def getKeys(secret): """ Generate keyring containing secp256k1 keys-pair and wallet import format (WIF). Args: secret (str, bytes or int): anything that could issue a private key on secp256k1 curve. Returns: dict: public, private and WIF keys. """ if isinstance(secret, int): privateKey = "%064x" % secret seed = unhexlify(privateKey) elif isinstance(secret, str): privateKey = secret if HEX.match(secret) else \ secp256k1.hash_sha256(secret).decode() seed = unhexlify(privateKey) elif isinstance(secret, bytes): privateKey = secret.decode() if BHEX.match(secret) else \ secp256k1.hash_sha256(secret).decode() seed = unhexlify(privateKey) publicKey = secp256k1.PublicKey.from_seed(seed) return { "publicKey": publicKey.encode().decode(), "privateKey": privateKey, "wif": getWIF(seed) }
def test_hash_sha256(self): secp256k1._schnorr.hash_sha256.restype = ctypes.c_char_p assert secp256k1.hash_sha256( b"secret" ) == secp256k1._schnorr.hash_sha256( b"secret" )
def checkRemoteAuth(**args): try: headers = args.get("headers", {}) task.MessageLogger.JOB.put("received secured headers: %r" % headers) # check if publick key defined in header is an authorized one # auth is a list of public keys. Because loadJson returns a void # dict if no file found, the if condition acts same as if it was a list publicKey = headers.get("public-key", "?") if publicKey not in lystener.loadJson("auth"): return {"status": 401, "msg": "not authorized"} # Note that client has to define its own salt value and get a # 1-min-valid random seed from lystener server. # See /salt endpoint sig = secp256k1.HexSig.from_der(headers["signature"]) puk = secp256k1.PublicKey.decode(publicKey) msg = secp256k1.hash_sha256(headers["salt"] + getSeed()) if not secp256k1._ecdsa.verify(msg, puk.x, puk.y, sig.r, sig.s): return {"status": 403, "msg": "bad signature"} return {"status": 200, "msg": "access granted"} except Exception as error: return { "status": 500, "msg": "checkPutDelete response: %s\n%s" % ("%r" % error, traceback.format_exc()) }
def getIdFromBytes(data): """ Generate data id. Args: data (bytes): data as bytes sequence. Returns: hex: id. """ return secp256k1.hash_sha256(data).decode()
def verifySignatureFromBytes(data, publicKey, signature): """ Verify signature. Args: data (bytes): data. publicKey (str): public key as hex string. signature (str): signature as hex string. Returns: bool: True if signature matches the public key. """ puk = secp256k1.PublicKey.decode(publicKey) msg = secp256k1.hash_sha256(data) if len(signature) == 128: hS = secp256k1.HexSig.from_raw( signature if isinstance(signature, bytes) else signature.encode()) return bool( secp256k1._schnorr.bcrypto410_verify(msg, puk.x, puk.y, hS.r, hS.s)) else: hS = secp256k1.HexSig.from_der( signature if isinstance(signature, bytes) else signature.encode()) return bool(secp256k1._ecdsa.verify(msg, puk.x, puk.y, hS.r, hS.s))