Logo Search packages:      
Sourcecode: paramiko version File versions  Download package

def paramiko::pkey::PKey::_write_private_key_file (   self,
  tag,
  filename,
  data,
  password = None 
) [private]

Write an SSH2-format private key file in a form that can be read by
paramiko or openssh.  If no password is given, the key is written in
a trivially-encoded format (base64) which is completely insecure.  If
a password is given, DES-EDE3-CBC is used.

@param tag: C{"RSA"} or C{"DSA"}, the tag used to mark the data block.
@type tag: str
@param filename: name of the file to write.
@type filename: str
@param data: data blob that makes up the private key.
@type data: str
@param password: an optional password to use to encrypt the file.
@type password: str

@raise IOError: if there was an error writing the file.

Definition at line 292 of file pkey.py.

00292                                                                          :
        """
        Write an SSH2-format private key file in a form that can be read by
        paramiko or openssh.  If no password is given, the key is written in
        a trivially-encoded format (base64) which is completely insecure.  If
        a password is given, DES-EDE3-CBC is used.

        @param tag: C{"RSA"} or C{"DSA"}, the tag used to mark the data block.
        @type tag: str
        @param filename: name of the file to write.
        @type filename: str
        @param data: data blob that makes up the private key.
        @type data: str
        @param password: an optional password to use to encrypt the file.
        @type password: str

        @raise IOError: if there was an error writing the file.
        """
        f = open(filename, 'w', 0600)
        # grrr... the mode doesn't always take hold
        os.chmod(filename, 0600)
        f.write('-----BEGIN %s PRIVATE KEY-----\n' % tag)
        if password is not None:
            # since we only support one cipher here, use it
            cipher_name = self._CIPHER_TABLE.keys()[0]
            cipher = self._CIPHER_TABLE[cipher_name]['cipher']
            keysize = self._CIPHER_TABLE[cipher_name]['keysize']
            blocksize = self._CIPHER_TABLE[cipher_name]['blocksize']
            mode = self._CIPHER_TABLE[cipher_name]['mode']
            salt = randpool.get_bytes(8)
            key = util.generate_key_bytes(MD5, salt, password, keysize)
            if len(data) % blocksize != 0:
                n = blocksize - len(data) % blocksize
                #data += randpool.get_bytes(n)
                # that would make more sense ^, but it confuses openssh.
                data += '\0' * n
            data = cipher.new(key, mode, salt).encrypt(data)
            f.write('Proc-Type: 4,ENCRYPTED\n')
            f.write('DEK-Info: %s,%s\n' % (cipher_name, util.hexify(salt)))
            f.write('\n')
        s = base64.encodestring(data)
        # re-wrap to 64-char lines
        s = ''.join(s.split('\n'))
        s = '\n'.join([s[i : i+64] for i in range(0, len(s), 64)])
        f.write(s)
        f.write('\n')
        f.write('-----END %s PRIVATE KEY-----\n' % tag)
        f.close()
        f.close()


Generated by  Doxygen 1.6.0   Back to index