def setUp(self): self.private_key = SigningKey.generate() self.public_keys = tuple(PublicKey.from_signing_key(SigningKey.generate()) for _ in range(2)) self.operation = Operation(OperationRev(), 'http://example.com', self.public_keys) sign_object(PublicKey.from_signing_key(self.private_key), self.private_key, self.operation) self.uuid = self.operation.uuid self.identifier = Identifier.from_operation(self.operation)
def test_dhZ(self): from ecdsa.keys import SigningKey # VerifyingKey from ecdsa.curves import NIST521p # Party V(recepient) declares a satic key pair curve = NIST521p v_stc = SigningKey.generate(curve=curve) # and advertise to Party U(Sender) ( U <--(pub key)-- V) v_pub = v_stc.get_verifying_key() self.assertEqual(v_pub.curve, curve) print(v_pub.curve) # Party U provides a ephemeral key u_epk = SigningKey.generate(curve=v_pub.curve) from jose.jwa import ec # Compute ECDH as shared secret # This shared secret itself is NOT have to be exchanged. shared_secret_u = ec.ecdsa_dhZ(v_pub, u_epk) # Party V recive Epemeral Public Key ( U --(pub key)--> V) v_epk = u_epk.get_verifying_key() # Party V compute shared_secret_v = ec.ecdsa_dhZ(v_epk, v_stc) # Secrete Agreeed! self.assertEqual(shared_secret_u, shared_secret_v)
def __init__(self, public_key: str = None, private_key: str = None): """ :param public_key: base58 encoded :param private_key: base58 encoded """ self.__public_key = None self.__private_key = None if private_key is not None: self.__private_key = SigningKey.from_string( b58decode(private_key), curve=NIST256p ) self.__public_key = self.__private_key.get_verifying_key() if public_key is not None: self.__public_key = VerifyingKey.from_string( self.decompress(b58decode(public_key))[1:], curve=NIST256p ) if public_key is None and private_key is None: self.__private_key = SigningKey.generate(curve=NIST256p) self.__public_key = self.__private_key.get_verifying_key()
def setUp(self): initialise_database('test_database_file') self.private_keys = [SigningKey.generate(), SigningKey.generate()] self.public_keys = [PublicKey.from_signing_key(private_key) for private_key in self.private_keys] self.operation = [ Operation(OperationRev(), 'http://example.com/', [self.public_keys[1]]), Operation(OperationRev(), 'http://example2.com/', [self.public_keys[0], self.public_keys[1]]), Operation(OperationRev(), 'http://example3.com/', [self.public_keys[1]]) ]
def test_new_keys(self): user = User.new_keys(curve=NIST256p) self.assertIsInstance(user, User) self.assertIsInstance(user._private_key, SigningKey) self.assertIsInstance(user._public_key.verifying_key, VerifyingKey) self.assertEqual(user._private_key.to_der(), SigningKey.from_string(user._private_key.to_string(), NIST256p).to_der()) self.assertEqual(len(user._private_key.to_der()), len(SigningKey.generate(curve=NIST256p).to_der())) self.assertNotEqual(len(user._private_key.to_der()), len(SigningKey.generate().to_der()))
def new_keys(cls, curve=NIST192p): # TODO different curve as default? """ Create new user using auto-generated keys. :param curve: private key's generation curve """ return cls(SigningKey.generate(curve=curve))
def getKeys(secret, seed=None): """ Generate keyring containing public key, signing and checking keys as attribute. Keyword arguments: secret (str or bytes) -- a human pass phrase seed (byte) -- a sha256 sequence bytes (private key actualy) Return dict """ if secret and not isinstance(secret, bytes): secret = secret.encode('utf-8') seed = hashlib.sha256(secret).digest() if not seed else seed signingKey = SigningKey.from_secret_exponent( int(binascii.hexlify(seed), 16), SECP256k1, hashlib.sha256) publicKey = signingKey.get_verifying_key().to_string() return { "publicKey": hexlify( compressEcdsaPublicKey(publicKey) if cfg.compressed else publicKey ), "privateKey": hexlify(signingKey.to_string()), "wif": getWIF(seed) }
def get(self): app = self.app if request.is_xhr: return 'brave.core.template.form', dict( kind = _("Application"), form = manage_form('/application/manage/{0}'.format(app.id)), data = dict( name = app.name, description = app.description, site = app.site, contact = app.contact, development = app.development, key = dict( public = app.key.public, private = app.key.private, ), required = app.mask.required, optional = app.mask.optional, groups = app.groups ) ) key = SigningKey.from_string(unhexlify(app.key.private), curve=NIST256p, hashfunc=sha256) return 'brave.core.application.template.view_app', dict( app = app, key = hexlify(key.get_verifying_key().to_string()), pem = key.get_verifying_key().to_pem() )
def test_generate(self): def hexdigest(digester, data): import hashlib return hashlib.new(digester, data).hexdigest() def longdigest(digester, data): return int(hexdigest(digester, data), 16) from ecdsa.keys import SigningKey, VerifyingKey from ecdsa.curves import NIST521p pri = SigningKey.generate(curve=NIST521p) pub = pri.get_verifying_key() self.assertTrue(isinstance(pub, VerifyingKey)) data = 'what a wonderfull world.' digest = longdigest('sha256', b(data)) sig = pri.sign_number(digest) self.assertTrue(isinstance(sig, tuple)) self.assertEqual(len(sig), 2) from ecdsa.ecdsa import Signature sigobj = Signature(*sig) # (r, s) self.assertTrue(pub.pubkey.verifies(digest, sigobj))
def __init__(self, x, y, curve_name, secret_multiplier=None): if not curve_name: raise ValueError("curve_name must be specified") self.curve_name = curve_name for c in curves: if c.name == curve_name or c.openssl_name == curve_name: curve = c break else: raise ValueError( "Curve '{0}' not supported by python-ecdsa".format(curve_name)) self.private_key = None self.public_key = None self.key_type = "ecdsa" if secret_multiplier: self.private_key = SigningKey.from_secret_exponent( secret_multiplier, curve) if x and y: point = Point(curve.curve, x, y) self.public_key = VerifyingKey.from_public_point(point, curve) if not self.public_key: self.public_key = self.private_key.get_verifying_key()
def setUp(self): self.private_key = SigningKey.generate(curve=NIST256p) self.public_key = PublicKey.from_signing_key(self.private_key) self.operation = Operation(OperationRev(), 'http://example.com/', [self.public_key]) sign_object(self.public_key, self.private_key, self.operation)
def _parse_ecdsa_private_key(private, curve): ver = private.getChild(0) if ver.value != b'\x01': raise SyntaxError("Unexpected EC key version") private_key = private.getChild(1) public_key = private.getChild(2) # first two bytes are the ASN.1 custom type and the length of payload # while the latter two bytes are just specification of the public # key encoding (uncompressed) # TODO: update ecdsa lib to be able to parse PKCS#8 files if curve is not NIST521p: if list(public_key.value[:1]) != [3] or \ list(public_key.value[2:4]) != [0, 4]: raise SyntaxError( "Invalid or unsupported encoding of public key") pub_key = VerifyingKey.from_string( compatHMAC(public_key.value[4:]), curve) else: if list(public_key.value[:3]) != [3, 129, 134] or \ list(public_key.value[3:5]) != [0, 4]: raise SyntaxError( "Invalid or unsupported encoding of public key") pub_key = VerifyingKey.from_string( compatHMAC(public_key.value[5:]), curve) pub_x = pub_key.pubkey.point.x() pub_y = pub_key.pubkey.point.y() priv_key = SigningKey.from_string(compatHMAC(private_key.value), curve) mult = priv_key.privkey.secret_multiplier return Python_ECDSAKey(pub_x, pub_y, curve.name, mult)
def test_exchage(self): from ecdsa import SigningKey, NIST521p alice_own = SigningKey.generate(curve=NIST521p) bob_own = SigningKey.generate(curve=NIST521p) alice_pri = alice_own.privkey alice_pub = alice_pri.public_key bob_pri = bob_own.privkey bob_pub = bob_pri.public_key alice_pub_point = alice_pub.point bob_pub_point = bob_pub.point print(alice_pub_point, bob_pub_point)
def setUp(self): self.patcher1 = patch('addressimo.util.get_id') self.patcher2 = patch('addressimo.util.create_json_response') self.patcher3 = patch('addressimo.util.request') self.patcher4 = patch('addressimo.util.VerifyingKey', wraps=VerifyingKey) self.mockGetId = self.patcher1.start() self.mockCreateJsonResponse = self.patcher2.start() self.mockRequest = self.patcher3.start() self.mockVerifyingKey = self.patcher4.start() self.mockRequest.url = 'http://addressimo.com/address/0123456789abcdef/sf' self.mockRequest.data = 'this is some crazy random data, dude! you know you gotta love this!' from ecdsa.keys import SigningKey from ecdsa.curves import SECP256k1 self.sk = SigningKey.from_string(TEST_PRIVKEY.decode('hex'), curve=SECP256k1) sig = self.sk.sign('GETaddressimo.com/address/0123456789abcdef/sfthis is some crazy random data, dude! you know you gotta love this!', hashfunc=sha256, sigencode=sigencode_der) self.mockRequest.headers = { 'x-identity': VerifyingKey.from_string(TEST_PUBKEY.decode('hex'), curve=curves.SECP256k1).to_der().encode('hex'), 'x-signature': sig.encode('hex') } self.mockRequest.method = 'GET' self.mockRequest.path = '/address/0123456789abcdef/sf' self.mockIdObj = Mock() self.mockIdObj.auth_public_key = TEST_PUBKEY # Mock the decorator function -> We run self.decorated self.mock_func = MagicMock(return_value='fake_response') self.mock_func.__name__ = 'mock_func' self.decorated = requires_valid_signature(self.mock_func)
def __after__(self, result, *args, **kw): """Generate the JSON response and sign.""" key = SigningKey.from_string(unhexlify(request.service.key.private), curve=NIST256p, hashfunc=sha256) response = Response(status=200, charset='utf-8') response.date = datetime.utcnow() response.last_modified = result.pop('updated', None) ct, body = render('json:', result) response.headers[b'Content-Type'] = str( ct) # protect against lack of conversion in Flup response.body = body canon = "{req.service.id}\n{resp.headers[Date]}\n{req.url}\n{resp.body}".format( req=request, resp=response) response.headers[b'X-Signature'] = hexlify(key.sign(canon)) log.debug("Signing response: %s", response.headers[b'X-Signature']) log.debug("Canonical data:\n%r", canon) del response.date # TODO: This works around an odd bug of sending two Date header values. return response
def get(self): app = self.app if request.is_xhr: return 'brave.core.template.form', dict( kind=_("Application"), form=manage_form('/application/manage/{0}'.format(app.id)), data=dict(name=app.name, description=app.description, site=app.site, contact=app.contact, development=app.development, key=dict( public=app.key.public, private=app.key.private, ), required=app.mask.required, optional=app.mask.optional, groups=app.groups)) key = SigningKey.from_string(unhexlify(app.key.private), curve=NIST256p, hashfunc=sha256) return 'brave.core.application.template.view_app', dict( app=app, key=hexlify(key.get_verifying_key().to_string()), pem=key.get_verifying_key().to_pem())
def unserializeKeys(serial, network=None): """ Unserialize `serial`. Argument: keys (ArkyDict) -- serialized keyring returned by serializeKeys Returns ArkyDict ready to be used as keyring >>> binascii.hexlify(unserializeKeys({ ... 'wif': 'SB3BGPGRh1SRuQd52h7f5jsHUg1G9ATEvSeA7L5Bz4qySQww4k7N', ... 'data': '2d2d2d2d2d424547494e2045432050524956415445204b45592d2d2d2d2d0a4d485143415145\ 454943753444564e374861506a69394d4459617146566f6139344f724e63574c2b39714a66365876314a364a6\ 26f416347425375424241414b0a6f555144516741456f4375645839305442384c75526c4b36564e5353306630\ 5270394737507a7045784b42656566476436544f5353714a5941476d564b7746410a3249336948445a2b354b3\ 93853704275464a6a7943726a324c6b777049513d3d0a2d2d2d2d2d454e442045432050524956415445\ 204b45592d2d2d2d2d0a'}).public) b'03a02b9d5fdd1307c2ee4652ba54d492d1fd11a7d1bb3f3a44c4a05e79f19de933' """ keys = ArkyDict() keys.network = cfg.__NETWORK__ if network == None else network # use cfg.__NETWORK__ network by default keys.signingKey = SigningKey.from_pem(binascii.unhexlify(serial["data"])) keys.checkingKey = keys.signingKey.get_verifying_key() keys.public = _compressEcdsaPublicKey(keys.checkingKey.to_string()) if "wif" in serial: keys.wif = serial["wif"] return keys
def getKeys(secret="passphrase", seed=None, network=None): """ Generate keyring containing network, public and private key as attribute. secret or seed have to be provided, if network is not, cfg.__NETWORK__ is automatically selected. Keyword arguments: secret (str or bytes) -- a human pass phrase seed (byte) -- a sha256 sequence bytes network (object) -- a python object Returns ArkyDict >>> binascii.hexlify(getKeys("secret").public) b'03a02b9d5fdd1307c2ee4652ba54d492d1fd11a7d1bb3f3a44c4a05e79f19de933' """ network = ArkyDict( **network ) if network else cfg.__NETWORK__ # use cfg.__NETWORK__ network by default seed = hashlib.sha256( secret.encode("utf8") if not isinstance(secret, bytes) else secret ).digest() if not seed else seed keys = ArkyDict() # save wallet address keys.wif = getWIF(seed, network) # save network option keys.network = network # generate signing and verifying object and public key keys.signingKey = SigningKey.from_secret_exponent( int(binascii.hexlify(seed), 16), SECP256k1, hashlib.sha256) keys.checkingKey = keys.signingKey.get_verifying_key() keys.public = _compressEcdsaPublicKey(keys.checkingKey.to_string()) return keys
def decrypt_with_gcm_mode(nonce: bytes, mac_tag: bytes, cipher_text: bytes, private_key: bytes, hdr: bytes, encode_g_tilde: bytes): if not isinstance(private_key, bytes): raise SDKException( ErrorCode.other_error( 'the length of private key should be 32 bytes.')) if len(private_key) != 32: raise SDKException( ErrorCode.other_error( 'the length of private key should be 32 bytes.')) str_g_tilde_x = encode_g_tilde[1:33] str_g_tilde_y = encode_g_tilde[33:65] g_tilde_x = string_to_number(str_g_tilde_x) g_tilde_y = string_to_number(str_g_tilde_y) g_tilde = Point(NIST256p.curve, g_tilde_x, g_tilde_y, NIST256p.order) h_tilde = g_tilde * SigningKey.from_string( string=private_key, curve=NIST256p).privkey.secret_multiplier seed = b''.join( [encode_g_tilde, number_to_string(h_tilde.x(), NIST256p.order)]) aes_key = pbkdf2(seed, 32) plain_text = AESHandler.aes_gcm_decrypt(cipher_text, hdr, nonce, mac_tag, aes_key) return plain_text
def test_no_database(self): with self.assertRaisesRegex(pmpi.database.Database.InitialisationError, "initialise database first"): Block.get_ids_list() with self.assertRaisesRegex(pmpi.database.Database.InitialisationError, "initialise database first"): Block.get(sha256(b'something').digest()) private_key = SigningKey.generate() public_key = PublicKey.from_signing_key(private_key) operations = [ Operation(OperationRev(), 'http://example0.com/', [public_key]), Operation(OperationRev(), 'http://example1.com/', [public_key]) ] for op in operations: sign_object(public_key, private_key, op) block = Block.from_operations_list(BlockRev(), int(time.time()), operations) block.mine() sign_object(public_key, private_key, block) with self.assertRaisesRegex(pmpi.database.Database.InitialisationError, "initialise database first"): block.put() with self.assertRaisesRegex(pmpi.database.Database.InitialisationError, "initialise database first"): block.remove()
def setUp(self): self.patcher1 = patch("addressimo.util.get_id") self.patcher2 = patch("addressimo.util.create_json_response") self.patcher3 = patch("addressimo.util.request") self.patcher4 = patch("addressimo.util.VerifyingKey", wraps=VerifyingKey) self.mockGetId = self.patcher1.start() self.mockCreateJsonResponse = self.patcher2.start() self.mockRequest = self.patcher3.start() self.mockVerifyingKey = self.patcher4.start() self.mockRequest.url = "http://addressimo.com/address/0123456789abcdef/sf" self.mockRequest.data = "this is some crazy random data, dude! you know you gotta love this!" from ecdsa.keys import SigningKey from ecdsa.curves import SECP256k1 self.sk = SigningKey.from_string(TEST_PRIVKEY.decode("hex"), curve=SECP256k1) sig = self.sk.sign(self.mockRequest.url + self.mockRequest.data, hashfunc=sha256, sigencode=sigencode_der) self.mockRequest.headers = { "x-identity": VerifyingKey.from_string(TEST_PUBKEY.decode("hex"), curve=curves.SECP256k1) .to_der() .encode("hex"), "x-signature": sig.encode("hex"), } self.mockIdObj = Mock() self.mockIdObj.auth_public_key = TEST_PUBKEY # Mock the decorator function -> We run self.decorated self.mock_func = MagicMock(return_value="fake_response") self.mock_func.__name__ = "mock_func" self.decorated = requires_valid_signature(self.mock_func)
def __init__(self, private_key: str): # byes.fromhex expect a hex string without 0x private_key = self.remove_starting_0x(private_key) pem = SigningKey.from_string(bytes.fromhex(private_key), curve=SECP256k1).to_pem() self.signing_key = jwk.JWK.from_pem(pem) self.algorithm = 'ES256K'
def test_generate(self): from ecdsa import SigningKey, NIST521p sk = SigningKey.generate(curve=NIST521p) pri = sk.privkey pub = pri.public_key param = dict( crv=sk.curve, x=pub.point.x(), y=pub.point.y(), d=pri.secret_multiplier) # Curve from ecdsa.ellipticcurve import Point, CurveFp from ecdsa.ecdsa import curve_521 self.assertTrue(isinstance(curve_521, CurveFp)) self.assertTrue(isinstance(param['crv'].curve, CurveFp)) self.assertEqual(curve_521, param['crv'].curve) self.assertEqual(pub.point.curve(), curve_521) # Point p_new = Point(curve_521, param['x'], param['y']) self.assertEqual(p_new, pub.point) self.assertTrue(isinstance(pub.point, Point)) # Public Key from ecdsa.ecdsa import Public_key, generator_521 self.assertEqual(generator_521, pub.generator) pub_new = Public_key(generator_521, p_new) # Private Key from ecdsa.ecdsa import Private_key pri_new = Private_key(pub_new, param['d']) # Signature from ecdsa.ecdsa import string_to_int, Signature from hashlib import sha512 from uuid import uuid1 rnd = uuid1().int msg = "hello, it's me.".encode('utf8') digest = string_to_int(sha512(msg).digest()) signature_new = pri_new.sign(digest, rnd) signature_old = pri.sign(digest, rnd) self.assertTrue(isinstance(signature_new, Signature)) self.assertEqual(signature_new.r, signature_old.r) self.assertEqual(signature_new.s, signature_old.s) import six # python3 no long self.assertTrue(type(signature_new.r) in six.integer_types) self.assertTrue(type(signature_new.s) in six.integer_types) # Verify print(pub.verifies(digest, signature_new)) print(pub_new.verifies(digest, signature_old)) # print(dir(pri_new)) print(dir(pub_new)) print(dir(pub_new.curve))
def ec_get_public_key_by_private_key(private_key: bytes): if not isinstance(private_key, bytes): raise BotException(BotError.invalid_private_key) if len(private_key) != 32: raise BotException(BotError.invalid_private_key) private_key = SigningKey.from_string(string=private_key, curve=SECP256k1) public_key = private_key.get_verifying_key().to_string() return public_key
def generate_key(identifier): from brave.core.application.model import Application key = SigningKey.generate(NIST256p, hashfunc=sha256) Application.objects( id=identifier, key__private=None # Make sure we don't override an existing one. ).update(set__key__private=hexlify(key.to_string()))
def generate_signature(private_key: bytes, msg: bytes): if not isinstance(private_key, bytes): raise BotException(BotError.invalid_private_key) if len(private_key) != 32: raise BotException(BotError.invalid_private_key) private_key = SigningKey.from_string(string=private_key, curve=SECP256k1) signature = private_key.sign(msg) return signature
def __init__(self): # Load our keys into a usable form. try: config['api.private'] = SigningKey.from_string(unhexlify(config['api.private']), curve=NIST256p, hashfunc=sha256) config['api.public'] = VerifyingKey.from_string(unhexlify(config['api.public']), curve=NIST256p, hashfunc=sha256) except: log.critical("Core Service API identity, public, or private key missing.") private = SigningKey.generate(NIST256p, hashfunc=sha256) log.critical("Here's a new private key; update the api.private setting to reflect this.\n%s", private.to_string().encode('hex')) log.critical("Here's that key's public key; this is what you register with Core.\n%s", private.get_verifying_key().to_string().encode('hex')) log.critical("After registering, save the server's public key to api.public and your service's ID to api.identity.") exit(-1) super(StartupMixIn, self).__init__()
def setUp(self): self.private_keys = [SigningKey.generate(curve=NIST256p) for _ in range(3)] self.public_keys = [PublicKey.from_signing_key(private_key) for private_key in self.private_keys] self.operation = [ Operation(OperationRev(), 'http://example.com/', [self.public_keys[1], self.public_keys[2]]), None, None ]
def _get_brave_api(): config = app.config['BRAVE_AUTH'] return API(config['endpoint'], config['identity'], SigningKey.from_string(unhexlify(config['private']), curve=NIST256p, hashfunc=sha256), VerifyingKey.from_string(unhexlify(config['public']), curve=NIST256p, hashfunc=sha256))
def setUp(self): self.private_key = SigningKey.generate() self.public_key = PublicKey.from_signing_key(self.private_key) self.operations = [Operation( OperationRev(), 'http://example.com/', [self.public_key]) for _ in range(Block.MIN_OPERATIONS + 1)] for op in self.operations: sign_object(self.public_key, self.private_key, op)
def setUp(self): initialise_database('test_database_file') self.private_key = SigningKey.generate() self.public_key = PublicKey.from_signing_key(self.private_key) # self.uuids = [uuid4() for _ in range(3)] self.operations = [[ Operation(OperationRev(),'http://example0.com/v0/', [self.public_key]), Operation(OperationRev(),'http://example1.com/v0/', [self.public_key]) ]] for op in self.operations[0]: sign_object(self.public_key, self.private_key, op) self.operations.append([ Operation(OperationRev.from_obj(self.operations[0][0]), 'http://example0.com/v1/', [self.public_key]), Operation(OperationRev.from_obj(self.operations[0][1]), 'http://example1.com/v1/', [self.public_key]), Operation(OperationRev(), 'http://example2.com/v0/', [self.public_key]) ]) for op in self.operations[1]: sign_object(self.public_key, self.private_key, op) self.operations.append([ Operation(OperationRev.from_obj(self.operations[1][0]),'http://example0.com/v2/', [self.public_key]), Operation(OperationRev.from_obj(self.operations[1][1]), 'http://example1.com/v2/', [self.public_key]) ]) for op in self.operations[2]: sign_object(self.public_key, self.private_key, op) self.operations.append([ Operation(OperationRev.from_obj(self.operations[1][1]), 'http://alternative1.com/', [self.public_key]), Operation(OperationRev.from_obj(self.operations[1][2]), 'http://alternative2.com/', [self.public_key]) ]) for op in self.operations[3]: sign_object(self.public_key, self.private_key, op) timestamp = int(time.time()) - 100 self.blocks = [Block.from_operations_list(BlockRev(), timestamp, self.operations[0])] self.blocks[0].mine() sign_object(self.public_key, self.private_key, self.blocks[0]) self.blocks.append( Block.from_operations_list(BlockRev.from_obj(self.blocks[0]), timestamp + 20, self.operations[1])) self.blocks[1].mine() sign_object(self.public_key, self.private_key, self.blocks[1]) self.blocks.append( Block.from_operations_list(BlockRev.from_obj(self.blocks[1]), timestamp + 40, self.operations[2])) self.blocks[2].mine() sign_object(self.public_key, self.private_key, self.blocks[2]) self.blocks.append( Block.from_operations_list(BlockRev.from_obj(self.blocks[1]), timestamp + 60, self.operations[3])) self.blocks[3].mine() sign_object(self.public_key, self.private_key, self.blocks[3])
def setUp(self): initialise_database('test_database_file') self.operations = [ Operation(OperationRev(), 'http://example.com/' + url, [PublicKey.from_signing_key(SigningKey.generate())]) for url in ('first/', 'second/')] for op in self.operations: sk = SigningKey.generate() sign_object(PublicKey.from_signing_key(sk), sk, op) block = Block.from_operations_list(BlockRev(), 42, self.operations) block.mine() sk = SigningKey.generate() sign_object(PublicKey.from_signing_key(sk), sk, block) block.put() self.identifiers = [Identifier.from_operation(op) for op in self.operations]
def _parse_ecc_ssleay(data): """ Parse binary structure of the old SSLeay file format used by OpenSSL. For ECDSA keys. """ private_key = SigningKey.from_der(compatHMAC(data)) secret_mult = private_key.privkey.secret_multiplier return Python_ECDSAKey(None, None, private_key.curve.name, secret_mult)
def generate_key(identifier): from brave.core.application.model import Application key = SigningKey.generate(NIST256p, hashfunc=sha256) Application.objects( id = identifier, key__private = None # Make sure we don't override an existing one. ).update( set__key__private = hexlify(key.to_string()) )
def __init__(self, app): self.endpoint = app.config['CORE_ENDPOINT'] self.app_id = app.config['CORE_APP_ID'] self.private_key_string = app.config['CORE_PRIVATE_KEY'] self.core_public_key_string = app.config['CORE_CORE_PUBLIC_KEY'] self.private_key = SigningKey.from_string(unhexlify(self.private_key_string), curve=NIST256p, hashfunc=sha256) self.core_public_key = VerifyingKey.from_string(unhexlify(self.core_public_key_string), curve=NIST256p, hashfunc=sha256) self.view_perm = app.config['CORE_VIEW_PERMISSION'] self.edit_perm = app.config['CORE_EDIT_PERMISSION']
def authorized(): # Perform the initial API call and direct the user. # Convert Key text into objects config['api.private'] = SigningKey.from_string(unhexlify(config['api.private']), curve=NIST256p, hashfunc=sha256) config['api.public'] = SigningKey.from_string(unhexlify(config['api.public']), curve=NIST256p, hashfunc=sha256) # Build API Client for CORE Services api = API(config['api.endpoint'], config['api.identity'], config['api.private'], config['api.public']) # Build Success/Failure Redirect URLs token = request.args.get('token', '') if token == '': abort(401) # Make the authentication call to the CORE Service result = api.core.info(token=token) return jsonify(result)
def __init__(self, *, private_key: Optional[Union[str, bytes]] = None, public_key: Optional[bytes] = None): assert not (private_key and public_key), 'Pass only one key' if public_key: self._sk = None self._vk = VerifyingKey.from_string(public_key, curve=SECP256k1) return if private_key: if isinstance(private_key, str): self._sk = signing_key_from_seed(private_key) else: self._sk = SigningKey.from_string(private_key, curve=SECP256k1) else: entropy = PRNG(secrets.randbits(512)) self._sk = SigningKey.generate(entropy=entropy, curve=SECP256k1) self._vk = self._sk.get_verifying_key()
def setUp(self): initialise_database('test_database_file') self.private_key = SigningKey.generate() self.public_key = PublicKey.from_signing_key(self.private_key) self.operations = [ Operation(OperationRev(), 'http://example.com/', [self.public_key]), Operation(OperationRev(), 'http://example2.com/', [self.public_key]), Operation(OperationRev(), 'http://example3.com/', [self.public_key]) ]
def __init__(self): from brave.mumble import util # Configure mail delivery services. util.mail = Mailer(config, 'mail') util.mail.start() # Load our keys into a usable form. config['api.private'] = SigningKey.from_string(unhexlify(config['api.private']), curve=NIST256p, hashfunc=sha256) config['api.public'] = VerifyingKey.from_string(unhexlify(config['api.public']), curve=NIST256p, hashfunc=sha256) super(StartupMixIn, self).__init__()
def get_brave_api(): import braveapi.client from binascii import unhexlify from hashlib import sha256 from ecdsa.keys import SigningKey, VerifyingKey from ecdsa.curves import NIST256p endpoint = config.braveapi_endpoint my_id = config.braveapi_my_id my_privkey = SigningKey.from_string(unhexlify(config.braveapi_my_privkey), curve=NIST256p, hashfunc=sha256) server_pubkey = VerifyingKey.from_string(unhexlify(config.braveapi_server_pubkey), curve=NIST256p, hashfunc=sha256) return braveapi.client.API(endpoint, my_id, my_privkey, server_pubkey)
def generate_decrypt_aes_key(private_key: bytes, encode_g_tilde: bytes): if not isinstance(private_key, bytes): raise SDKException(ErrorCode.other_error('the length of private key should be 32 bytes.')) if len(private_key) != 32: raise SDKException(ErrorCode.other_error('the length of private key should be 32 bytes.')) str_g_tilde_x = encode_g_tilde[1:33] str_g_tilde_y = encode_g_tilde[33:65] g_tilde_x = string_to_number(str_g_tilde_x) g_tilde_y = string_to_number(str_g_tilde_y) g_tilde = Point(NIST256p.curve, g_tilde_x, g_tilde_y, NIST256p.order) h_tilde = g_tilde * SigningKey.from_string(string=private_key, curve=NIST256p).privkey.secret_multiplier seed = b''.join([encode_g_tilde, number_to_string(h_tilde.x(), NIST256p.order)]) aes_key = pbkdf2(seed, 32) return aes_key
def config(): # Load and validate the format of our auth config data try: config['api.identity'] config['api.private'] = SigningKey.from_string(unhexlify(config['api.private']), curve=NIST256p, hashfunc=sha256) config['api.public'] = VerifyingKey.from_string(unhexlify(config['api.public']), curve=NIST256p, hashfunc=sha256) except: private = SigningKey.generate(NIST256p, hashfunc=sha256) error_message = "Core Service API identity, public, or private key missing.<br /><br />\n\n" error_message += "Here's a new private key; update the api.private setting to reflect this.<br />\n" + \ "%s <br /><br />\n\n" % private.to_string().encode('hex') error_message += "Here's that key's public key; this is what you register with Core.<br />\n" + \ "%s <br /><br /><br />\n\n" % private.get_verifying_key().to_string().encode('hex') error_message += "After registering, save the server's public key to api.public " + \ "and your service's ID to api.identity.<br /><br />" return error_message # config data looks good, allow auth attempt return '<a href="'+url_for('authorize')+'">Click here to auth</a>'
def decrypt_with_cbc_mode(cipher_text: bytes, private_key: bytes, iv: bytes, encode_g_tilde: bytes): if not isinstance(private_key, bytes): raise BotException(BotError.invalid_private_key) if len(private_key) != 32: raise BotException(BotError.invalid_private_key) str_g_tilde_x = encode_g_tilde[1:33] str_g_tilde_y = encode_g_tilde[33:65] g_tilde_x = string_to_number(str_g_tilde_x) g_tilde_y = string_to_number(str_g_tilde_y) g_tilde = Point(SECP256k1.curve, g_tilde_x, g_tilde_y, SECP256k1.order) h_tilde = g_tilde * SigningKey.from_string(string=private_key, curve=SECP256k1).privkey.secret_multiplier seed = b''.join([encode_g_tilde, number_to_string(h_tilde.x(), SECP256k1.order)]) aes_key = pbkdf2(seed, 32) plain_text = AESHandler.aes_cbc_decrypt(cipher_text, iv, aes_key) return plain_text
def GET(self): try: private = SigningKey.from_string(unhexlify(settings['api']['private']), curve=NIST256p, hashfunc=sha256) public = VerifyingKey.from_string(unhexlify(settings['api']['public']), curve=NIST256p, hashfunc=sha256) except: return "Invalid keys" # Perform the initial API call and direct the user. api = API(settings['api']['endpoint'], settings['api']['identity'], private, public) success = str(settings['domain'] + settings['path'] + '/account/authorized') failure = str(settings['domain'] + settings['path'] + '/account/nolove') result = api.core.authorize(success=success, failure=failure) raise web.seeother(result.location, absolute=True)
def test_no_database(self): with self.assertRaisesRegex(pmpi.database.Database.InitialisationError, "initialise database first"): Operation.get_ids_list() with self.assertRaisesRegex(pmpi.database.Database.InitialisationError, "initialise database first"): Operation.get(sha256(b'something').digest()) operation = Operation(OperationRev(), 'http://example.com/', []) sk = SigningKey.generate() sign_object(PublicKey.from_signing_key(sk), sk, operation) with self.assertRaisesRegex(pmpi.database.Database.InitialisationError, "initialise database first"): operation.put(BlockRev()) with self.assertRaisesRegex(pmpi.database.Database.InitialisationError, "initialise database first"): operation.remove(BlockRev())
def get_public_key_by_bytes_private_key(private_key: bytes): if not isinstance(private_key, bytes): raise SDKException(ErrorCode.other_error('The type of private key should be bytes.')) if len(private_key) != 32: raise SDKException(ErrorCode.other_error('The length of private key should be 32 bytes.')) private_key = SigningKey.from_string(string=private_key, curve=NIST256p) public_key = private_key.get_verifying_key() order = public_key.pubkey.order x_int = public_key.pubkey.point.x() y_int = public_key.pubkey.point.y() x_str = number_to_string(x_int, order) if y_int % 2 == 0: point_str = b''.join([b'\x02', x_str]) else: point_str = b''.join([b'\x03', x_str]) return point_str
def getSignature(hexa, key): """ Generate signature using private key. Arguments: hexa (str) -- data as hex string key (str) -- a private key as hex string Return hex """ signingKey = SigningKey.from_string(unhexlify(key), SECP256k1, hashlib.sha256) return hexlify( signingKey.sign_deterministic(unhexlify(hexa), hashlib.sha256, sigencode=sigencode_der_canonize))
def __after__(self, result, *args, **kw): """Generate the JSON response and sign.""" key = SigningKey.from_string(unhexlify(request.service.key.private), curve=NIST256p, hashfunc=sha256) response = Response(status=200, charset='utf-8') response.date = datetime.utcnow() response.last_modified = result.pop('updated', None) ct, body = render('json:', result) response.headers[b'Content-Type'] = str(ct) # protect against lack of conversion in Flup response.body = body canon = "{req.service.id}\n{resp.headers[Date]}\n{req.url}\n{resp.body}".format( req = request, resp = response
def getSignature(tx, privateKey): """ Generate transaction signature using private key. Arguments: tx (dict) -- a transaction description privateKey (str) -- a private key as hex string Return str """ signingKey = SigningKey.from_string(unhexlify(privateKey), SECP256k1, hashlib.sha256) return hexlify( signingKey.sign_deterministic(getBytes(tx), hashlib.sha256, sigencode=sigencode_der_canonize))
def getSignatureFromBytes(data, privateKey): """ Generate data signature using private key. Arguments: data (bytes) -- data in bytes privateKey (str) -- a private key as hex string Return str """ signingKey = SigningKey.from_string(unhexlify(privateKey), SECP256k1, hashlib.sha256) return hexlify( signingKey.sign_deterministic(data, hashlib.sha256, sigencode=sigencode_der_canonize))
def test_no_database(self): with self.assertRaisesRegex(pmpi.database.Database.InitialisationError, "initialise database first"): Identifier.get_uuid_list() with self.assertRaisesRegex(pmpi.database.Database.InitialisationError, "initialise database first"): Identifier.get(uuid4()) operation = Operation(OperationRev(), 'http://example.com/', []) sk = SigningKey.generate() sign_object(PublicKey.from_signing_key(sk), sk, operation) identifier = Identifier.from_operation(operation) with self.assertRaisesRegex(pmpi.database.Database.InitialisationError, "initialise database first"): identifier.put() with self.assertRaisesRegex(pmpi.database.Database.InitialisationError, "initialise database first"): identifier.remove()
def get_brave_api(): import braveapi.client from binascii import unhexlify from hashlib import sha256 from ecdsa.keys import SigningKey, VerifyingKey from ecdsa.curves import NIST256p endpoint = config.braveapi_endpoint my_id = config.braveapi_my_id my_privkey = SigningKey.from_string(unhexlify(config.braveapi_my_privkey), curve=NIST256p, hashfunc=sha256) server_pubkey = VerifyingKey.from_string(unhexlify( config.braveapi_server_pubkey), curve=NIST256p, hashfunc=sha256) return braveapi.client.API(endpoint, my_id, my_privkey, server_pubkey)
def __init__(self): from brave.mumble import util # Configure mail delivery services. util.mail = Mailer(config, 'mail') util.mail.start() # Load our keys into a usable form. config['api.private'] = SigningKey.from_string(unhexlify( config['api.private']), curve=NIST256p, hashfunc=sha256) config['api.public'] = VerifyingKey.from_string(unhexlify( config['api.public']), curve=NIST256p, hashfunc=sha256) super(StartupMixIn, self).__init__()
def public_key(self): """ """ if self._public_key: return self._public_key point = SigningKey.from_secret_exponent( secexp=int(self.secret_exponent, 16), curve=SECP256k1, hashfunc=hashlib.sha256, ).verifying_key.pubkey.point x = hex(point.x())[2:].strip('L') y = hex(point.y())[2:].strip('L') if self.__compressed: return ''.join(('02' if point.y() % 2 == 0 else '03', x)) else: return ''.join(('04', x, y))
def signing_key_from_seed(encoded_seed: str) -> SigningKey: """ Derives SigningKey from master seed. Reference: https://ripple.com/wiki/Account_Family#Root_Key_.28GenerateRootDeterministicKey.29 """ # Ripple seeds are base58-encoded and prefixed with letter "s" assert encoded_seed[0] == 's' seed = base58.b58decode_check(encoded_seed, alphabet=base58.RIPPLE_ALPHABET)[1:] seq = 0 while True: private_gen = int.from_bytes(first_half_of_sha512( seed, seq.to_bytes(4, byteorder='big')), byteorder='big') seq += 1 if SECP256k1.order >= private_gen: break public_key = VerifyingKey.from_public_point(SECP256k1.generator * private_gen, curve=SECP256k1) # Now that we have the private and public generators, we apparently # have to calculate a secret from them that can be used as a ECDSA # signing key. secret = i = 0 public_gen_compressed = public_key.to_string(encoding='compressed') while True: secret = int.from_bytes(first_half_of_sha512( public_gen_compressed, bytes(4), i.to_bytes(4, byteorder='big')), byteorder='big') i += 1 if SECP256k1.order >= secret: break secret = (secret + private_gen) % SECP256k1.order return SigningKey.from_secret_exponent(secret, curve=SECP256k1)
def generate_private_key(): """ () -> hex Generate a private key and Return respective public key pair using the Elliptical Curve Digital Signiture Algorithm. SECP256k1 curve. -> curve Generate a 'random' number to use in the generation of the private key. -> se Generate the key with the two above inputs and pass it through a SHA-256 hash. -> sha256(key) -> verifying_key Return the hexideciaml conversion of verifying key (public key pair to the private key generated) verifying_key -> hex This is our private key's public key pair. """ curve = ecdsa.curves.SECP256k1 se = random_secret_exponent(curve.order) key = SigningKey.from_secret_exponent(se, curve, hashlib.sha256) verifying_key = key.get_verifying_key() verifying_key_string = verifying_key.to_string() bitcoin_byte = b'04' key_hex = hexlify(key.to_string()) return hexlify(key.to_string())
def generate_keypair() -> (SigningKey, str): sk = SigningKey.generate(NIST256p) vk = sk.get_verifying_key() return sk, vk.to_string().hex()
ec["publicKey"] = ec_rfc5915["publicKey"] p8["version"] = 0 p8["privateKeyAlgorithm"] = AlgorithmIdentifier() p8["privateKeyAlgorithm"]["algorithm"] = "1.2.840.10045.2.1" p8["privateKeyAlgorithm"]["parameters"] = ObjectIdentifier( ec_rfc5915["parameters"]) p8["privateKey"] = DER_Encode(ec) der = DER_Encode(p8) #print; dumpasn1(der) #print; dumpasn1(der_test_keys["ec_pkcs8"]) print print "Reencoded PKCS #8 {} static data".format( "matches" if der == der_test_keys["ec_pkcs8"] else "doesn't match") # Try doing same thing with ecdsa package ASN.1 utilities. sk = SigningKey.from_der(der_test_keys["ec_rfc5915"]) vk = ECDSA_DER.encode_bitstring("\x00\x04" + sk.get_verifying_key().to_string()) ec = ECDSA_DER.encode_sequence( ECDSA_DER.encode_integer(1), ECDSA_DER.encode_octet_string(sk.to_string()), ECDSA_DER.encode_constructed(1, vk)) p8 = ECDSA_DER.encode_sequence( ECDSA_DER.encode_integer(0), ECDSA_DER.encode_sequence(encoded_oid_ecPublicKey, sk.curve.encoded_oid), ECDSA_DER.encode_octet_string(ec)) print print "ECDSA-library PKCS #8 encoding {} pyasn1 PKCS #8 encoding".format( "matches" if p8 == der_test_keys["ec_pkcs8"] else "doesn't match")
def make_key_from_entropy_source(entropy=None): return SigningKey.generate(SECP256k1, entropy=entropy)