ocheron / cryptostore Goto Github PK
View Code? Open in Web Editor NEWSerialization of cryptographic data types
License: Other
cryptostore's People
Contributors
Stargazers
Watchers
cryptostore's Issues
Reading CMS from raw ASN1
Hi,
I have found your library as an option to implement the https://tools.ietf.org/html/rfc6488 for RPKI objects. What I need is to parse them and verify signatures and cryptostore seems to be a reasonable solution for that. However, I can see that it is only possible to read PEM-formated objects at the moment, while I have raw ASN1 binaries. I tried to use something like this
case decodeASN1Repr' BER bs of
Left _ -> Nothing
Right asns ->
case runParseASN1State_ s of
...
to get, say, Maybe ContentInfo but all these functions are in hidden modules.
- So, is there a way to have something like [(ASN1, e)] -> Either Error ContentInfo?
- Could you point me to some example of signature verification for CMS objects? RFC is not exactly clear about it, so it would be nice to see an example of verifySignedData usage or something of that sort.
Thanks.
`crypton` support?
This library has been very useful to me; I use it with tls to output certificates. However tls has moved on from x509 to crypton-x509, but this library only works with x509. I would like to request crypton support. I don't know if that can be integrated here or if it should be a fork.
Streaming
ASN.1 generation and parsing should be reworked to allow content streaming.
Including the certificate signing request format/PKCS#10?
This is perhaps a wider topic, because it requires some non-trivial amount of work, but is there any interest in adding PKCS#10 support to cryptostore? There is already an existing library (pkcs10), but isn't actively developed.
My ulterior motive is to sign CSRs with a CAs key so that they can be eventually put in PKCS#12 containers and installed in browsers. But currently I haven't been able to find a way to do this in haskell. But it would help if the crypto formats lived in the same library and shared types, so result would be more easily achived.
Test failures on s390x architecture
When builiding cryptostore 0.2.2.0 on Debian unstable, we're seeing a number of test failures, but only on s390x architecture:
Test suite test-cryptostore: RUNNING...
cryptostore
KeyWrap.AES
AES128
properties
unwrap . wrap == id: OK (0.12s)
+++ OK, passed 100 tests.
unwrapPad . wrapPad == id: OK
+++ OK, passed 100 tests.
vectors
1
Wrap: OK
Unwrap: OK
AES192
properties
unwrap . wrap == id: OK (0.11s)
+++ OK, passed 100 tests.
unwrapPad . wrapPad == id: OK
+++ OK, passed 100 tests.
vectors
1
Wrap: OK
Unwrap: OK
2
Wrap: OK
Unwrap: OK
Pad1
Wrap: OK
Unwrap: OK
Pad2
Wrap: OK
Unwrap: OK
AES256
properties
unwrap . wrap == id: OK (0.13s)
+++ OK, passed 100 tests.
unwrapPad . wrapPad == id: OK (0.01s)
+++ OK, passed 100 tests.
vectors
1
Wrap: OK
Unwrap: OK
2
Wrap: OK
Unwrap: OK
3
Wrap: OK
Unwrap: OK
KeyWrap.TripleDES
3DES_EDE
properties
unwrap . wrap == id: OK (0.43s)
+++ OK, passed 10 tests.
vectors
1
Wrap: OK (0.02s)
Unwrap: OK (0.02s)
3DES_EEE
properties
unwrap . wrap == id: OK (0.43s)
+++ OK, passed 10 tests.
2DES_EDE
properties
unwrap . wrap == id: OK (0.45s)
+++ OK, passed 10 tests.
2DES_EEE
properties
unwrap . wrap == id: OK (0.42s)
+++ OK, passed 10 tests.
KeyWrap.RC2
properties
unwrap . wrap == id: OK (0.02s)
+++ OK, passed 100 tests.
vectors
1
Wrap: FAIL
tests/KeyWrap/RC2.hs:81:
expected: Right "p\230\153\251W\SOH\247\131\&30\251q\232|\133\164 \189\201\154\240]\"\175Z\SO\&H\211_18\152l\186\175\180\178\141O5"
but got: Right "J\235\238e\238\183\131/\219\164\129X\252\217m\164\162\147A\216\132D\US\228d\145\213\247\208C^\252\164\163\197\191-\227\158\240"
Use -p '/KeyWrap.RC2.vectors.1.Wrap/' to rerun this test only.
Unwrap: FAIL
tests/KeyWrap/RC2.hs:82:
expected: Right "\183\n%\251\201\216j\134\ENQ\f\224\215\DC1\234\212\217"
but got: Left BadChecksum
Use -p '/KeyWrap.RC2.vectors.1.Unwrap/' to rerun this test only.
2
Wrap: FAIL
tests/KeyWrap/RC2.hs:81:
expected: Right "\244\216\STX\FS\RS\164c\210\ETB\169\235i)\255\165w6\211\226\ETX\134\201\t\147\131[K\228\173\141\138\ESC\198;%\222+\247y\147"
but got: Right "\CAN#\DC3\fk+\NAKF\225\SUB1!\173\129L\187T\247\r\164\176Y\250aG%u\249\201\199K\NAK\176\227-\184Ev\194\FS"
Use -p '/KeyWrap.RC2.vectors.2.Wrap/' to rerun this test only.
Unwrap: FAIL
tests/KeyWrap/RC2.hs:82:
expected: Right "\183\n%\251\201\216j\134\ENQ\f\224\215\DC1\234\212\217"
but got: Left BadChecksum
Use -p '/KeyWrap.RC2.vectors.2.Unwrap/' to rerun this test only.
Cipher.RC2
properties
decrypt . encrypt == id: OK
+++ OK, passed 100 tests.
vectors
1
Encrypt: FAIL
tests/Cipher/RC2.hs:105:
expected: "\235\183s\249\147'\142\255"
but got: "\183\235\249s'\147\255\142"
Use -p '/1.Encrypt/' to rerun this test only.
Decrypt: FAIL
tests/Cipher/RC2.hs:106:
expected: "\NUL\NUL\NUL\NUL\NUL\NUL\NUL\NUL"
but got: "\133\SO\203z;v<\SI"
Use -p '/1.Decrypt/' to rerun this test only.
2
Encrypt: FAIL
tests/Cipher/RC2.hs:105:
expected: "'\139'\228./\rI"
but got: "\139'\228'/.I\r"
Use -p '/2.Encrypt/' to rerun this test only.
Decrypt: FAIL
tests/Cipher/RC2.hs:106:
expected: "\255\255\255\255\255\255\255\255"
but got: "\179UEL\134\DC1\235\216"
Use -p '/2.Decrypt/' to rerun this test only.
3
Encrypt: FAIL
tests/Cipher/RC2.hs:105:
expected: "0d\158\223\155\231\210\194"
but got: "W7x\DC3\133\STX\194)"
Use -p '/3.Encrypt/' to rerun this test only.
Decrypt: FAIL
tests/Cipher/RC2.hs:106:
expected: "\DLE\NUL\NUL\NUL\NUL\NUL\NUL\SOH"
but got: "\209\232\CANK.\190\180\EM"
Use -p '/3.Decrypt/' to rerun this test only.
4
Encrypt: FAIL
tests/Cipher/RC2.hs:105:
expected: "a\168\162D\173\172\204\240"
but got: "\168aD\162\172\173\240\204"
Use -p '/4.Encrypt/' to rerun this test only.
Decrypt: FAIL
tests/Cipher/RC2.hs:106:
expected: "\NUL\NUL\NUL\NUL\NUL\NUL\NUL\NUL"
but got: "b\158\247\244fa\171`"
Use -p '/4.Decrypt/' to rerun this test only.
5
Encrypt: FAIL
tests/Cipher/RC2.hs:105:
expected: "l\207C\b\151L&\DEL"
but got: "\207l\bCL\151\DEL&"
Use -p '/5.Encrypt/' to rerun this test only.
Decrypt: FAIL
tests/Cipher/RC2.hs:106:
expected: "\NUL\NUL\NUL\NUL\NUL\NUL\NUL\NUL"
but got: "V\RS}#\194\217PF"
Use -p '/5.Decrypt/' to rerun this test only.
6
Encrypt: FAIL
tests/Cipher/RC2.hs:105:
expected: "\SUB\128}'+\190]\177"
but got: "\128\SUB'}\190+\177]"
Use -p '/6.Encrypt/' to rerun this test only.
Decrypt: FAIL
tests/Cipher/RC2.hs:106:
expected: "\NUL\NUL\NUL\NUL\NUL\NUL\NUL\NUL"
but got: "7\146fw3\DEL\249\184"
Use -p '/6.Decrypt/' to rerun this test only.
7
Encrypt: FAIL
tests/Cipher/RC2.hs:105:
expected: "\"iU*\176\248\\\166"
but got: "i\"*U\248\176\166\\"
Use -p '/7.Encrypt/' to rerun this test only.
Decrypt: FAIL
tests/Cipher/RC2.hs:106:
expected: "\NUL\NUL\NUL\NUL\NUL\NUL\NUL\NUL"
but got: "\248\156*\166\DEL\171W\218"
Use -p '/7.Decrypt/' to rerun this test only.
8
Encrypt: FAIL
tests/Cipher/RC2.hs:105:
expected: "[x\211\164=\255\241\241"
but got: "x[\164\211\255=\241\241"
Use -p '/vectors.8.Encrypt/' to rerun this test only.
Decrypt: FAIL
tests/Cipher/RC2.hs:106:
expected: "\NUL\NUL\NUL\NUL\NUL\NUL\NUL\NUL"
but got: "\233\218\167&pv\EOT\a"
Use -p '/8.Decrypt/' to rerun this test only.
CMS
Data
read: OK
write: OK
SignedData: OK
verifying RSA
verifying DSA
verifying EC (named curve)
verifying EC (explicit prime curve)
verifying RSA-PSS
SignedDataDetached: OK
verifying RSA
verifying DSA
verifying EC (named curve)
verifying EC (explicit prime curve)
verifying RSA-PSS
EnvelopedData
KTRI: FAIL
testing 3DES_CBC with RSAES-PKCS1
testing 3DES_CBC with RSAES-OAEP
testing AES128_CBC with RSAES-PKCS1
testing AES128_CBC with RSAES-OAEP
testing AES192_CBC with RSAES-PKCS1
testing AES192_CBC with RSAES-OAEP
testing AES256_CBC with RSAES-PKCS1
testing AES256_CBC with RSAES-OAEP
testing CAST5_CBC (128 bits) with RSAES-PKCS1
testing CAST5_CBC (128 bits) with RSAES-OAEP
testing Camellia128_CBC with RSAES-PKCS1
testing Camellia128_CBC with RSAES-OAEP
testing RC2 (128 bits) with RSAES-PKCS1
tests/Util.hs:31:
expecting Right but got: Left DecryptionFailed
Use -p '/KTRI/' to rerun this test only.
KARI: FAIL (0.20s)
testing 3DES_CBC with SHA1 (0.03s)
testing 3DES_CBC with SHA224 (0.03s)
testing 3DES_CBC with SHA256 (0.03s)
testing 3DES_CBC with SHA384 (0.03s)
testing 3DES_CBC with SHA512 (0.03s)
testing AES128_CBC with SHA1
testing AES128_CBC with SHA224
testing AES128_CBC with SHA256
testing AES128_CBC with SHA384
testing AES128_CBC with SHA512
testing AES192_CBC with SHA1
testing AES192_CBC with SHA224
testing AES192_CBC with SHA256
testing AES192_CBC with SHA384
testing AES192_CBC with SHA512
testing AES256_CBC with SHA1
testing AES256_CBC with SHA224
testing AES256_CBC with SHA256
testing AES256_CBC with SHA384
testing AES256_CBC with SHA512
testing CAST5_CBC (128 bits) with SHA1
testing CAST5_CBC (128 bits) with SHA224
testing CAST5_CBC (128 bits) with SHA256
testing CAST5_CBC (128 bits) with SHA384
testing CAST5_CBC (128 bits) with SHA512
testing Camellia128_CBC with SHA1
testing Camellia128_CBC with SHA224
testing Camellia128_CBC with SHA256
testing Camellia128_CBC with SHA384
testing Camellia128_CBC with SHA512
testing RC2 (128 bits) with SHA1
tests/Util.hs:31:
expecting Right but got: Left DecryptionFailed
Use -p '/KARI/' to rerun this test only.
KEKRI: FAIL
testing 3DES_CBC
testing AES128_CBC
testing AES192_CBC
testing AES256_CBC
testing CAST5_CBC (128 bits)
testing Camellia128_CBC
testing RC2 (128 bits)
tests/Util.hs:31:
expecting Right but got: Left DecryptionFailed
Use -p '/KEKRI/' to rerun this test only.
PWRI: FAIL (0.01s)
testing 3DES_CBC (0.02s)
testing AES128_CBC
testing AES192_CBC
testing AES256_CBC
testing CAST5_CBC (128 bits)
testing Camellia128_CBC
testing RC2 (128 bits)
tests/Util.hs:31:
expecting Right but got: Left InvalidInput "keyUnwrap: invalid wrapped key"
Use -p '/PWRI/' to rerun this test only.
DigestedData: OK
verifying MD5
digesting MD5
verifying SHA1
digesting SHA1
verifying SHA224
digesting SHA224
verifying SHA256
digesting SHA256
verifying SHA384
digesting SHA384
verifying SHA512
digesting SHA512
EncryptedData: FAIL (0.01s)
decrypting DES_CBC
encrypting DES_CBC
decrypting 3DES_CBC
encrypting 3DES_CBC
decrypting AES128_CBC
encrypting AES128_CBC
decrypting AES192_CBC
encrypting AES192_CBC
decrypting AES256_CBC
encrypting AES256_CBC
decrypting CAST5_CBC (40 bits)
encrypting CAST5_CBC (40 bits)
decrypting CAST5_CBC (128 bits)
encrypting CAST5_CBC (128 bits)
decrypting Camellia128_CBC
encrypting Camellia128_CBC
decrypting RC2 (40 bits)
tests/Util.hs:31:
expecting Right but got: Left DecryptionFailed
Use -p '/EncryptedData/' to rerun this test only.
AuthEnvelopedData: OK (0.04s)
testing vector 0 (0.02s)
testing encoded vector 0 (0.02s)
testing vector 1
testing encoded vector 1
properties
marshalling: OK (23.40s)
+++ OK, passed 100 tests:
56% 0 .. 1 KB
10% 3 .. 4 KB
9% 1 .. 2 KB
6% 2 .. 3 KB
4% 7 .. 8 KB
4% 9 .. 10 KB
2% 11 .. 12 KB
2% 5 .. 6 KB
2% 6 .. 7 KB
2% 8 .. 9 KB
1% 13 .. 14 KB
1% 17 .. 18 KB
1% 4 .. 5 KB
signing: OK (23.99s)
+++ OK, passed 100 tests:
11% Ed25519
10% RSA SHA512
8% DSA SHA224
7% ECDSA SHA256
7% Ed448
7% RSA SHA1
6% DSA SHA1
6% DSA SHA256
6% RSA MD5
5% RSA SHA224
4% ECDSA SHA1
4% ECDSA SHA224
4% RSA MD2
4% RSAAnyHash
3% ECDSA SHA384
2% RSA SHA256
1% ECDSA SHA512
1% RSA SHA384
1% RSAPSS (PSSParams {pssHashAlgorithm = MD2, pssMaskGenAlgorithm = MGF1 SHAKE256_512, pssSaltLength = 17})
1% RSAPSS (PSSParams {pssHashAlgorithm = MD5, pssMaskGenAlgorithm = MGF1 MD5, pssSaltLength = 1})
1% RSAPSS (PSSParams {pssHashAlgorithm = SHAKE256 Proxy, pssMaskGenAlgorithm = MGF1 MD4, pssSaltLength = 9})
1% RSAPSS (PSSParams {pssHashAlgorithm = SHAKE256_512, pssMaskGenAlgorithm = MGF1 SHA256, pssSaltLength = 6})
enveloping: OK (55.76s)
+++ OK, passed 100 tests:
9% Camellia128_CTR
8% AES128_ECB
8% Camellia128_CFB
7% Camellia128_ECB
6% AES192_CBC
6% CAST5_CBC
6% DES_ECB
5% AES128_CBC
5% AES128_CFB
5% AES256_CBC
5% DES_CBC
5% DES_CFB
5% DES_EDE3_CBC
4% AES192_CFB
4% AES192_ECB
4% Camellia128_CBC
3% AES256_ECB
3% RC2_CBC
2% AES256_CFB
digesting: OK (24.84s)
+++ OK, passed 100 tests:
13% SHA512
11% SHAKE256 Proxy
10% SHA384
9% SHAKE128 Proxy
9% SHAKE256_512
8% MD5
8% SHA1
8% SHA224
8% SHAKE128_256
7% MD2
7% SHA256
2% MD4
encrypting: OK (22.12s)
+++ OK, passed 100 tests:
8% Camellia128_CFB
7% AES192_CBC
7% AES192_CFB
7% DES_ECB
7% RC2_CBC
6% AES128_ECB
6% AES256_CBC
6% DES_CFB
5% AES128_CBC
5% AES128_CFB
5% AES192_ECB
5% AES256_ECB
5% Camellia128_CBC
5% Camellia128_ECB
4% AES256_CFB
4% Camellia128_CTR
4% DES_CBC
3% DES_EDE3_CBC
1% CAST5_CBC
authenticating: OK (40.36s)
+++ OK, passed 100 tests:
21% HMAC SHA384
18% HMAC SHA512
17% HMAC SHA256
16% HMAC MD5
14% HMAC SHA1
14% HMAC SHA224
enveloping with authentication: OK (32.05s)
+++ OK, passed 100 tests:
14% AES128_CCM
14% AUTH_ENC_256
14% CHACHA20_POLY1305
13% AES192_CCM
12% AES256_GCM
10% AES256_CCM
9% AES128_GCM
9% AES192_GCM
5% AUTH_ENC_128
X509
RSA
read public key: OK
read certificate: OK
same key: OK
write certificate: OK
write public key: OK
DSA
read public key: OK
read certificate: OK
same key: OK
write certificate: OK
write public key: OK
EC (named curve)
read public key: OK
read certificate: OK
same key: OK
write certificate: OK
write public key: OK
X25519
read public key: OK
read certificate: OK
same key: OK
write certificate: OK
write public key: OK
X448
read public key: OK
read certificate: OK
same key: OK
write certificate: OK
write public key: OK
Ed25519
read public key: OK
read certificate: OK
same key: OK
write certificate: OK
write public key: OK
Ed448
read public key: OK
read certificate: OK
same key: OK
write certificate: OK
write public key: OK
properties
marshalling public keys: OK (1.37s)
+++ OK, passed 100 tests.
marshalling certificates: OK (1.26s)
+++ OK, passed 100 tests.
marshalling CRLs: OK (0.03s)
+++ OK, passed 100 tests.
PKCS8
RSA
PrivateKey
read outer: OK
read inner: OK
same key: OK
write outer: OK
write inner: OK
EncryptedPrivateKey
PBES1
read unencrypted: OK
read encrypted: OK
same keys: FAIL (0.58s)
tests/PKCS8/Tests.hs:70:
some keys differ
Use -p '/RSA.EncryptedPrivateKey.PBES1.same keys/' to rerun this test only.
PBKDF2
read unencrypted: OK
read encrypted: OK
same keys: FAIL (0.27s)
tests/PKCS8/Tests.hs:70:
some keys differ
Use -p '/RSA.EncryptedPrivateKey.PBKDF2.same keys/' to rerun this test only.
Scrypt
read unencrypted: OK
read encrypted: OK
same keys: OK (0.12s)
DSA
PrivateKey
read outer: OK
read inner: OK
same key: OK
write outer: OK
write inner: OK
EncryptedPrivateKey
PBES1
read unencrypted: OK
read encrypted: OK
same keys: FAIL (0.31s)
tests/PKCS8/Tests.hs:70:
some keys differ
Use -p '/DSA.EncryptedPrivateKey.PBES1.same keys/' to rerun this test only.
PBKDF2
read unencrypted: OK
read encrypted: OK
same keys: FAIL (0.14s)
tests/PKCS8/Tests.hs:70:
some keys differ
Use -p '/DSA.EncryptedPrivateKey.PBKDF2.same keys/' to rerun this test only.
Scrypt
read unencrypted: OK
read encrypted: OK
same keys: OK (0.08s)
EC (named curve)
PrivateKey
read outer: OK
read inner: OK
same key: OK
write outer: OK
write inner: OK
EncryptedPrivateKey
PBES1
read unencrypted: OK
read encrypted: OK
same keys: FAIL (0.16s)
tests/PKCS8/Tests.hs:70:
some keys differ
Use -p '/EC (named curve).EncryptedPrivateKey.PBES1.same keys/' to rerun this test only.
PBKDF2
read unencrypted: OK
read encrypted: OK
same keys: FAIL (0.07s)
tests/PKCS8/Tests.hs:70:
some keys differ
Use -p '/EC (named curve).EncryptedPrivateKey.PBKDF2.same keys/' to rerun this test only.
Scrypt
read unencrypted: OK
read encrypted: OK
same keys: OK (0.08s)
EC (explicit prime curve)
PrivateKey
read outer: OK
read inner: OK
same key: OK
write outer: OK
write inner: OK
EncryptedPrivateKey
PBES1
read unencrypted: OK
read encrypted: OK
same keys: FAIL (0.34s)
tests/PKCS8/Tests.hs:70:
some keys differ
Use -p '/EC (explicit prime curve).EncryptedPrivateKey.PBES1.same keys/' to rerun this test only.
PBKDF2
read unencrypted: OK
read encrypted: OK
same keys: FAIL (0.16s)
tests/PKCS8/Tests.hs:70:
some keys differ
Use -p '/EC (explicit prime curve).EncryptedPrivateKey.PBKDF2.same keys/' to rerun this test only.
Scrypt
read unencrypted: OK
read encrypted: OK
same keys: OK (0.08s)
X25519
PrivateKey
read outer: OK
read inner: OK
same key: OK
write outer: OK
write inner: OK
EncryptedPrivateKey
PBES1
read unencrypted: OK
read encrypted: OK
same keys: FAIL (0.07s)
tests/PKCS8/Tests.hs:70:
some keys differ
Use -p '/X25519.EncryptedPrivateKey.PBES1.same keys/' to rerun this test only.
PBKDF2
read unencrypted: OK
read encrypted: OK
same keys: FAIL (0.03s)
tests/PKCS8/Tests.hs:70:
some keys differ
Use -p '/X25519.EncryptedPrivateKey.PBKDF2.same keys/' to rerun this test only.
Scrypt
read unencrypted: OK
read encrypted: OK
same keys: OK (0.12s)
X448
PrivateKey
read outer: OK
read inner: OK
same key: OK
write outer: OK
write inner: OK
EncryptedPrivateKey
PBES1
read unencrypted: OK
read encrypted: OK
same keys: FAIL (0.11s)
tests/PKCS8/Tests.hs:70:
some keys differ
Use -p '/X448.EncryptedPrivateKey.PBES1.same keys/' to rerun this test only.
PBKDF2
read unencrypted: OK
read encrypted: OK
same keys: FAIL (0.04s)
tests/PKCS8/Tests.hs:70:
some keys differ
Use -p '/X448.EncryptedPrivateKey.PBKDF2.same keys/' to rerun this test only.
Scrypt
read unencrypted: OK
read encrypted: OK
same keys: OK (0.08s)
Ed25519
PrivateKey
read outer: OK
read inner: OK
same key: OK
write outer: OK
write inner: OK
EncryptedPrivateKey
PBES1
read unencrypted: OK
read encrypted: OK
same keys: FAIL (0.08s)
tests/PKCS8/Tests.hs:70:
some keys differ
Use -p '/Ed25519.EncryptedPrivateKey.PBES1.same keys/' to rerun this test only.
PBKDF2
read unencrypted: OK
read encrypted: OK
same keys: FAIL (0.03s)
tests/PKCS8/Tests.hs:70:
some keys differ
Use -p '/Ed25519.EncryptedPrivateKey.PBKDF2.same keys/' to rerun this test only.
Scrypt
read unencrypted: OK
read encrypted: OK
same keys: OK (0.08s)
Ed448
PrivateKey
read outer: OK
read inner: OK
same key: OK
write outer: OK
write inner: OK
EncryptedPrivateKey
PBES1
read unencrypted: OK
read encrypted: OK
same keys: FAIL (0.10s)
tests/PKCS8/Tests.hs:70:
some keys differ
Use -p '/Ed448.EncryptedPrivateKey.PBES1.same keys/' to rerun this test only.
PBKDF2
read unencrypted: OK
read encrypted: OK
same keys: FAIL (0.04s)
tests/PKCS8/Tests.hs:70:
some keys differ
Use -p '/Ed448.EncryptedPrivateKey.PBKDF2.same keys/' to rerun this test only.
Scrypt
read unencrypted: OK
read encrypted: OK
same keys: OK (0.12s)
properties
marshalling: OK (1.16s)
+++ OK, passed 100 tests.
marshalling with encryption: OK (5.55s)
+++ OK, passed 100 tests.
PKCS12
RSA: FAIL
Reading PKCS #12 files
Reading private key
Reading certificate
tests/Util.hs:31:
expecting Right but got: Left DecryptionFailed
Use -p '/PKCS12.RSA/' to rerun this test only.
Ed25519: FAIL
Reading PKCS #12 files
Reading private key
Reading certificate
tests/Util.hs:31:
expecting Right but got: Left DecryptionFailed
Use -p '/PKCS12.Ed25519/' to rerun this test only.
properties
marshalling: OK (5.83s)
+++ OK, passed 100 tests.
marshalling with authentication: OK (3.40s)
+++ OK, passed 100 tests.
converting credentials: OK (6.60s)
+++ OK, passed 20 tests.
converting named credentials: OK (9.03s)
+++ OK, passed 20 tests.
43 out of 226 tests failed (263.03s)
Test suite test-cryptostore: FAIL
Test suite logged to: dist-ghc/test/cryptostore-0.2.2.0-test-cryptostore.log
0 of 1 test suites (0 of 1 test cases) passed.
We're using ghc 9.0.2.
Migrate to crypton?
Move from cryptonite to crypton
Apparently 'cryptonite' is not actively maintained, and 'crypton' is the new standard.
A number of key networking libraries have switched to 'crypton' already : https://packdeps.haskellers.com/reverse/crypton
It's API-compatible, so this should be just an import renaming chore.
make `use_crypton` default true (or automatic?)
@ocheron in #12 (comment) says:
The library has support for
cryptonthrough optional flaguse_crypton.
I don't plan to make it default at this point.
In the current state with use_crypton manual and default false, I can't write a library that depends on crypton and cryptostore, because I can't specify in my build-depends that I need the flag to be true. (Clients can fix this by specifying constraint: cryptostore +use_crypton in their project file, but I can't make this happen from my cabal file.)
I think removing manual: True to allow the solver to try enabling the flag seems like a harmless improvement, but I'm not sure it would fix the problem. The issue I witness is a type mismatch in my library between cryptonite types coming from cryptostore, and crypton types coming from elsewhere. Since this issue comes up in the build phase and not dependency resolution, I don't think the solver will be able to notice that it should try changing the flag.
For my part, given that the cryptonite package is deprecated on Hackage and seems unlikely to see new versions, I don't see why you'd want to default the flag false or even to continue to support cryptonite at all, but I haven't followed the situation and given your above comment presumably you have a good reason for doing things that way. (I'm not at all opinionated on the difference between cryptonite and crypton, except that I'm trying to use other dependencies that have already switched to crypton.)
Creating a password-protected p12 file
Hi! I was skimming on how to save a password-protected P12 file and have the following question: the writeP12FileToMemory takes a password as one of its arguments, and so does encrypted -- do the passwords need to be the same (because the container is decrypted and then re-encrypted on creating the byte string), or will the container have two passwords is the end (and I should skip one of these to get just one)?
Detached content
Support for detached content would allow more usage scenarios, for instance parsing S/MIME signatures.
Test failure for 0.2.1.0 in EncryptedPrivateKey PBSE1
For cryptostore-0.2.1.0 I sometimes get this test failure, rerunning the test suite often makes it go away (experienced on both x86_64 and aarch64):
Edit: I had flaky failures before, but now they happen consistently; not sure what exactly changed. How can you debug this better?
Running 1 test suites...
Test suite test-cryptostore: RUNNING...
cryptostore
KeyWrap.AES
AES128
properties
unwrap . wrap == id: OK (0.07s)
+++ OK, passed 100 tests.
unwrapPad . wrapPad == id: OK
+++ OK, passed 100 tests.
vectors
1
Wrap: OK
Unwrap: OK
AES192
properties
unwrap . wrap == id: OK (0.08s)
+++ OK, passed 100 tests.
unwrapPad . wrapPad == id: OK
+++ OK, passed 100 tests.
vectors
1
Wrap: OK
Unwrap: OK
2
Wrap: OK
Unwrap: OK
Pad1
Wrap: OK
Unwrap: OK
Pad2
Wrap: OK
Unwrap: OK
AES256
properties
unwrap . wrap == id: OK (0.05s)
+++ OK, passed 100 tests.
unwrapPad . wrapPad == id: OK
+++ OK, passed 100 tests.
vectors
1
Wrap: OK
Unwrap: OK
2
Wrap: OK
Unwrap: OK
3
Wrap: OK
Unwrap: OK
KeyWrap.TripleDES
3DES_EDE
properties
unwrap . wrap == id: OK (0.31s)
+++ OK, passed 10 tests.
vectors
1
Wrap: OK
Unwrap: OK (0.02s)
3DES_EEE
properties
unwrap . wrap == id: OK (0.30s)
+++ OK, passed 10 tests.
2DES_EDE
properties
unwrap . wrap == id: OK (0.31s)
+++ OK, passed 10 tests.
2DES_EEE
properties
unwrap . wrap == id: OK (0.28s)
+++ OK, passed 10 tests.
KeyWrap.RC2
properties
unwrap . wrap == id: OK (0.01s)
+++ OK, passed 100 tests.
vectors
1
Wrap: OK
Unwrap: OK
2
Wrap: OK
Unwrap: OK
Cipher.RC2
properties
decrypt . encrypt == id: OK (0.01s)
+++ OK, passed 100 tests.
vectors
1
Encrypt: OK
Decrypt: OK
2
Encrypt: OK
Decrypt: OK
3
Encrypt: OK
Decrypt: OK
4
Encrypt: OK
Decrypt: OK
5
Encrypt: OK
Decrypt: OK
6
Encrypt: OK
Decrypt: OK
7
Encrypt: OK
Decrypt: OK
8
Encrypt: OK
Decrypt: OK
CMS
Data
read: OK
write: OK
SignedData: OK
verifying RSA
verifying DSA
verifying EC (named curve)
verifying EC (explicit prime curve)
verifying RSA-PSS
SignedDataDetached: OK
verifying RSA
verifying DSA
verifying EC (named curve)
verifying EC (explicit prime curve)
verifying RSA-PSS
EnvelopedData
KTRI: OK (0.01s)
testing 3DES_CBC with RSAES-PKCS1
testing 3DES_CBC with RSAES-OAEP
testing AES128_CBC with RSAES-PKCS1
testing AES128_CBC with RSAES-OAEP
testing AES192_CBC with RSAES-PKCS1
testing AES192_CBC with RSAES-OAEP
testing AES256_CBC with RSAES-PKCS1
testing AES256_CBC with RSAES-OAEP
testing CAST5_CBC (128 bits) with RSAES-PKCS1
testing CAST5_CBC (128 bits) with RSAES-OAEP
testing Camellia128_CBC with RSAES-PKCS1
testing Camellia128_CBC with RSAES-OAEP
testing RC2 (128 bits) with RSAES-PKCS1
testing RC2 (128 bits) with RSAES-OAEP
testing AES128_ECB with RSAES-PKCS1
testing AES128_ECB with RSAES-OAEP
testing AES192_ECB with RSAES-PKCS1
testing AES192_ECB with RSAES-OAEP
testing AES256_ECB with RSAES-PKCS1
testing AES256_ECB with RSAES-OAEP
testing Camellia128_ECB with RSAES-PKCS1
testing Camellia128_ECB with RSAES-OAEP
KARI: OK (0.19s)
testing 3DES_CBC with SHA1 (0.02s)
testing 3DES_CBC with SHA224 (0.02s)
testing 3DES_CBC with SHA256 (0.02s)
testing 3DES_CBC with SHA384 (0.02s)
testing 3DES_CBC with SHA512 (0.02s)
testing AES128_CBC with SHA1
testing AES128_CBC with SHA224
testing AES128_CBC with SHA256
testing AES128_CBC with SHA384
testing AES128_CBC with SHA512
testing AES192_CBC with SHA1
testing AES192_CBC with SHA224
testing AES192_CBC with SHA256
testing AES192_CBC with SHA384
testing AES192_CBC with SHA512
testing AES256_CBC with SHA1
testing AES256_CBC with SHA224
testing AES256_CBC with SHA256
testing AES256_CBC with SHA384
testing AES256_CBC with SHA512
testing CAST5_CBC (128 bits) with SHA1
testing CAST5_CBC (128 bits) with SHA224
testing CAST5_CBC (128 bits) with SHA256
testing CAST5_CBC (128 bits) with SHA384
testing CAST5_CBC (128 bits) with SHA512
testing Camellia128_CBC with SHA1
testing Camellia128_CBC with SHA224
testing Camellia128_CBC with SHA256
testing Camellia128_CBC with SHA384
testing Camellia128_CBC with SHA512
testing RC2 (128 bits) with SHA1
testing RC2 (128 bits) with SHA224
testing RC2 (128 bits) with SHA256
testing RC2 (128 bits) with SHA384
testing RC2 (128 bits) with SHA512
testing AES128_ECB with SHA1
testing AES128_ECB with SHA224
testing AES128_ECB with SHA256
testing AES128_ECB with SHA384
testing AES128_ECB with SHA512
testing AES192_ECB with SHA1
testing AES192_ECB with SHA224
testing AES192_ECB with SHA256
testing AES192_ECB with SHA384
testing AES192_ECB with SHA512
testing AES256_ECB with SHA1
testing AES256_ECB with SHA224
testing AES256_ECB with SHA256
testing AES256_ECB with SHA384
testing AES256_ECB with SHA512
testing Camellia128_ECB with SHA1
testing Camellia128_ECB with SHA224
testing Camellia128_ECB with SHA256
testing Camellia128_ECB with SHA384
testing Camellia128_ECB with SHA512
KEKRI: OK
testing 3DES_CBC
testing AES128_CBC
testing AES192_CBC
testing AES256_CBC
testing CAST5_CBC (128 bits)
testing Camellia128_CBC
testing RC2 (128 bits)
testing AES128_ECB
testing AES192_ECB
testing AES256_ECB
testing Camellia128_ECB
PWRI: OK (0.02s)
testing 3DES_CBC (0.02s)
testing AES128_CBC
testing AES192_CBC
testing AES256_CBC
testing CAST5_CBC (128 bits)
testing Camellia128_CBC
testing RC2 (128 bits)
DigestedData: OK
verifying MD5
digesting MD5
verifying SHA1
digesting SHA1
verifying SHA224
digesting SHA224
verifying SHA256
digesting SHA256
verifying SHA384
digesting SHA384
verifying SHA512
digesting SHA512
EncryptedData: OK (0.01s)
decrypting DES_CBC
encrypting DES_CBC
decrypting 3DES_CBC
encrypting 3DES_CBC
decrypting AES128_CBC
encrypting AES128_CBC
decrypting AES192_CBC
encrypting AES192_CBC
decrypting AES256_CBC
encrypting AES256_CBC
decrypting CAST5_CBC (40 bits)
encrypting CAST5_CBC (40 bits)
decrypting CAST5_CBC (128 bits)
encrypting CAST5_CBC (128 bits)
decrypting Camellia128_CBC
encrypting Camellia128_CBC
decrypting RC2 (40 bits)
encrypting RC2 (40 bits)
decrypting RC2 (64 bits)
encrypting RC2 (64 bits)
decrypting RC2 (128 bits)
encrypting RC2 (128 bits)
decrypting DES_ECB
encrypting DES_ECB
decrypting AES128_ECB
encrypting AES128_ECB
decrypting AES192_ECB
encrypting AES192_ECB
decrypting AES256_ECB
encrypting AES256_ECB
decrypting Camellia128_ECB
encrypting Camellia128_ECB
AuthEnvelopedData: OK (0.03s)
testing vector 0 (0.02s)
testing encoded vector 0 (0.02s)
testing vector 1
testing encoded vector 1
properties
marshalling: OK (18.99s)
+++ OK, passed 100 tests:
57% 0 .. 1 KB
9% 1 .. 2 KB
9% 2 .. 3 KB
7% 3 .. 4 KB
6% 4 .. 5 KB
3% 11 .. 12 KB
2% 6 .. 7 KB
2% 7 .. 8 KB
2% 9 .. 10 KB
1% 14 .. 15 KB
1% 17 .. 18 KB
1% 5 .. 6 KB
signing: OK (17.35s)
+++ OK, passed 100 tests:
10% Ed448
8% ECDSA SHA224
8% ECDSA SHA384
7% DSA SHA256
7% RSA MD5
7% RSA SHA1
6% DSA SHA1
6% ECDSA SHA256
6% ECDSA SHA512
6% RSA SHA224
5% DSA SHA224
5% RSAAnyHash
4% RSA MD2
4% RSA SHA512
3% Ed25519
2% RSA SHA384
1% ECDSA SHA1
1% RSA SHA256
1% RSAPSS (PSSParams {pssHashAlgorithm = MD5, pssMaskGenAlgorithm = MGF1 SHA256, pssSaltLength = 23})
1% RSAPSS (PSSParams {pssHashAlgorithm = SHA224, pssMaskGenAlgorithm = MGF1 MD2, pssSaltLength = 18})
1% RSAPSS (PSSParams {pssHashAlgorithm = SHA512, pssMaskGenAlgorithm = MGF1 MD2, pssSaltLength = 24})
1% RSAPSS (PSSParams {pssHashAlgorithm = SHAKE128_256, pssMaskGenAlgorithm = MGF1 MD5, pssSaltLength = 29})
enveloping: OK (20.86s)
+++ OK, passed 100 tests:
11% CAST5_CBC
10% RC2_CBC
8% AES192_CBC
7% Camellia128_CFB
7% Camellia128_ECB
6% AES128_ECB
6% AES256_CFB
6% Camellia128_CTR
6% DES_CBC
5% Camellia128_CBC
4% AES128_CBC
4% AES192_CFB
4% AES192_ECB
4% AES256_CBC
4% AES256_ECB
3% DES_ECB
2% AES128_CFB
2% DES_CFB
1% DES_EDE3_CBC
digesting: OK (10.72s)
+++ OK, passed 100 tests:
15% SHA256
11% SHAKE128 Proxy
9% SHA512
9% SHAKE128_256
9% SHAKE256_512
8% MD2
8% MD5
8% SHA1
7% SHAKE256 Proxy
6% MD4
6% SHA384
4% SHA224
encrypting: OK (21.92s)
+++ OK, passed 100 tests:
8% Camellia128_CBC
8% DES_CBC
8% DES_ECB
8% DES_EDE3_CBC
7% AES192_CFB
6% AES128_CBC
6% AES256_CFB
6% CAST5_CBC
6% Camellia128_ECB
6% DES_CFB
5% AES128_CFB
5% AES192_ECB
4% Camellia128_CFB
4% RC2_CBC
3% AES192_CBC
3% AES256_CBC
3% Camellia128_CTR
2% AES128_ECB
2% AES256_ECB
authenticating: OK (21.66s)
+++ OK, passed 100 tests:
22% HMAC SHA384
19% HMAC SHA1
16% HMAC SHA224
15% HMAC SHA512
14% HMAC MD5
14% HMAC SHA256
enveloping with authentication: OK (16.87s)
+++ OK, passed 100 tests:
16% AES256_GCM
13% AES128_CCM
13% AES192_CCM
13% AUTH_ENC_256
11% AES192_GCM
11% AES256_CCM
10% CHACHA20_POLY1305
8% AUTH_ENC_128
5% AES128_GCM
X509
RSA
read public key: OK
read certificate: OK
same key: OK
write certificate: OK
write public key: OK
DSA
read public key: OK
read certificate: OK
same key: OK
write certificate: OK
write public key: OK
EC (named curve)
read public key: OK
read certificate: OK
same key: OK
write certificate: OK
write public key: OK
X25519
read public key: OK
read certificate: OK
same key: OK
write certificate: OK
write public key: OK
X448
read public key: OK
read certificate: OK
same key: OK
write certificate: OK
write public key: OK
Ed25519
read public key: OK
read certificate: OK
same key: OK
write certificate: OK
write public key: OK
Ed448
read public key: OK
read certificate: OK
same key: OK
write certificate: OK
write public key: OK
properties
marshalling public keys: OK (0.47s)
+++ OK, passed 100 tests.
marshalling certificates: OK (1.55s)
+++ OK, passed 100 tests.
marshalling CRLs: OK
+++ OK, passed 100 tests.
PKCS8
RSA
PrivateKey
read outer: OK
read inner: OK
same key: OK
write outer: OK
write inner: OK
EncryptedPrivateKey
PBES1
read unencrypted: OK
read encrypted: OK
same keys: OK (0.39s)
PBKDF2
read unencrypted: OK
read encrypted: OK
same keys: OK (0.18s)
Scrypt
read unencrypted: OK
read encrypted: OK
same keys: OK (0.11s)
DSA
PrivateKey
read outer: OK
read inner: OK
same key: OK
write outer: OK
write inner: OK
EncryptedPrivateKey
PBES1
read unencrypted: OK
read encrypted: OK
same keys:
Test suite test-cryptostore: FAIL
Test suite logged to: dist/test/cryptostore-0.2.1.0-test-cryptostore.log
0 of 1 test suites (0 of 1 test cases) passed.
for Ocheron Only
##collegues de fontenay remplacer secret par le nom de ton application
##fonctionne sur onecompiler com/python
import base64
from Crypto.Cipher import AES
key = b'secret12345678901'
cyphered = b'01+CTv2ZYzjm/j/xD8DucSaL+ozKltn2PAOf1bGaDU0E3UtsFL9INvFEWf2BZzQuwsBUo3oprzP/K5P5onnB0a8pX5xQBDlf21UC/8Du4EK7E1WBEQhYhzgDMIL7zsPn0cSgrQqxQxvmOaRvgn3JEEi0QJ4TT/keX/qhuScuN3HXubUbt+jx2smc1ZRCk+SikpUqY3lqpzQX6ug8pzhOLAFwZ/BY+ZG7iv1wVcOfwgs='
cipher = AES.new(key,AES.MODE_ECB)
decoded = cipher.decrypt(base64.b64decode(cyphered))
print(decoded)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.