def test_public_key_encryption_util(self): alice = crypto.generate_keypair() bob = crypto.generate_keypair() ciphertext = crypto.public_key_encrypt(alice[1], bob[0], "hello") plaintext = crypto.public_key_decrypt(bob[1], alice[0], ciphertext) self.assertEqual("hello", plaintext)
def get_security_keys(self): keyfile = os.path.join(environ.conf_dir(), KEYFILE) keys = config.load_conf(keyfile) self.__secret = keys.get('secret') self.user_xid = keys.get('user') self.__secret = os.environ.get(AVA_AGENT_SECRET, self.__secret) self.user_xid = os.environ.get(AVA_USER_XID, self.user_xid) if self.user_xid is None and not settings['debug']: logger.error('No User XID is specified!') raise SystemExit(2) if self.__secret: self.__secret = crypto.string_to_secret(self.__secret) pk, sk = crypto.generate_keypair(sk=self.__secret) self.key = pk else: logger.debug("No secret key is given, generating one...") pk, sk = crypto.generate_keypair() self.__secret = sk self.key = pk self.xid = crypto.key_to_xid(self.key) logger.debug("The agent's XID: %s", self.xid) if not self.user_xid and settings['debug']: logger.debug("User XID not given via environment variable. " + "Generating one...") self.user_xid = \ b'AYPwK3c3VK7ZdBvKfcbV5EmmCZ8zSb9viZ288gKFBFuE92jE' logger.debug("The agent's user XID: %s", self.user_xid)
def test_can_encode_and_decode_token(self): alice_keys = crypto.generate_keypair() bob_keys = crypto.generate_keypair() # payload = {'iss': crypto.key_to_xid(alice_keys[0])} # Alice signed the payload to Bob encoded_token = token.encode(payload, alice_keys[1], bob_keys[0]) print("ecnoded_token", encoded_token) decoded_payload = token.decode(encoded_token, bob_keys[1]) assert 'iss' in decoded_payload
def test_can_encode_and_decode_token(self): alice_keys = crypto.generate_keypair() bob_keys = crypto.generate_keypair() # payload = {"iss": crypto.key_to_xid(alice_keys[0])} # Alice signed the payload to Bob encoded_token = token.encode(payload, alice_keys[1], bob_keys[0]) print("ecnoded_token", encoded_token) decoded_payload = token.decode(encoded_token, bob_keys[1]) assert "iss" in decoded_payload
def agent(ctx, force=False): """ Generate keys for agent. """ userkeys_path = os.path.join(ctx.obj['app_dir'], 'user-keys.yml') if not os.path.exists(userkeys_path): click.echo('You should set user keys first.', err=True) return with open(userkeys_path, 'rb') as userkeys_file: userkeys = yaml.load(userkeys_file) user_xid = userkeys.get('xid') agentkeys_path = os.path.join(environ.conf_dir(), 'ava-keys.yml') if os.path.exists(agentkeys_path) and not force: click.echo('Agent keys exist!') click.confirm('Do you want to overwrite it?', abort=True) content = {} pk, sk = crypto.generate_keypair() content[b'user'] = user_xid content[b'secret'] = crypto.secret_to_string(sk) with open(agentkeys_path, 'wb') as agentkeys_file: yaml.dump(content, agentkeys_file)
def gen_random_key(ctx): if ctx.obj['verbosity']: click.echo("Generating random key...") (pk, sk) = crypto.generate_keypair() xid = crypto.key_to_xid(pk) secret_str = crypto.secret_to_string(sk) key_str = crypto.key_to_string(pk) res = dict(xid=xid, key=key_str, secret=secret_str) click.echo(json.dumps(res, sort_keys=True, indent=4, separators=(',', ': '))) return 0
def generate(ctx, salt=None, password=None): """ Generate random key or derive from salt and password. """ if not salt and not password: return gen_random_key(ctx) if not (salt and password): if not salt: click.echo("Missing option: salt") if not password: click.echo("Missing option: password") return 1 sk = crypto.derive_secret_key(password, salt) (pk, sk) = crypto.generate_keypair(sk=sk) xid = crypto.key_to_xid(pk) secret_str = crypto.secret_to_string(sk) key_str = crypto.key_to_string(pk) res = dict(xid=xid, key=key_str, secret=secret_str) click.echo(json.dumps(res, sort_keys=True, indent=4, separators=(',', ': '))) return 0
def validate(ctx, xid, key, secret): """ Validate XID, public key or secret key. :param ctx: :param xid: :param key: :param secret: :return: """ if xid: if crypto.validate_xid(xid): click.echo("XID %s is valid." % xid) else: click.echo("XID %s is invalid." % xid) if key: if crypto.validate_key_string(key): click.echo("Key is valid") else: click.echo("Key is invalid.") if secret: if crypto.validate_secret_string(secret): click.echo("Secret is valid.") else: click.echo("Secret is invalid.") if key and secret: sk = crypto.string_to_secret(secret) pk = crypto.string_to_key(key) (vpk, vsk) = crypto.generate_keypair(sk=sk) if vpk == pk and vsk == sk: click.echo("Key and secret are matched.") return 0 click.echo("Key and secret are mismatched.") return 1