# HG changeset patch # User Marcin Kuzminski # Date 2019-02-25 21:49:45 # Node ID d8bf39a600dc166be50db0d46cde3e788d255a6b # Parent 66982ec641cbaa4a466d2fdcf9f43beb24c0103c ssh: replaced pycrypto with cryptography to generate SSH keys. - pycrypto has been removed now - pycrypto has CVEs and it's deprecated diff --git a/rhodecode/model/ssh_key.py b/rhodecode/model/ssh_key.py --- a/rhodecode/model/ssh_key.py +++ b/rhodecode/model/ssh_key.py @@ -24,10 +24,15 @@ import traceback import sshpubkeys import sshpubkeys.exceptions +from cryptography.hazmat.primitives.asymmetric import rsa +from cryptography.hazmat.primitives import serialization as crypto_serialization +from cryptography.hazmat.backends import default_backend as crypto_default_backend + from rhodecode.model import BaseModel from rhodecode.model.db import UserSshKeys from rhodecode.model.meta import Session + log = logging.getLogger(__name__) @@ -62,16 +67,24 @@ class SshKeyModel(BaseModel): raise def generate_keypair(self, comment=None): - from Crypto.PublicKey import RSA - - key = RSA.generate(2048) - private = key.exportKey('PEM') - pubkey = key.publickey() - public = pubkey.exportKey('OpenSSH') + key = rsa.generate_private_key( + backend=crypto_default_backend(), + public_exponent=65537, + key_size=2048 + ) + private_key = key.private_bytes( + crypto_serialization.Encoding.PEM, + crypto_serialization.PrivateFormat.PKCS8, + crypto_serialization.NoEncryption()) + public_key = key.public_key().public_bytes( + crypto_serialization.Encoding.OpenSSH, + crypto_serialization.PublicFormat.OpenSSH + ) + if comment: - public = public + " " + comment - return private, public + public_key = public_key + " " + comment + return private_key, public_key def create(self, user, fingerprint, key_data, description): """