def get_tz_priv(coin, path): session_id = bytes.fromhex(environ.get('TZ_SESSIONID', '')) if trezor and len(session_id) == 32: device = get_transport() client = TrezorClient(transport=device, ui=ClickUI(), session_id=session_id) n_path = parse_path( "m/10065'/0'") # Logical path for BIP0065 operation info = get_public_node(client, n_path, coin_name=coin) side, pubkey = (info.node.public_key[0], info.node.public_key[1:]) left = True if side == 2 else False print("seed", b2x(pubkey), side) priv = encrypt_keyvalue(client, n_path, path, pubkey, ask_on_decrypt=side, ask_on_encrypt=False) client.close() print("priv", b2x(priv), left) is_valid(priv) return CBitcoinSecret.from_secret_bytes(priv) else: print("trezorlib must be available") print("see: https://pypi.org/project/trezor/") print("TZ_SESSIONID enviroinment variable required") print("See: trezorctl get-session --help") sys.exit(2)
def encrypt(ctrl, hw_session: HwSessionInfo, bip32_path_n: List[int], label: str, value: bytearray): ctrl.dlg_config_fun(dlg_title="Data encryption", show_progress_bar=False) ctrl.display_msg_fun(f'<b>Encrypting \'{label}\'...</b>' f'<br><br>Enter the hardware wallet PIN/passphrase (if needed) to encrypt data.<br><br>' f'<b>Note:</b> encryption passphrase is independent from the wallet passphrase <br>' f'and can vary for each encrypted file.') if hw_session.hw_type == HWType.trezor: from trezorlib import misc, btc client = hw_session.hw_client data = misc.encrypt_keyvalue(client, bip32_path_n, label, value, ask_on_encrypt, ask_on_decrypt) pub_key = btc.get_public_node(client, bip32_path_n).node.public_key return data, pub_key elif hw_session.hw_type == HWType.keepkey: client = hw_session.hw_client data = client.encrypt_keyvalue(bip32_path_n, label, value, ask_on_encrypt, ask_on_decrypt) pub_key = client.get_public_node(bip32_path_n).node.public_key return data, pub_key elif hw_session.hw_type == HWType.ledger_nano_s: raise Exception('Feature not available for Ledger Nano S.') else: raise Exception('Invalid HW type: ' + str(hw_session))
def encrypt(type, domain, secret): transport = get_transport() client = TrezorClient(transport, ClickUI()) dom = type.upper() + ": " + domain enc = encrypt_keyvalue(client, BIP32_PATH, dom, secret.encode(), False, True) client.close() return enc.hex()
def getMasterKey(client: TrezorClient) -> str: bip32_path = BIP32_PATH ENC_KEY = "Activate TREZOR Password Manager?" ENC_VALUE = bytes.fromhex( "2d650551248d792eabf628f451200d7f51cb63e46aadcbb1038aacb05e8c8aee2d650551248d792eabf628f451200d7f51cb63e46aadcbb1038aacb05e8c8aee" ) key = misc.encrypt_keyvalue(client, bip32_path, ENC_KEY, ENC_VALUE, True, True) return key.hex()
def encrypt(type, domain, secret): transport = get_transport() client = TrezorClient(transport, ClickUI()) dom = type.upper() + ": " + domain enc = encrypt_keyvalue(client, BIP32_PATH, dom, secret.encode(), False, True) client.close() return enc.hex()
def __decryptMasterKey(self): self.__getClient() ENC_KEY = 'Activate TREZOR Password Manager?' ENC_VALUE = bytes.fromhex( '2d650551248d792eabf628f451200d7f51cb63e46aadcbb1038aacb05e8c8aee2d650551248d792eabf628f451200d7f51cb63e46aadcbb1038aacb05e8c8aee' ) key = misc.encrypt_keyvalue(self.client, BIP32_PATH, ENC_KEY, ENC_VALUE, True, True) return key.hex()
def getMasterKey(client): bip32_path = BIP32_PATH ENC_KEY = 'Activate TREZOR Password Manager?' ENC_VALUE = bytes.fromhex('2d650551248d792eabf628f451200d7f51cb63e46aadcbb1038aacb05e8c8aee2d650551248d792eabf628f451200d7f51cb63e46aadcbb1038aacb05e8c8aee') key = misc.encrypt_keyvalue( client, bip32_path, ENC_KEY, ENC_VALUE, True, True ) return key.hex()
def getEncryptedNonce(self, entry, entropy): self.__getClient() if 'item' in entry: item = entry['item'] else: item = entry['title'] pr = urlparse(item) if pr.scheme and pr.netloc: item = pr.netloc ENC_KEY = 'Unlock %s for user %s?' % (item, entry['username']) ENC_VALUE = hashlib.sha256(entropy).digest() encrypted_nonce = misc.encrypt_keyvalue(self.client, BIP32_PATH, ENC_KEY, bytes.fromhex(ENC_VALUE.hex()), False, True) return encrypted_nonce.hex()
def encrypt_item(self, key, value): u"""Encrypt the given value using the connected Trezor.""" trezor = self.find_trezor() address_n = tools.parse_path(self.BIP_ADDRESS) nonce = os.urandom(self.ITEM_NONCE_SIZE) nonce_key = 'Decrypt key {}?'.format(key) encrypted_nonce = bytes( misc.encrypt_keyvalue(trezor, address_n, nonce_key, nonce, ask_on_encrypt=False, ask_on_decrypt=True)) encrypted_value = aes_gcm_encrypt(nonce, value.encode()) trezor.close() return encrypted_nonce, encrypted_value
def _generate_master_key(self): """Returns the key for aes file encryption. To generate a unique and deterministic encryption key, we simply encrypt a constant value using the Trezor. """ trezor = self.find_trezor() address_n = tools.parse_path(self.BIP_ADDRESS) key = bytes( misc.encrypt_keyvalue(trezor, address_n, self.MASTER_ENC_KEY, self.MASTER_ENC_VAL, ask_on_encrypt=True, ask_on_decrypt=True)) return key
def test_encrypt(client: Client): res = misc.encrypt_keyvalue( client, [0, 1, 2], "test", b"testing message!", ask_on_encrypt=True, ask_on_decrypt=True, ) assert res.hex() == "676faf8f13272af601776bc31bc14e8f" res = misc.encrypt_keyvalue( client, [0, 1, 2], "test", b"testing message!", ask_on_encrypt=True, ask_on_decrypt=False, ) assert res.hex() == "5aa0fbcb9d7fa669880745479d80c622" res = misc.encrypt_keyvalue( client, [0, 1, 2], "test", b"testing message!", ask_on_encrypt=False, ask_on_decrypt=True, ) assert res.hex() == "958d4f63269b61044aaedc900c8d6208" res = misc.encrypt_keyvalue( client, [0, 1, 2], "test", b"testing message!", ask_on_encrypt=False, ask_on_decrypt=False, ) assert res.hex() == "e0cf0eb0425947000eb546cc3994bc6c" # different key res = misc.encrypt_keyvalue( client, [0, 1, 2], "test2", b"testing message!", ask_on_encrypt=True, ask_on_decrypt=True, ) assert res.hex() == "de247a6aa6be77a134bb3f3f925f13af" # different message res = misc.encrypt_keyvalue( client, [0, 1, 2], "test", b"testing message! it is different", ask_on_encrypt=True, ask_on_decrypt=True, ) assert (res.hex() == "676faf8f13272af601776bc31bc14e8f3ae1c88536bf18f1b44f1e4c2c4a613d") # different path res = misc.encrypt_keyvalue( client, [0, 1, 3], "test", b"testing message!", ask_on_encrypt=True, ask_on_decrypt=True, ) assert res.hex() == "b4811a9d492f5355a5186ddbfccaae7b"
def test_encrypt_badlen(client: Client): with pytest.raises(Exception): misc.encrypt_keyvalue(client, [0, 1, 2], "test", b"testing")
def test_encrypt_badlen(self): self.setup_mnemonic_nopin_nopassphrase() with pytest.raises(Exception): misc.encrypt_keyvalue(self.client, [0, 1, 2], b"test", b"testing")
def test_encrypt(self): self.setup_mnemonic_nopin_nopassphrase() # different ask values res = misc.encrypt_keyvalue( self.client, [0, 1, 2], b"test", b"testing message!", ask_on_encrypt=True, ask_on_decrypt=True, ) assert res.hex() == "676faf8f13272af601776bc31bc14e8f" res = misc.encrypt_keyvalue( self.client, [0, 1, 2], b"test", b"testing message!", ask_on_encrypt=True, ask_on_decrypt=False, ) assert res.hex() == "5aa0fbcb9d7fa669880745479d80c622" res = misc.encrypt_keyvalue( self.client, [0, 1, 2], b"test", b"testing message!", ask_on_encrypt=False, ask_on_decrypt=True, ) assert res.hex() == "958d4f63269b61044aaedc900c8d6208" res = misc.encrypt_keyvalue( self.client, [0, 1, 2], b"test", b"testing message!", ask_on_encrypt=False, ask_on_decrypt=False, ) assert res.hex() == "e0cf0eb0425947000eb546cc3994bc6c" # different key res = misc.encrypt_keyvalue( self.client, [0, 1, 2], b"test2", b"testing message!", ask_on_encrypt=True, ask_on_decrypt=True, ) assert res.hex() == "de247a6aa6be77a134bb3f3f925f13af" # different message res = misc.encrypt_keyvalue( self.client, [0, 1, 2], b"test", b"testing message! it is different", ask_on_encrypt=True, ask_on_decrypt=True, ) assert ( res.hex() == "676faf8f13272af601776bc31bc14e8f3ae1c88536bf18f1b44f1e4c2c4a613d" ) # different path res = misc.encrypt_keyvalue( self.client, [0, 1, 3], b"test", b"testing message!", ask_on_encrypt=True, ask_on_decrypt=True, ) assert res.hex() == "b4811a9d492f5355a5186ddbfccaae7b"
def test_encrypt_badlen(self): self.setup_mnemonic_nopin_nopassphrase() with pytest.raises(Exception): misc.encrypt_keyvalue(self.client, [0, 1, 2], b"test", b"testing")
def encrypt(key, value): addr = [0,1,2] enc = misc.encrypt_keyvalue(client, addr, key, value, ask_on_encrypt=True, ask_on_decrypt=True) return enc
def test_encrypt(self): self.setup_mnemonic_nopin_nopassphrase() # different ask values res = misc.encrypt_keyvalue( self.client, [0, 1, 2], b"test", b"testing message!", ask_on_encrypt=True, ask_on_decrypt=True, ) assert hexlify(res) == b"676faf8f13272af601776bc31bc14e8f" res = misc.encrypt_keyvalue( self.client, [0, 1, 2], b"test", b"testing message!", ask_on_encrypt=True, ask_on_decrypt=False, ) assert hexlify(res) == b"5aa0fbcb9d7fa669880745479d80c622" res = misc.encrypt_keyvalue( self.client, [0, 1, 2], b"test", b"testing message!", ask_on_encrypt=False, ask_on_decrypt=True, ) assert hexlify(res) == b"958d4f63269b61044aaedc900c8d6208" res = misc.encrypt_keyvalue( self.client, [0, 1, 2], b"test", b"testing message!", ask_on_encrypt=False, ask_on_decrypt=False, ) assert hexlify(res) == b"e0cf0eb0425947000eb546cc3994bc6c" # different key res = misc.encrypt_keyvalue( self.client, [0, 1, 2], b"test2", b"testing message!", ask_on_encrypt=True, ask_on_decrypt=True, ) assert hexlify(res) == b"de247a6aa6be77a134bb3f3f925f13af" # different message res = misc.encrypt_keyvalue( self.client, [0, 1, 2], b"test", b"testing message! it is different", ask_on_encrypt=True, ask_on_decrypt=True, ) assert ( hexlify(res) == b"676faf8f13272af601776bc31bc14e8f3ae1c88536bf18f1b44f1e4c2c4a613d" ) # different path res = misc.encrypt_keyvalue( self.client, [0, 1, 3], b"test", b"testing message!", ask_on_encrypt=True, ask_on_decrypt=True, ) assert hexlify(res) == b"b4811a9d492f5355a5186ddbfccaae7b"