11. windows.crypto
– CryptoAPI¶
The windows.crypto
module offers some wrappers arround the CryptoAPI.
The main goal of this module (for now) is providing simple encryption/decryption methods.
11.1. Encryption¶
Note
See sample Encryption demo
11.1.1. encrypt¶
- windows.crypto.encrypt(cert_or_certlist, msg, algo=szOID_NIST_AES256_CBC('2.16.840.1.101.3.4.1.42'), initvector=GenerateInitVector())[source]¶
Encrypt
msg
one or manyCertificate
usingalgo
with the initial vectorinitvector
.If
geninitvector
is left as it is, it will generate a random one.Algorithms supported by
GenerateInitVector
are:szOID_OIWSEC_desCBC
szOID_RSA_DES_EDE3_CBC
szOID_NIST_AES128_CBC
szOID_NIST_AES192_CBC
szOID_NIST_AES256_CBC
- Parameters:
cert_or_certlist (
Certificate
| [Certificate
]) – One or manyCertificate
used to encrypt the msg- Returns:
bytearray
: The encrypted message
11.1.2. decrypt¶
- windows.crypto.decrypt(cert_store, encrypted)[source]¶
Try to decrypt the
encrypted
msg with any certificate incert_store
.If there is no certificate able to decrypt the message
WinproxyError(winerror=0x8009200c)
is raised.- Parameters:
cert_store (
CertificateStore
)- Returns:
str
: The decrypted message
11.1.3. import_pfx¶
11.2. Certificate¶
Note
See sample Certificate demo
11.2.1. Certificate¶
- class windows.crypto.Certificate[source]¶
Bases:
_CERT_CONTEXT
Represent a Certificate
- property chains¶
The list of chain context available for this certificate. Each elements of this list is a list of
Certificate
that should go from theself
certificate to a trusted certificate.- Type:
[[
Certificate
]] – A list of chain (list) ofCertificate
- property distinguished_name¶
The distinguished name (DN) of the certificate.
Example:
>>> x <Certificate "Microsoft Windows Production PCA 2011" serial="61 07 76 56 00 00 00 00 00 08"> >>> x.distinguished_name 'C=US, S=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011'
- Type:
str
- duplicate()[source]¶
Duplicate the certificate by incrementing the internal refcount. (see CertDuplicateCertificateContext)
note: The object returned is
self
- Returns:
- property encoded¶
The encoded certificate.
- Type:
bytearray
- classmethod from_buffer(data)[source]¶
Create a
Certificate
from the bufferdata
- Returns:
- classmethod from_file(filename)[source]¶
Create a
Certificate
from the filefilename
- Returns:
- get_name(nametype=CERT_NAME_SIMPLE_DISPLAY_TYPE(0x4), param_type=0, flags=0)[source]¶
Retrieve the subject or issuer name of the certificate. See CertGetNameStringA
- Returns:
str
- property issuer¶
The name of the certificate’s issuer.
- Type:
str
- property name¶
The name of the certificate.
- Type:
str
- property raw_serial¶
The raw serial number of the certificate.
- Type:
[
int
]: A list of int0 <= x <= 255
- property serial¶
The string representation of the certificate’s serial.
- Type:
str
- property store¶
The certificate store that contains the certificate
- Type:
- property thumbprint¶
The thumbprint of the certificate (which is the sha1 of the encoded cert).
Example:
>>> x <Certificate "YOLO2" serial="6f 1d 3e 7d d9 77 59 a9 4c 1c 53 dc 80 db 0c fe"> >>> x.thumbprint 'E2 A2 DB 76 A1 DD 8E 70 0D C6 9F CB 71 CF 29 12 C6 D9 78 97'
- Type:
str
- property version¶
The version number of the certificate
- Type:
int
11.2.2. CertificateStore¶
- class windows.crypto.CertificateStore[source]¶
A certificate store
- property certs¶
The list of certificates in the store
- Type:
[
Certificate
] – A list of certificate
- find(issuer, serialnumber)[source]¶
Return the certificate that match issuer and serialnumber
- Returns:
Certificate
–None
if certificate is not found
- classmethod from_file(filename)[source]¶
Create a new
CertificateStore
fromfilename
- from_param()¶
Convert a Python object into a function call parameter.
- classmethod from_system_store(store_name)[source]¶
Create a new
CertificateStore
from system storestore_name
(see System Store Locations)
- classmethod new_in_memory()[source]¶
Create a new temporary
CertificateStore
in memory
- value¶
current value
11.2.3. CryptObject¶
- class windows.crypto.CryptObject(filename, content_type=CERT_QUERY_CONTENT_FLAG_ALL(0x3ffe))[source]¶
Extract information from an CryptoAPI object. (see CryptQueryObject)
Current main use is extracting the signers certificates from a PE file.
- cert_store¶
The
CertificateStore
that includes all of the certificates, CRLs, and CTLs in the object
- content_type¶
The type of the opened message
- crypt_msg¶
The
CryptMessage
for anyPKCS7
content in the object
- property signers_and_certs¶
The list of signer info and certificates signing the object.
- Return type:
Note
CMSG_SIGNER_INFO
might be changed to a wrapping-subclass.
11.2.4. CryptMessage¶
- class windows.crypto.CryptMessage[source]¶
Represent a PKCS #7 message (see Low-level Message Functions)
- property certs¶
The list of
Certificate
embded in the message
- classmethod from_buffer(object, offset=0) C instance [source]¶
create a C instance from a writeable buffer
- from_param()¶
Convert a Python object into a function call parameter.
- get_cert(index=0)[source]¶
Return embded
Certificate
numberindex
.Note
Not all embded certificate are directly used to sign the
CryptObject
.
- property nb_cert¶
The number of certificate embded in the
CryptObject
- Type:
int
- property nb_recipient¶
TODO: DOC
- property nb_signer¶
The number of signers for the CryptObject
- Type:
int
- property recipients¶
TODO: DOC
- property signers¶
The list of
CMSG_SIGNER_INFO
embed in the message
- value¶
current value
11.2.5. CryptContext¶
- class windows.crypto.CryptContext(pszContainer=None, pszProvider=None, dwProvType=0, dwFlags=0, retrycreate=False)[source]¶
A context manager arround
CryptAcquireContextW
&CryptReleaseContext
Note
see usage in sample Encryption demo (function
genkeys
)- contents¶
the object this pointer points to (read-write)
11.3. Generating componants¶
This module is used to generate selfsigned-certificates / keypair and pfx file.
Note
See genkeys()
in the sample Encryption demo
11.3.1. generate_selfsigned_certificate¶
- windows.crypto.generation.generate_selfsigned_certificate(name='CN=DEFAULT', prov=None, key_info=None, flags=0, signature_algo=None)[source]¶
Generate a selfsigned certificate.
See CertCreateSelfSignCertificate
- Returns: