0

I'm attempting to transfer a public key object into pickle form from a client.py, then transfer it over a socket stream, and then reopen it back up in a server.py.

I'm getting a ImportError: No module named DS on the server side when I try opening the stream up via publicKey = pickle.loads(command[4]). Here's the full error: 

(iCrypto.PublicKey.DSA
Traceback (most recent call last):
  File "server.py", line 148, in <module>
    main()
  File "server.py", line 56, in main
    publicKey = pickle.loads(command[4])
  File "/usr/lib/python2.7/pickle.py", line 1388, in loads
    return Unpickler(file).load()
  File "/usr/lib/python2.7/pickle.py", line 864, in load
    dispatch[key](self)
  File "/usr/lib/python2.7/pickle.py", line 1075, in load_inst
    klass = self.find_class(module, name)
  File "/usr/lib/python2.7/pickle.py", line 1130, in find_class
    __import__(module)
ImportError: No module named DS

The key object this:

    import Crypto.PublicKey.RSA as RSA
import Crypto.PublicKey.DSA as DSA
import Crypto.Util.number as CUN
from Crypto.Cipher import PKCS1_OAEP
import os

# Generates a new set of keys for the session
def GeneratesKeys():
          return RSA.generate(1024, os.urandom)

And heres the actual code:

server.py

 data = s.recv(1024)
 if data:
      command = data.split()

  if command[0] == "message":
    print command[1] + " & " + command[2] +  " have been invited!"

    alg = command[3]

    print "test"
    print command[4]

    import pickle
    publicKey = pickle.loads(command[4])
    print publicKey

       # Encrypt symmetric key w/ user's public key
       pvtPubKeys.EncryptMessages(symmetricKey, publicKey, alg)

client.py

     import pickle
        pubKey = pickle.dumps(account.publicKey)
        print account.publicKey
        # Invited user sends other info to server
         s.sendall("message" + " " + myUsername + " " + theirUsername + " " + choice + " " + pubKey)

Can you help me out here? Thanks.

Mark Tolonen
  • 166,664
  • 26
  • 169
  • 251
Klaviam
  • 1
  • 2
  • 1
    I recommend using `pycryptdomex` install of `crypto`. see: https://stackoverflow.com/questions/48155294/what-is-pycryptodomex-and-how-does-it-differ-from-pycryptodome – Waket Zheng May 22 '19 at 02:59

1 Answers1

1

I'm attempting to transfer a public key object into pickle form from a client.py, then transfer it over a socket stream, and then reopen it back up in a server.py.

Don't do this.

pickle is not secure for client-server applications. A malicious client may be able to execute arbitrary Python code on your server by sending a crafted pickle string.

If you need to transmit a key over the network, export the key in a standard format like DER or PEM:

# in client
private_key = RSA.generate(1024)
public_key = private_key.publickey()
exported_public_key = public_key.exportKey(format='DER')

# in server
public_key = RSA.importKey(exported_public_key)

(cribbed from this answer)