Skip to content

Commit bd9b5c3

Browse files
Merge pull request #28 from Mastercard/security-issues
fixing security issues
2 parents 01cb223 + b1782ac commit bd9b5c3

File tree

2 files changed

+9
-9
lines changed

2 files changed

+9
-9
lines changed

client_encryption/encryption_utils.py

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,9 @@
11
from Crypto.PublicKey import RSA
22
from Crypto.Hash import SHA1, SHA224, SHA256, SHA384, SHA512
3-
from OpenSSL.crypto import load_certificate, load_pkcs12, dump_privatekey, FILETYPE_PEM, FILETYPE_ASN1, Error
3+
from OpenSSL.crypto import load_certificate, FILETYPE_PEM, FILETYPE_ASN1, Error
44
from client_encryption.encryption_exception import CertificateError, PrivateKeyError, HashAlgorithmError
5-
5+
from cryptography.hazmat.primitives.serialization import pkcs12
6+
from cryptography.hazmat.primitives import serialization
67

78
_SUPPORTED_HASH = {"SHA1": SHA1, "SHA224": SHA224, "SHA256": SHA256, "SHA384": SHA384, "SHA512": SHA512}
89

@@ -40,11 +41,10 @@ def load_decryption_key(key_file_path, decryption_key_password=None):
4041
raise PrivateKeyError("Wrong decryption key format.")
4142

4243

43-
def __load_pkcs12_private_key(pkcs12_key, password):
44+
def __load_pkcs12_private_key(pkcs_file, password):
4445
"""Load a private key in ASN1 format out of a PKCS#12 container."""
45-
46-
pkcs12 = load_pkcs12(pkcs12_key, password.encode("utf-8")).get_privatekey()
47-
return dump_privatekey(FILETYPE_ASN1, pkcs12)
46+
private_key, certs, addcerts = pkcs12.load_key_and_certificates(pkcs_file, password.encode("utf-8"))
47+
return private_key.private_bytes(serialization.Encoding.PEM, serialization.PrivateFormat.TraditionalOpenSSL, serialization.NoEncryption())
4848

4949

5050
def __get_crypto_file_type(file_content):

requirements.txt

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
1-
pycryptodome==3.8.1
2-
pyOpenSSL>=22.1.0,<=23.2.0
1+
pycryptodome==3.19.1
2+
pyOpenSSL>=23.3.0
33
setuptools>=39.0.1
44
coverage>=4.5.3
5-
cryptography>=39.0.0
5+
cryptography>=42.0.0

0 commit comments

Comments
 (0)