pysap.utils.crypto package

class pysap.utils.crypto.PBKDF1(algorithm, length, salt, iterations, backend)[source]

Bases: object

derive(key_material)[source]
verify(key_material, expected_key)[source]
class pysap.utils.crypto.PKCS12_PBES1(salt, iterations, iv, password, hash_algorithm, enc_algorithm, enc_mode, backend)[source]

Bases: object

decrypt(cipher_text)[source]
derive_key(salt, iterations, password)[source]
encrypt(plain_text)[source]
class pysap.utils.crypto.PKCS12_PBKDF1(algorithm, length, salt, iterations, id, backend)[source]

Bases: object

derive(password)[source]
verify(key_material, expected_key)[source]
class pysap.utils.crypto.SCRAM(backend)[source]

Bases: object

Base interface for implementing SCRAM password schemes.

ALGORITHM = None
CLIENT_KEY_SIZE = 64
CLIENT_PROOF_SIZE = 32
get_client_key()[source]

Returns a client key to be used during the handshake.

salt_key(password, salt, rounds)[source]
scramble_salt(password, salt, server_key, client_key, rounds=None)[source]

Scrambles a given salt using the specified server key.

xor(a, b)[source]

XOR two strings

class pysap.utils.crypto.SCRAM_MD5(backend)[source]

Bases: pysap.utils.crypto.SCRAM

SCRAM scheme using MD5 as the hashing algorithm.

ALGORITHM

alias of cryptography.hazmat.primitives.hashes.MD5

class pysap.utils.crypto.SCRAM_PBKDF2SHA256(backend)[source]

Bases: pysap.utils.crypto.SCRAM_SHA256

SCRAM scheme using PBKDF2 with SHA256

salt_key(password, salt, rounds)[source]
class pysap.utils.crypto.SCRAM_SHA256(backend)[source]

Bases: pysap.utils.crypto.SCRAM

SCRAM scheme using SHA256 as the hashing algorithm.

ALGORITHM

alias of cryptography.hazmat.primitives.hashes.SHA256

pysap.utils.crypto.dpapi_decrypt_blob(blob, entropy=None)[source]

Decrypts a blob of data using DPAPI.

Parameters:
  • blob (string) – encrypted blob to decrypt
  • entropy (string) – additional entropy to use to decrypt
Returns:

decrypted blob
Return type:

string
Raises:

Exception – if the platform is not Windows or the decryption failed
pysap.utils.crypto.rsec_decrypt(blob, key)[source]

Decrypts a blob of data using SAP’s RSEC decryption algorithm. The algorithm is based on the TripleDES.

The decryption method is used in SSFS but also as part of other encryption schemes (e.g. RSECTAB), hence implemented in the crypto library instead of the particular layer.

Parameters:
  • blob (bytes) – encrypted blob to decrypt
  • key (bytes) – key to use to decrypt
Returns:

decrypted blob
Return type:

bytes
Raises:

Exception – if decryption failed