Ejemplo n.º 1
0
    def setUpClass(cls):
        cls.public_ip = '123.45.67.89'
        cls.port = 12345
        cls.own_addr = (cls.public_ip, cls.port)
        cls.addr1 = ('132.54.76.98', 54321)
        cls.addr2 = ('231.76.45.89', 15243)
        cls.privkey1_hex = '71d1054068b224a4d9013104881dc7f46c6fec9a618f4574ae21059723e6c4f8'
        cls.privkey1 = public.PrivateKey(cls.privkey1_hex,
                                         encoder=encoding.HexEncoder)
        cls.pubkey1 = cls.privkey1.public_key
        cls.pubkey1_bytes = cls.pubkey1.encode(encoder=encoding.RawEncoder)

        cls.privkey2_hex = '4c107b7844368d0fb608f3d91ae194f2d62c7ff91b713e5b05c279e8b7fc61b3'
        cls.privkey2 = public.PrivateKey(cls.privkey2_hex,
                                         encoder=encoding.HexEncoder)
        cls.pubkey2 = cls.privkey2.public_key
        cls.pubkey2_bytes = cls.pubkey2.encode(encoder=encoding.RawEncoder)

        cls.remote_crypto_box = public.Box(cls.privkey2, cls.pubkey1)
        cls.nonce = utils.random(cls.remote_crypto_box.NONCE_SIZE)

        cls.local_crypto_box = public.Box(cls.privkey1, cls.pubkey2)

        cls.privkey3_hex = '40246691a4362a220606dd302b03e992b5b5fe21026377fa56c9fe3f5afbcbd0'
        cls.privkey3 = public.PrivateKey(cls.privkey3_hex,
                                         encoder=encoding.HexEncoder)
        cls.pubkey3 = cls.privkey3.public_key
        cls.pubkey3_bytes = cls.pubkey3.encode(encoder=encoding.RawEncoder)

        cls.other_crypto_box = public.Box(cls.privkey3, cls.pubkey1)
Ejemplo n.º 2
0
def decryptDict(dct, signingPrivateKey, realPrivateKey, realPublicKey):
    """decrypt all values in a dictionary

    Assumes all values in a dictionary are base64ed encrypted with realPublicKey,
    and signed with signingPrivateKey, and decrypt them with realPrivateKey.
    If realPrivateKey and realPublicKey do not correspond to each other,
    or any value in the dictionary is not signed and encrypted correctly,
    an exception is raised.

    :param dct: encrypted dictionary
    :type dct: dictionary with string values and keys
    :param signingPrivateKey: base64 encoded NaCl private key
    :type signingPrivateKey: string
    :param realPrivateKey: base64 encoded NaCl private key
    :type realPrivateKey: string
    :param realPublicKey: base64 encoded NaCl private key
    :type realPublicKey: string
    :rtype: dictionary with string values and keys
    """
    signingPrivateKey = npublic.PrivateKey(
        base64.decodestring(signingPrivateKey))
    signingPublicKey = signingPrivateKey.public_key
    realPrivateKey = npublic.PrivateKey(base64.decodestring(realPrivateKey))
    realPublicKey = npublic.PublicKey(base64.decodestring(realPublicKey))
    if realPrivateKey.public_key.encode() != realPublicKey.encode():
        raise ValueError('private key and public key do not match',
                         realPrivateKey.public_key, realPublicKey)
    box = npublic.Box(realPrivateKey, signingPublicKey)
    ret = {}
    for key, value in six.iteritems(dct):
        decodedValue = base64.decodestring(value)
        decryptedValue = box.decrypt(decodedValue)
        ret[key] = decryptedValue
    return ret
Ejemplo n.º 3
0
def del_(addr, fil):
    pkr = requests.get(addr + "/pk", verify=False)
    sk = pkr.json()["key"]

    mypub, mysec, nospam = read_tox(fil)
    check = _compute_checksum(mypub + nospam)
    print("kotone: Deleting {0} from server.".format(mypub, check))
    inner = json.dumps({
        "public_key": mypub,  # Public key
        "timestamp": int(time.time())  # Timestamp
    })

    k = crypto.PrivateKey(mysec, crypto_encode.HexEncoder)
    nonce = os.urandom(crypto.Box.NONCE_SIZE)
    b = crypto.Box(k, crypto.PublicKey(sk, crypto_encode.HexEncoder))
    msg = b.encrypt(inner.encode("utf8"), nonce, crypto_encode.Base64Encoder)

    payload = json.dumps({
        "action":
        2,
        "public_key":
        mypub,
        "encrypted":
        msg.ciphertext.decode("utf8"),
        "nonce":
        crypto_encode.Base64Encoder.encode(nonce).decode("utf8")
    })
    resp = requests.post(addr + "/api", data=payload, verify=False)
    a = resp.json()
    if a["c"] == 0:
        print("\033[32mOK:\033[0m record deleted. "
              "It may take a minute to update.")
    else:
        print("\033[32mFailed:\033[0m {0}".format(a["c"]))
Ejemplo n.º 4
0
 def post(self, request):
     form = USF(request.POST)
     if not form.is_valid():
         raise RuntimeError("Invalid HTML Form submitted")
     password = form.cleaned_data['password']
     pseudonym = form.cleaned_data['pseudonym']
     kdf = KDF(
         algorithm=hashes.Whirlpool(),
         length=int(
             32 + 32),  # 32: Edwards25519 seed, second 32: Curve25519 seed
         salt=whirlpool(pseudonym.encode()),
         iterations=int(1e6),
         backend=default_backend())
     key = kdf.derive(password.encode())
     edkey = signfool.SigningKey(
         key[0:32]
     )  # Use the first 32-bytes of the derived key as Edwards25519 seed
     cvkp = pubfool.PrivateKey(
         key[32:64])  # Use the second half as Curve25519 seed
     try:
         sig = db.get('gks').sign(cvkp.public_key.encode(encoder=b64))
     except KeyError:
         return render(request, 'freakedup.html',
                       {'err': "You are not part of a group, yet"})
     db.set("user-edkeys", edkey)
     db.set("user-cvkeys", cvkp)
     db.set("user-keysig", sig)
     edkey_fingerprint = base64.b64encode(whirlpool(
         edkey._signing_key)).decode()
     cvkey_fingerprint = base64.b64encode(whirlpool(
         cvkp._private_key)).decode()
     ctx = dict(edkey_fp=edkey_fingerprint,
                cvkey_fp=cvkey_fingerprint,
                sig=base64.b64encode(sig).decode())
     return render(request, 'user.post.html', ctx)
Ejemplo n.º 5
0
def get_public_key(secret_pass):
    # 1. hex string to bytes
    # 2. sha256 as bytes
    # 3. curve25519 keygen .p (?)
    # 4. byte array to hex string
    secret_pass_as_hex = secret_pass
    if not conv.is_hex(secret_pass):
        secret_pass_as_hex = conv.string_to_hex_string(secret_pass)
    b = conv.hex_string_to_bytes(secret_pass_as_hex)
    bh = simple_hash(b)
    pub = curve25519.PrivateKey(bh).public_key._public_key  # as bytes
    return conv.bytearray_to_hex_string(pub)
Ejemplo n.º 6
0
 def __init__(self):
     """Load or initialize crypto keys."""
     try:
         with open("key", "rb") as keys_file:
             keys = keys_file.read()
     except IOError:
         keys = None
     if keys:
         self.pkey = public.PrivateKey(keys, STORE_ENC)
     else:
         kp = public.PrivateKey.generate()
         with open("key", "wb") as keys_file:
             keys_file.write(kp.encode(STORE_ENC))
         self.pkey = kp
Ejemplo n.º 7
0
    def __init__(self, secret_key: Optional[Union[bytes, str, List[int], int]] = None):
        """Create a new Account object.

        :pararm secret_key: Secret key for the account.
        """
        key: Optional[bytes] = None
        if isinstance(secret_key, int):
            key = bytes(PublicKey(secret_key))
        if isinstance(secret_key, list):
            key = bytes(secret_key)
        elif isinstance(secret_key, str):
            key = bytes(secret_key, encoding="utf-8")
        elif isinstance(secret_key, bytes):
            key = secret_key

        self._secret = public.PrivateKey(key) if key else public.PrivateKey.generate()
Ejemplo n.º 8
0
def encrypt(value, signingPrivateKey, realPublicKey):
    """encrypt and sign a value, and base64-encode the result

    :param value: a secret
    :type value: string
    :param signingPrivateKey: base64 encoded NaCl private key
    :type signingPrivateKey: string
    :param realPublicKey: base64 encoded NaCl private key
    :type realPublicKey: string
    :rtype: string
    """
    signingPrivateKey = npublic.PrivateKey(
        base64.decodestring(signingPrivateKey))
    realPublicKey = npublic.PublicKey(base64.decodestring(realPublicKey))
    box = npublic.Box(signingPrivateKey, realPublicKey)
    nonce = nutils.random(npublic.Box.NONCE_SIZE)
    encrypted = box.encrypt(value, nonce)
    encoded = base64.encodestring(encrypted)
    oneline = ''.join(encoded.splitlines())
    return oneline
Ejemplo n.º 9
0
    def __init__(self,
                 proto,
                 handler,
                 own_addr,
                 dest_addr,
                 relay_addr=None,
                 private_key=None):
        """
        Create a new connection and register it with the protocol.

        Args:
            proto: Handler to underlying protocol.
            handler: Upstream recipient of received messages and
                handler of other events. Should minimally implement
                `receive_message` and `handle_shutdown`.
            own_addr: Tuple of local host address (ip, port).
            dest_addr: Tuple of remote host address (ip, port).
            relay_addr: Tuple of relay host address (ip, port).
            private_key: A private key for Curve25519, as a
                hex-encoded public.PrivateKey. The instance will
                automatically generate a new such key if one is not
                provided.

        If a relay address is specified, all outgoing packets are
        sent to that adddress, but the packets contain the address
        of their final destination. This is used for routing.
        """
        super(CryptoConnection, self).__init__(proto, handler, own_addr,
                                               dest_addr, relay_addr)

        if private_key is None:
            self._private_key = public.PrivateKey.generate()
        else:
            self._private_key = public.PrivateKey(private_key,
                                                  encoder=encoding.HexEncoder)
        self._public_key = self._private_key.public_key
        self._crypto_box = None
        self._remote_public_key = None

        self._left_nonce_bytes = utils.random(public.Box.NONCE_SIZE // 2)
Ejemplo n.º 10
0
    def __init__(self,
                 secret_key: Optional[Union[bytes, str, List[int],
                                            int]] = None):
        """Create a new Account object.

        :pararm secret_key: Secret key for the account.
        """
        warn(
            "solana.account.Account is deprecated, please use solana.keypair.KeyPair",
            category=DeprecationWarning)
        key: Optional[bytes] = None
        if isinstance(secret_key, int):
            key = bytes(PublicKey(secret_key))
        if isinstance(secret_key, list):
            key = bytes(secret_key)
        elif isinstance(secret_key, str):
            key = bytes(secret_key, encoding="utf-8")
        elif isinstance(secret_key, bytes):
            key = secret_key

        self._secret = public.PrivateKey(
            key) if key else public.PrivateKey.generate()
Ejemplo n.º 11
0
def decrypt_key(private_key):
    password = getpass.getpass()

    with open(private_key, 'r') as in_file:
        salt = in_file.read(16)
        in_file.seek(16)
        encrypted = in_file.read(72)
        in_file.seek(88)
        mem = int(in_file.read())

    key = kdf(secret.SecretBox.KEY_SIZE,
              password,
              salt,
              opslimit=ops,
              memlimit=mem)
    box = secret.SecretBox(key)

    loaded_private_key = box.decrypt(encrypted)

    loaded_private_key = public.PrivateKey(loaded_private_key,
                                           encoder=encoding.RawEncoder)

    return loaded_private_key
Ejemplo n.º 12
0
def push(addr, name, bio, fil):
    pkr = requests.get(addr + "/pk", verify=False)
    sk = pkr.json()["key"]

    mypub, mysec, nospam = read_tox(fil)
    check = _compute_checksum(mypub + nospam)
    print("kotone: Publishing {0}/{1} to server.".format(mypub, check))
    inner = json.dumps({
        "tox_id": mypub + nospam + check,  # Public key + checksum
        "name": name,  # Desired name
        "privacy": 1,  # Privacy level (1 or higher appears in FindFriends)
        "bio": bio.strip(),  # Bio (quote displayed on web)
        "timestamp": int(time.time())  # A timestamp near the server's time
    })

    k = crypto.PrivateKey(mysec, crypto_encode.HexEncoder)
    nonce = os.urandom(crypto.Box.NONCE_SIZE)
    b = crypto.Box(k, crypto.PublicKey(sk, crypto_encode.HexEncoder))
    msg = b.encrypt(inner.encode("utf8"), nonce, crypto_encode.Base64Encoder)

    payload = json.dumps({
        "action":
        1,  # Action number
        "public_key":
        mypub,  # Public key
        "encrypted":
        msg.ciphertext.decode("utf8"),  # Encrypted payload base64 (above)
        "nonce":
        crypto_encode.Base64Encoder.encode(nonce).decode("utf8")  # b64
    })
    resp = requests.post(addr + "/api", data=payload, verify=False)
    a = resp.json()
    if a["c"] == 0:
        print("\033[32mOK:\033[0m record successfully published.")
        print("Password is '{0}'.".format(a["password"]))
    else:
        print("\033[32mFailed:\033[0m {0}".format(a["c"]))
Ejemplo n.º 13
0
 def post(self, request):
     form = GSF(request.POST)
     pubk = None
     privk = None
     pubfp = None
     privfp = None
     edseed = None
     if not form.is_valid():
         raise RuntimeError("Invalid HTML form submitted")
     seed = form.cleaned_data['seed']
     if seed == 'none':
         gke = pubfool.PrivateKey.generate()
         gks = signfool.SigningKey.generate()
         db.set('gke', gke)
         db.set('gks', gks)
         seed = base64.b64encode(
             json.dumps(
                 dict(gke={
                     'public_key':
                     base64.b64encode(gke.public_key._public_key).decode(),
                     'private_key':
                     base64.b64encode(gke._private_key).decode()
                 },
                      gks={'seed': base64.b64encode(gks._seed).decode()
                           })).encode()).decode()
         pubk = gke.public_key._public_key
         privk = gke._private_key
         edseed = gks._seed
         sk = gks.verify_key.encode(encoder=b64)
         ek = gke.public_key.encode(encoder=b64)
         gkfp = base64.b64encode(whirlpool(sk + ek))
         db.set('gkfp', gkfp.decode())
         sendgroup(gkfp, sk, ek)
     else:
         seed = base64.b64decode(seed).decode()
         seed = json.loads(seed)
         # Format of seed:
         # {'public_key': 'base64-encoded PublicKey', 'private_key': 'base64-encoded PrivateKey'}
         pub = pubk = base64.b64decode(seed['gke']['public_key'])
         if len(pub) != 32:
             return "Error: Public key's length should be 32 bytes, check your input"
         priv = privk = base64.b64decode(seed['gke']['private_key'])
         if len(priv) != 32:
             return "Error: Private key's length should be 32 bytes, check your input tool"
         # Construct a PublicKey object
         pub = pubfool.PublicKey(pub)
         # Construct a Private Key object
         priv = pubfool.PrivateKey(priv)
         priv.public_key = pub
         edseed = base64.b64decode(seed['gks']['seed'])
         gks = signfool.SigningKey(seed=edseed)
         sk = gks.verify_key.encode(encoder=b64)
         ek = priv.public_key.encode(encoder=b64)
         gkfp = base64.b64encode(whirlpool(sk + ek))
         # Save the key
         db.set('gke', priv)
         db.set('gks', gks)
         db.set('gkfp', gkfp.decode())
         # I think it's already sent to the server because it was off a seed
         # Create a seed
     pubfp = base64.b64encode(whirlpool(pubk)).decode()
     privfp = base64.b64encode(whirlpool(privk)).decode()
     edseed = base64.b64encode(whirlpool(edseed)).decode()
     return render(request, 'group.post.html', {
         'edseed': edseed,
         'pubfp': pubfp,
         'privfp': privfp,
         'seed': seed,
     })
Ejemplo n.º 14
0
def curve25519_pub_from_seed(seed):
    return curve25519.PrivateKey(seed).public_key