca/cryptography/blob/main/docs/hazmat/primitives/asymmetric/mldsa.rst Demonstrates generating a private key, deriving its public key, serializing the public key to raw bytes, and then loading it back. ```python from cryptography.hazmat.primitives import serialization from cryptography.hazmat.primitives.asymmetric import mldsa private_key = mldsa.MLDSA87PrivateKey.generate() public_key = private_key.public_key() public_bytes = public_key.public_bytes( encoding=serialization.Encoding.Raw, format=serialization.PublicFormat.Raw ) loaded_public_key = mldsa.MLDSA87PublicKey.from_public_bytes(public_bytes) ``` -------------------------------- ### Get Naïve Certificate Not Valid Before Source: https://github.com/pyca/cryptography/blob/main/docs/x509/reference.rst Retrieves the naive datetime object representing the start of the certificate's validity period in UTC. This property is deprecated. ```python cert.not_valid_before datetime.datetime(2010, 1, 1, 8, 30) ``` -------------------------------- ### MultiFernet Key Rotation Example Source: https://github.com/pyca/cryptography/blob/main/docs/fernet.rst Demonstrates initializing MultiFernet with multiple keys, encrypting a message, and decrypting it. It also shows how to rotate a token using a new primary key. ```python >>> from cryptography.fernet import Fernet, MultiFernet >>> key1 = Fernet(Fernet.generate_key()) >>> key2 = Fernet(Fernet.generate_key()) >>> f = MultiFernet([key1, key2]) >>> token = f.encrypt(b"Secret message!") >>> token b'...' ``` ```python >>> f.decrypt(token) b'Secret message!' ``` ```python >>> from cryptography.fernet import Fernet, MultiFernet >>> key1 = Fernet(Fernet.generate_key()) >>> key2 = Fernet(Fernet.generate_key()) >>> f = MultiFernet([key1, key2]) >>> token = f.encrypt(b"Secret message!") >>> token b'...' ``` ```python >>> f.decrypt(token) b'Secret message!' ``` ```python >>> key3 = Fernet(Fernet.generate_key()) >>> f2 = MultiFernet([key3, key1, key2]) >>> rotated = f2.rotate(token) >>> f2.decrypt(rotated) b'Secret message!' ``` -------------------------------- ### Get Timezone-Aware Certificate Not Valid Before Source: https://github.com/pyca/cryptography/blob/main/docs/x509/reference.rst Retrieves the timezone-aware datetime object representing the start of the certificate's validity period in UTC. Available from version 42.0.0. ```python cert.not_valid_before_utc datetime.datetime(2010, 1, 1, 8, 30, tzinfo=datetime.timezone.utc) ``` -------------------------------- ### X963KDF Usage Example Source: https://github.com/pyca/cryptography/blob/main/docs/hazmat/primitives/key-derivation-functions.rst Demonstrates how to use the X963KDF to derive a key from input material and verify it. Ensure the algorithm, length, and sharedinfo are correctly configured. ```python import os from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives.kdf.x963kdf import X963KDF sharedinfo = b"ANSI X9.63 Example" xkdf = X963KDF( algorithm=hashes.SHA256(), length=32, sharedinfo=sharedinfo, ) key = xkdf.derive(b"input key") xkdf = X963KDF( algorithm=hashes.SHA256(), length=32, sharedinfo=sharedinfo, ) xkdf.verify(b"input key", key) ``` -------------------------------- ### OAEP Encryption Example 5 (SHA1, MGF1 SHA256) Source: https://github.com/pyca/cryptography/blob/main/vectors/cryptography_vectors/asymmetric/RSA/oaep-custom/oaep-sha256-sha1.txt Demonstrates OAEP encryption with SHA1 as the hashing algorithm and SHA256 for MGF1. Requires appropriate key setup. ```text 21026e6800c7fa728fcaaba0d196ae28d7a2ac4ffd8abce794f0985f60c8a6737277365d3fea11db8923a2029a ``` -------------------------------- ### Input String and Binary Representation Example 2 Source: https://github.com/pyca/cryptography/blob/main/vectors/cryptography_vectors/KDF/nist-800-108-KBKDF-CTR.txt This example shows a different set of input strings and their binary representations, along with associated cryptographic parameters like COUNT, L, KI, and FixedInputData. ```text Binary rep of i = 000001 instring = 34adf146e0168f8fa8b363f0d58d57502f3e0dbb8b7d1893471cddd1e70da8870a690c9bb888047ec2b69b40d11b11b366eb491143f2a39b28c163b6000001 Binary rep of i = 000002 instring = 34adf146e0168f8fa8b363f0d58d57502f3e0dbb8b7d1893471cddd1e70da8870a690c9bb888047ec2b69b40d11b11b366eb491143f2a39b28c163b6000002 Binary rep of i = 000003 instring = 34adf146e0168f8fa8b363f0d58d57502f3e0dbb8b7d1893471cddd1e70da8870a690c9bb888047ec2b69b40d11b11b366eb491143f2a39b28c163b6000003 KO = a47c85ef1fa94d617413213d9fac0e0649edc15cc96286305b8062f66b353788a8357c230aa35e7f COUNT=36 L = 320 KI = e01189337c6258820be14c47a5275e89 FixedInputDataByteLen = 60 FixedInputData = b0531b6556d4ad4d1a77ca7b1f5d64ace1ec7134394b97b458a3af2f8020082fc0c9c02f65a940f5f822117fd00c5a104f5bd7bf3b2bbe000b0fa898 ``` -------------------------------- ### OAEP Encryption Example 4 (SHA1, MGF1 SHA256) Source: https://github.com/pyca/cryptography/blob/main/vectors/cryptography_vectors/asymmetric/RSA/oaep-custom/oaep-sha256-sha1.txt Demonstrates OAEP encryption with SHA1 as the hashing algorithm and SHA256 for MGF1. Requires appropriate key setup. ```text 15c5b9ee1185 ``` ```text 33805f881ceaf9a62a6f2f3b962eaa25af9afe58f1b347c82701b9a79f06e3e9c642ba4460c805fbd428c1a7946e5e5309cc3001abc401a89c367cbd0195ec5b5470b305a410b6038e628ed8eae2937eff35c9b0f55a5867ec5fc3f4f08e504609d7d311b8426927b694600af268a64381befd5cde5c9824cfb543db2aa9468123a840ea8892788b30d91150567de607e0a93736fcec09522d4f9266679c99fd76fb0e1574b35966a1c55abc5aeb924ec13635fb6f5a77bb8d70366c279cf92dc856bc174f8c7aad5d16e8b80b19d017bf48319408ef9dc35bc4eef0cfe4ddb497febda64bf1805f212b259b84333268a0af9423b6cff673b038b33e890690ee ``` -------------------------------- ### HKDF Key Derivation and Verification Example Source: https://github.com/pyca/cryptography/blob/main/docs/hazmat/primitives/key-derivation-functions.rst Demonstrates how to use HKDF to derive a key from input material and then verify that derived key. Ensure you re-instantiate HKDF if you need to derive or verify again with the same parameters. ```python >>> import os >>> from cryptography.hazmat.primitives import hashes >>> from cryptography.hazmat.primitives.kdf.hkdf import HKDF >>> salt = os.urandom(16) >>> info = b"hkdf-example" >>> hkdf = HKDF( ... algorithm=hashes.SHA256(), ... length=32, ... salt=salt, ... info=info, ... ) >>> key = hkdf.derive(b"input key") >>> hkdf = HKDF( ... algorithm=hashes.SHA256(), ... length=32, ... salt=salt, ... info=info, ... ) >>> hkdf.verify(b"input key", key) ``` -------------------------------- ### Create and Sign an X.509 Certificate Source: https://github.com/pyca/cryptography/blob/main/docs/x509/reference.rst This example demonstrates how to build and sign an X.509 certificate using the CertificateBuilder. It covers setting essential fields like subject and issuer names, validity dates, serial number, public key, and extensions. The resulting certificate is then verified for its type. ```python from cryptography import x509 from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives.asymmetric import rsa from cryptography.x509.oid import NameOID import datetime one_day = datetime.timedelta(1, 0, 0) private_key = rsa.generate_private_key( public_exponent=65537, key_size=2048, ) public_key = private_key.public_key() builder = x509.CertificateBuilder() builder = builder.subject_name(x509.Name([ x509.NameAttribute(NameOID.COMMON_NAME, 'cryptography.io'), ])) builder = builder.issuer_name(x509.Name([ x509.NameAttribute(NameOID.COMMON_NAME, 'cryptography.io'), ])) builder = builder.not_valid_before(datetime.datetime.today() - one_day) builder = builder.not_valid_after(datetime.datetime.today() + (one_day * 30)) builder = builder.serial_number(x509.random_serial_number()) builder = builder.public_key(public_key) builder = builder.add_extension( x509.SubjectAlternativeName( [x509.DNSName('cryptography.io')] ), critical=False ) builder = builder.add_extension( x509.BasicConstraints(ca=False, path_length=None), critical=True, ) certificate = builder.sign( private_key=private_key, algorithm=hashes.SHA256(), ) isinstance(certificate, x509.Certificate) ``` -------------------------------- ### OAEP Encryption Example 3 (SHA1, MGF1 SHA256) Source: https://github.com/pyca/cryptography/blob/main/vectors/cryptography_vectors/asymmetric/RSA/oaep-custom/oaep-sha256-sha1.txt Demonstrates OAEP encryption with SHA1 as the hashing algorithm and SHA256 for MGF1. Requires appropriate key setup. ```text 308b0ecbd2c76cb77fc6f70c5edd233fd2f20929d629f026953bb62a8f4a3a314bde195de85b5f816da2aab074d26cb6acddf323ae3b9c678ac3cf12fbdde7 ``` ```text 96f9f81b66810361201921bd05f62667364f52ea3aeb16d94b6f491dab670540958e6ecf8b8e8dfd0e052fdd77732213b21031ae9a98a1462e7d371367bd600700f241ab92629e3751d07f172752ef4fb941d535ff4ac29a975a554788ec1937c91513a0d60a8d7948416797356022875c1a16619f73b6b8ffb4ee09936282616c15af44b24c0b9b849a90b95a6c84e76f6308dad1770f9eb48189bfddd605b0ecaf572ad5b1de6784ee023f8346280d5cf78831255cac827715cffd667eac603303fc8f557b8a0d1320cdada1f36b7835575b2fd864363cab837c20cc36b1af64bef9f1d681a219e1e6f3bffef1a52ef00019581f7d01422cf714ca6f5e8a8d ``` -------------------------------- ### OAEP Encryption Example 2 (SHA1, MGF1 SHA256) Source: https://github.com/pyca/cryptography/blob/main/vectors/cryptography_vectors/asymmetric/RSA/oaep-custom/oaep-sha256-sha1.txt Demonstrates OAEP encryption with SHA1 as the hashing algorithm and SHA256 for MGF1. Requires appropriate key setup. ```text a3b844a08239a8ac41605af17a6cfda4d350136585903a417a79268760519a4b4ac3303ec73f0f87cfb32399 ``` ```text 2945098ca2a3dc4f75cfb6b4ef106a870da5920c9acdb081b7213e1060323d389ac6cb30fb59fde1e2eb9ca249c79ccfdc789415e9c0945f6d9d5c0f9eab92b5858aa59729528a2d3b9920933c81ab70d1d27d6cae6e2c421e9b8c6c2414dff363b6247c8087a732592771c921951137f167af27b96229ba277bb4b04f27b2fbcafb0c4837efb685c33a470112a87baa55b0ce122494d0cb01cb1575d30476ffc4b6da3e52fcc259dc09627e7185bf286de4f5107136cf2ec499e1a800345d9a0fdf6ea4c58cbbd30f22d854642119ebb7c6959edfcaeb0881df93044f2b9a2be7e5a69fdd39c06489e2abc15402f32147c5c437d7527707a167224c28e27d42 ``` -------------------------------- ### Input String and Binary Representation Example 1 Source: https://github.com/pyca/cryptography/blob/main/vectors/cryptography_vectors/KDF/nist-800-108-KBKDF-CTR.txt Demonstrates the input string and its binary representation for a specific cryptographic operation. This example uses a fixed input data length and key. ```text instring = 53f64b1221116d26691b29161e599616b23babe0e95dbf0fa3811d872a69cd7e417ce50ed88630402b30527a9cc1a572072283f0bb0cd5cae8f49d7e000001 Binary rep of i = 000002 instring = 53f64b1221116d26691b29161e599616b23babe0e95dbf0fa3811d872a69cd7e417ce50ed88630402b30527a9cc1a572072283f0bb0cd5cae8f49d7e000002 Binary rep of i = 000003 instring = 53f64b1221116d26691b29161e599616b23babe0e95dbf0fa3811d872a69cd7e417ce50ed88630402b30527a9cc1a572072283f0bb0cd5cae8f49d7e000003 KO = 925387b0478e80a5c1cd9fcd06dfd52f785ecacb3b65afdccec613822cb3e7c271f7b56c8a25276e COUNT=35 L = 320 KI = 943ba6356f35905fac6533a84adf1ab5 FixedInputDataByteLen = 60 FixedInputData = 34adf146e0168f8fa8b363f0d58d57502f3e0dbb8b7d1893471cddd1e70da8870a690c9bb888047ec2b69b40d11b11b366eb491143f2a39b28c163b6 ``` -------------------------------- ### Prime Exponentiation Example Source: https://github.com/pyca/cryptography/blob/main/vectors/cryptography_vectors/asymmetric/RSA/oaep-custom/oaep-sha512-sha384.txt Demonstrates the calculation of a prime exponent. ```text aded6f13693f2255dabce132437077b5955ccc09a2fcabf49f439651e467544eb97c3a083c82a432133f1fae76011dc86bf94bdd86c8fda95c731bde4b7fae12c23f5285b7e1f6c136d53b6f26d15231b05c8fef92fe5ce516286e1d2d41e08540991a195b7a7b836336c7c9cd70b1fefee6fd2cb222ded4b5337555b73c8c55 ``` -------------------------------- ### OAEP Encryption Example 1 (SHA1, MGF1 SHA256) Source: https://github.com/pyca/cryptography/blob/main/vectors/cryptography_vectors/asymmetric/RSA/oaep-custom/oaep-sha256-sha1.txt Demonstrates OAEP encryption with SHA1 as the hashing algorithm and SHA256 for MGF1. Requires appropriate key setup. ```text af71a901e3a61d3132f0fc1fdb474f9ea6579257ffc24d164170145b3dbde8 ``` ```text 993dc6367efd57d84eccdc069aa335e685abeb097ab1e754dbb75ea3041c95ed3f119f0a61150b8776af764bd7ffbd786d576b2eaa83d768cebc96c006de83be7f957e851dc441a35f1f461dc336f7a4719a8b2a6d2c3d189d8ecdc9f2438741e827d7e1d76d6c2cb70e9170a0cbdecfa2a89774c5e1a85348a9a6727c2930544008ec85447cfb24a75094ddc097f6758a831ca8195ccd355f37626a6821254699eadd850de36ce4b883f6bf04022b05ee153c7408a9946256e1cee4e2ade2de7269f8fd326e3037259facd6c64ce15dab7be2ca3c5ba84eb8d59639d0e677c38dffdd0fde122a5025ffac4cb9742ec7352ada441dceb7c47a8d60d2206b0a19 ``` -------------------------------- ### OAEP Encryption Example (SHA256, MGF1 SHA224) Source: https://github.com/pyca/cryptography/blob/main/vectors/cryptography_vectors/asymmetric/RSA/oaep-custom/oaep-sha224-sha256.txt Demonstrates OAEP encryption using SHA256 for hashing and SHA224 for MGF1. Requires appropriate padding and key setup. ```python # OAEP Example 1 alg=sha256 mgf1=sha224 # Message: 087820b569e8fa8d # Encryption: 060d5d2cbb1a947fd59635ce5ef53ea59ba1f39a42780645f95564b68d15c7dd251464aa3de7f8d0a6d066f5a5e86c4f0d21f89dabbea80e662d313953cefc7e98d147ac3e8bb076b2a2917c9afd6d3808a9089541f4dd8685b59542059bbd9e0948d15f81f2f8472f8318fa7f7ce2611d1cc9a85f87c5da57a3ea7c1a06ca15f81ced0c2b336a7e8a22be36ea7d5fc01d1b8c3d4d49b71ff10b1170f5a81949b3b45a27c322ed6f6a7e0bedc76a66670bb4c463b41a116b74805d1e8a98645e5fe7dd9a41c1a218652141b239f9eb34ca9a8175ad2f845a4bc97546d69ccd1eab9a1d46360a77ec86dd579254260f3adcb846d34972c7323120ccc070d5d225 ``` ```python # OAEP Example 2 alg=sha256 mgf1=sha224 # Message: 4653acaf171960b01f52a7be63a3ab21dc368ec43b50d82ec3781e04 # Encryption: 010fa199ddf1bccd64e279528c0d0bc1d793f1a2701f13d41ce56df49a94d94d0685b0de2b2446134d76e30efbbe9e940978469b3abbdc4c0672c19ac9d5576360fd3518cac3037a22e10a8182ae0c6a743a9f403d6b72369060f86c46db1bfb2683e179e5aba7c9404945be5b6475542af014c327a6781c5e3ca2b57fc177f70d3399c8a0e2b841cfbd9fefaea05114f495b2f7f63a68f60c41ab3313cae847a9d736c7d41319602e8f7e7d16d2d51414af7607390160b98bdd4c8fba5d812e19e618d15dcd8d92ae97dd2ae196267e22d6c607c86e44ffc9c91b393f257fd25f129254bb26015e001602bbdd6d912004f7a8c96a87bb40ee1ea8952e47bf1f ``` ```python # OAEP Example 3 alg=sha256 mgf1=sha224 # Message: d94cd0e08fa404ed89 # Encryption: 5541667093f0f62b88400c39ad39b88cfa7b78265a329482a9d8f07582818487e75d485b7bffad561276e44e811b135a7b2a24b8a2c6113f2f70db69c4fb93e672c68846af0435a2432e0cc4ea8074081cf51f2128b0d70c5c083c507223803b0faac1a10a51e46ad5918c990dbaee544a17aa980a2f581108358c3ca4d5cb0bc5c6930ca2ccdfb9207fd1497fa96e61a29a1659506e9b028eb23405a70ad015ea4a753b1613729745e6b17465fc8114d7d880304e895f967e502581cf9e680bcf9f13d2759681e7b664f9ef6aaf5ee490e10483889eb309707d8952070c33d06dfe7df8de2077edd3f20a33296ba96b06c7ed8ebb1051e6518900aaef525fde ``` ```python # OAEP Example 4 alg=sha256 mgf1=sha224 # Message: 6cc641b6b61e6f963974dad23a9013284ef1 # Encryption: 093ab3f7c2f1e151223f4661831ab86c7d1db0908003c0fd5ccf6910d4d3254a4e10621d22bf702be293c26232f62038dc3fc27768dc32f3b50b09ffb01a3e32efe3c7a332fecca51c43cc77bce5913f7d5968f7fb54532b4f54604ced3d63a12fc6f8bf6edfc941c5f969cb043f075b9b579a60d89296f43e6123e253cfdcaad614a8461fd5838c7bf201470058d54e5a8f55277a926e36081504d3c36ea4d28b9ee8f58fa53a2280100d48f498b1ac2148707be6f38ad0c6b12c22dbef51ae2312716140eb1ff0d0e963c48d33af091091fa03ade433a59a3f5a6d915f98a29616cb073c49b1e3867dc1cd280ed5e3568379e5432a36e1542712bed3edad90 ``` -------------------------------- ### HKDFExpand Usage Example Source: https://github.com/pyca/cryptography/blob/main/docs/hazmat/primitives/key-derivation-functions.rst Demonstrates how to use HKDFExpand for deriving a key when the input key material is already cryptographically strong. It shows both key derivation and verification. ```python import os from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives.kdf.hkdf import HKDFExpand info = b"hkdf-example" key_material = os.urandom(16) hkdf = HKDFExpand( algorithm=hashes.SHA256(), length=32, info=info, ) key = hkdf.derive(key_material) hkdf = HKDFExpand( algorithm=hashes.SHA256(), length=32, info=info, ) hkdf.verify(key_material, key) ``` -------------------------------- ### Input String and Binary Representation Example 4 Source: https://github.com/pyca/cryptography/blob/main/vectors/cryptography_vectors/KDF/nist-800-108-KBKDF-CTR.txt This example showcases input strings and their binary representations with different cryptographic parameters, including a new KI and FixedInputData. ```text Binary rep of i = 000001 instring = 3c3d93d71a3fe8586dedf0e7c08bcbd8eb4d556120a960192bc73f02221771684fac89fe8e15fd9a673171eccda637b96acd0375b47a4ab1196a9d4c000001 Binary rep of i = 000002 instring = 3c3d93d71a3fe8586dedf0e7c08bcbd8eb4d556120a960192bc73f02221771684fac89fe8e15fd9a673171eccda637b96acd0375b47a4ab1196a9d4c000002 Binary rep of i = 000003 instring = 3c3d93d71a3fe8586dedf0e7c08bcbd8eb4d556120a960192bc73f02221771684fac89fe8e15fd9a673171eccda637b96acd0375b47a4ab1196a9d4c000003 KO = b993c0cd86990b6b958e19363ff855ea0d6103d3a0006de5860486fea57f1123bae0787008c11973 COUNT=38 L = 320 KI = 27bb85d4c8a35c805ccc530aede31ce4 FixedInputDataByteLen = 60 FixedInputData = 7fe2b9ebe7bae074a70b4b99200ac7e0568f67d88dfa1d2165474bdc20f00205c578964eb25775e34694ef0890df68b3409e0be5969b6ec290dac7bd ``` -------------------------------- ### Get Certificate Signature Algorithm OID Source: https://github.com/pyca/cryptography/blob/main/docs/x509/reference.rst Retrieves the Object Identifier (OID) of the signature algorithm used to sign the certificate. The output shows an example OID for sha256WithRSAEncryption. ```python cert.signature_algorithm_oid ``` -------------------------------- ### PKCS12 Serialization Example Source: https://github.com/pyca/cryptography/blob/main/docs/hazmat/primitives/asymmetric/serialization.rst Demonstrates how to serialize a private key and certificates using the PKCS12 format with custom encryption settings. Requires specifying KDF rounds, key/certificate algorithm, and HMAC hash. ```python from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives.serialization import PrivateFormat, pkcs12 encryption = ( PrivateFormat.PKCS12.encryption_builder(). kdf_rounds(50000). key_cert_algorithm(pkcs12.PBES.PBESv2SHA256AndAES256CBC). hmac_hash(hashes.SHA256()).build(b"my password") ) p12 = pkcs12.serialize_key_and_certificates( b"friendlyname", key, None, None, encryption ) ```