def setUpClass(cls): priv, pub = ed25519.create_keypair() extauth_settings.update({ 'PRIVATE_KEY': priv.to_bytes(), 'PUBLIC_KEY': pub.to_bytes(), }) cls.url = reverse('api:ext-auth-view')
def _make_keys(self): # Makes a set of private and public keys # Used for authentication privkey, pubkey = ed25519.create_keypair() pri = privkey.to_ascii(encoding=self.key_encoding) pub = pubkey.to_ascii(encoding=self.key_encoding) return pri, pub
def test_token_generation(self): privkey, pubkey = ed25519.create_keypair() token = make_login_token('bob', 1, ['MOD', 'HOST'], 'deadbeef', key=privkey) version, payload, sig = token.split('.') self.assertEqual(version, '1') pubkey.verify(sig, (version + '.' + payload).encode('utf-8'), encoding='base64') with self.assertRaises(ed25519.BadSignatureError): pubkey.verify(sig, (version + '...' + payload).encode('utf-8'), encoding='base64') payload = json.loads( b64decode(payload.encode('utf-8')).decode('utf-8')) self.assertEqual(payload['username'], 'bob') self.assertEqual(payload['uid'], 1) self.assertEqual(payload['flags'], ['MOD', 'HOST']) self.assertEqual(payload['nonce'], 'deadbeef') self.assertEqual(type(payload['iat']), int)
def get_key(output_dir, role, key_type): if key_type == 'ed25519': try: with open(path.join(output_dir, 'keys', '{}.priv'.format(role)), 'r') as f: priv = f.read() with open(path.join(output_dir, 'keys', '{}.pub'.format(role)), 'r') as f: pub = f.read() except IOError: priv, pub = ed25519.create_keypair() priv = binascii.hexlify(priv.to_bytes()).decode('utf-8') pub = binascii.hexlify(pub.to_bytes()).decode('utf-8') with open(path.join(output_dir, 'keys', '{}.priv'.format(role)), 'w') as f: f.write(priv) with open(path.join(output_dir, 'keys', '{}.pub'.format(role)), 'w') as f: f.write(pub) else: raise Exception('unknown key type: {}'.format(key_type)) return (priv, pub)
def genkey(): signing_key, verifying_key = ed25519.create_keypair() open("root_signing.key", "wb").write(signing_key.to_bytes()) open("root_signing.seed", "wb").write(signing_key.to_seed()) vkey_hex = verifying_key.to_ascii(encoding="hex") print "the public key is", vkey_hex pass
def setup(self): super().setup() if self.cnf.newprivatekey: if self.cnf.privatekey: self.logger.critical( "Either generate a new key; or set one. Not both. Aborting." ) sys.exit(1) privatekey, publickey = ed25519.create_keypair() if self.cnf.privatekeyfile: if os.path.isfile(self.cnf.privatekeyfile): self.logger.critical( "Refusing to overwrite existing private key. Aborting." ) sys.exit(1) if 32 != open(self.cnf.privatekeyfile, "wb").write( privatekey.to_seed()): self.logger.critical( "Failed to write the newly generated privatekeyfile. Aborting." ) sys.exit(1) self.logger.info("Wrote out newly generated private key") else: self.logger.info("Using empheral private key") if self.cnf.privatekey: seed = base64.b64decode(self.cnf.privatekey) if len(seed) != 32: self.logger.critical( "Command line private key not exactly 32 bytes. aborting.") sys.exit(1) self.cnf.privatekey = ed25519.SigningKey(seed) else: if self.cnf.privatekeyfile: seed = open(self.cnf.privatekeyfile, "rb").read(32) if len(seed) != 32: self.logger.critical( "Private key in file is not exactly 32 bytes. aborting." ) sys.exit(1) self.cnf.privatekey = ed25519.SigningKey(seed) if self.cnf.tofconly and not self.cnf.privatekey: self.logger.critical("No private key - cannot do TOFC . Aborting.") sys.exit(1) self.cnf.publickey = self.cnf.privatekey.get_verifying_key() self.pubkeys[self.cnf.node] = self.cnf.publickey self.session_priv = curve.generatePrivateKey(Random.new().read(32)) self.session_pub = curve.generatePublicKey(self.session_priv)
def make_keypair(self): priv, pub = ed25519.create_keypair() print(r"""# Ext auth key pair. Place this in local_settings.py DRAWPILE_EXT_AUTH = {{ 'PRIVATE_KEY': b64decode({priv}), 'PUBLIC_KEY': {pub}, }}""".format(priv=b64encode(priv.to_bytes()), pub=b64encode(pub.to_bytes())))
def gen_seckey(cls) -> bytes: """Generates a secret key. Returns: A binary representation of the secret key. """ sk, vk = ed25519.create_keypair() return sk.to_bytes()
def _make_keys(self): # Makes a set of private and public keys # Used for authentication self.keysdb.load() privkey, pubkey = ed25519.create_keypair() pri = privkey.to_ascii(encoding=self.key_encoding) pub = pubkey.to_ascii(encoding=self.key_encoding) self.keysdb.add_key(pub, pri)
def generateSeed(hashable_keyword: str = '') -> bytes: """Generate a private key, with optional keyword to get reproducible tests results or later HD Wallet.""" if len(hashable_keyword): seed = hashlib.sha256(hashable_keyword).digest() signing_key = ed25519.SigningKey(seed) else: signing_key, _ = ed25519.create_keypair() return signing_key.to_bytes()[:32]
def __init__(self): self.signing_key, self.verifying_key = ed25519.create_keypair() self.PublicKey = self.verifying_key.to_ascii(encoding="hex") self.PrivateKey = self.signing_key.to_ascii(encoding="hex") self.SigningKey = self.signing_key self.VerifiyingKey = self.verifying_key self.Username = str(self.PublicKey)[2:-1] self.Password = str(self.PrivateKey)[2:-1]
def generateKey(): private_key, public_key = ed25519.create_keypair() pubHandle = open(PUBLIC_KEY, "wb") pubHandle.write(public_key.to_bytes()) pubHandle.close() privHandle = open(PRIVATE_KEY, "wb") privHandle.write(private_key.to_bytes()) privHandle.close()
def generate_key(prefix): """ generate a private key """ signing_key, verifying_key = ed25519.create_keypair() filename = prefix + "-secret-key.txt" open(filename, "wb").write(signing_key.to_bytes()) print('wrote ' + filename) vkey_hex = verifying_key.to_ascii(encoding="hex") print(prefix + " public key is", vkey_hex) return vkey_hex
def main(): for x in range(0, 10): sk, vk = ed25519.create_keypair(entropy=os.urandom) vk = sk.get_verifying_key() message = bytes(bytearray(os.urandom(1000))) signature = sk.sign(message) verify(signature, vk, message) newSignature = generateNewSignature(signature) verify(newSignature, vk, message)
def randomByRandom(self): # os.urandom(32) signing_key, verifying_key = ed25519.create_keypair(entropy=os.urandom) # print signing_key.to_ascii(encoding="hex") # print len(signing_key.to_seed()) vk = signing_key.get_verifying_key() self.rawPrivateKey = signing_key.to_seed() rawPublicKey = vk.to_ascii(encoding="hex") self.rawPublicKey = self.to_ascii(rawPublicKey)
def setup(self): super().setup() if self.cnf.newprivatekey: if self.cnf.privatekey: self.logger.critical("Either generate a new key; or set one. Not both. Aborting.") sys.exit(1); privatekey, publickey = ed25519.create_keypair() if self.cnf.privatekeyfile: if os.path.isfile(self.cnf.privatekeyfile): self.logger.critical("Refusing to overwrite existing private key. Aborting.") sys.exit(1); if 32 != open(self.cnf.privatekeyfile,"wb").write(privatekey.to_seed()): self.logger.critical("Failed to write the newly generated privatekeyfile. Aborting."); sys.exit(1); self.logger.info("Wrote out newly generated private key"); else: self.logger.info("Using empheral private key"); self.cnf.privatekey = base64.b64encode(privatekey.to_seed()) if self.cnf.privatekey: seed = base64.b64decode(self.cnf.privatekey) if len(seed) != 32: self.logger.critical("Command line private key not exactly 32 bytes. aborting."); sys.exit(1); self.cnf.privatekey = ed25519.SigningKey(seed) else: if self.cnf.privatekeyfile: seed = open(self.cnf.privatekeyfile,"rb").read(32) if len(seed) != 32: self.logger.critical("Private key in file is not exactly 32 bytes. aborting."); sys.exit(1); else: self.logger.critical("No seed (private key)."); sys.exit(1); self.cnf.privatekey = ed25519.SigningKey(seed) if self.cnf.tofconly and not self.cnf.privatekey: self.logger.critical("No private key - cannot do TOFC . Aborting.") sys.exit(1); if self.cnf.trustdb: if not self.load_pkdb(): sys.exit(1); self.cnf.publickey = self.cnf.privatekey.get_verifying_key() self.pubkeys[ self.cnf.node ] = self.cnf.publickey self.session_priv = curve.generatePrivateKey(Random.new().read(32)); self.session_pub = curve.generatePublicKey(self.session_priv);
def keypair(): """ Create Key pair Returns: bytes, bytes """ sk, pk = ed25519.create_keypair() return sk.to_bytes(), pk.to_bytes()
def generate_messenger_pubkeys(n): pubkeys = [] for i in range(n): pct = math.ceil(i * 100 / n) sys.stdout.write("\rGenerating pubkey: %i%% " % pct) sys.stdout.flush() _, verifying_key = ed25519.create_keypair() pubkeys.append(verifying_key.to_ascii(encoding="hex").decode('ascii')) return pubkeys
def main(): """Temp test, not to be used""" signing_key, verifying_key = ed25519.create_keypair() print( "Original private key", ByteUtil.bytes_as_string_with_dashes(signing_key.to_bytes()[:32])) # signing key has signing + verifying, we keep the first 32 to only get the private part. print("Original public key", ByteUtil.bytes_as_string_with_dashes(verifying_key.to_bytes()))
def create_key_pair(): """ Creates a new secret/private and public key pair. :return: tuple of secret/private and public keys """ sk, vk = ed25519.create_keypair() return str(sk.to_ascii(encoding="hex"), encoding='UTF-8'), str(vk.to_ascii(encoding="hex"), encoding='UTF-8')
def __initByType(self, keyType): if keyType == KeyType.ED25519: sk, vk = ed25519.create_keypair(urandom) self.__keyMember.setRawSKey(sk.to_seed()) rawPKey = self.getPublicKey(self.__keyMember) self.publicKey.setRawPublicKey(rawPKey) else: pass self.setKeyType(keyType) self.publicKey.setKeyType(keyType)
def create_key(): ''' Generates a long-term key pair. Returns: priv (bytes): A base64 encoded ed25519 private key. publ (bytes): A base64 encoded ed25519 public key. ''' priv, publ = ed25519.create_keypair() return base64.b64encode(priv.to_bytes()), \ base64.b64encode(publ.to_bytes())
def test_keypair(self): sk, vk = ed25519.create_keypair() self.failUnless(isinstance(sk, ed25519.SigningKey), sk) self.failUnless(isinstance(vk, ed25519.VerifyingKey), vk) sk2, vk2 = ed25519.create_keypair() self.failIfEqual(hexlify(sk.to_bytes()), hexlify(sk2.to_bytes())) # you can control the entropy source def not_so_random(length): return b"4"*length sk1, vk1 = ed25519.create_keypair(entropy=not_so_random) self.failUnlessEqual(sk1.to_ascii(encoding="base64"), b"NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ") self.failUnlessEqual(vk1.to_ascii(encoding="base64"), b"6yzxO/euOl9hQWih+wknLTl3HsS4UjcngV5GbK+O4WM") sk2, vk2 = ed25519.create_keypair(entropy=not_so_random) self.failUnlessEqual(sk1.to_ascii(encoding="base64"), sk2.to_ascii(encoding="base64")) self.failUnlessEqual(vk1.to_ascii(encoding="base64"), vk2.to_ascii(encoding="base64"))
def test_keypair(self): sk, vk = ed25519.create_keypair() self.failUnless(isinstance(sk, ed25519.SigningKey), sk) self.failUnless(isinstance(vk, ed25519.VerifyingKey), vk) sk2, vk2 = ed25519.create_keypair() self.failIfEqual(hexlify(sk.to_bytes()), hexlify(sk2.to_bytes())) # you can control the entropy source def not_so_random(length): return "4"*length sk1, vk1 = ed25519.create_keypair(entropy=not_so_random) self.failUnlessEqual(sk1.to_ascii(encoding="base64"), "NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ") self.failUnlessEqual(vk1.to_ascii(encoding="base64"), "6yzxO/euOl9hQWih+wknLTl3HsS4UjcngV5GbK+O4WM") sk2, vk2 = ed25519.create_keypair(entropy=not_so_random) self.failUnlessEqual(sk1.to_ascii(encoding="base64"), sk2.to_ascii(encoding="base64")) self.failUnlessEqual(vk1.to_ascii(encoding="base64"), vk2.to_ascii(encoding="base64"))
def generate_key(): """ To generate ed25519 key pair, and use verifying_key as api_token. :return: """ signing_key, verifying_key = ed25519.create_keypair() # open("my-secret-key","wb").write(signing_key.to_bytes()) vkey_hex = verifying_key.to_ascii(encoding="hex").decode() # print("the public key is", str(vkey_hex)) return vkey_hex
def _create_key_pair(seed=None): if seed is not None: if len(seed) > 32: raise Exception('max seed length is 32') seed = seed.encode('utf-8') kwargs = {} if seed is not None: kwargs['entropy'] = lambda x: seed.ljust(32) return ed25519.create_keypair(**kwargs)
def __init__(self, display_name, aid=None, mac=None, pincode=None, iid_manager=None, setup_id=None): """Initialise with the given properties. :param display_name: Name to be displayed in the Home app. :type display_name: str :param aid: The accessory ID, uniquely identifying this accessory. `Accessories` that advertised on the network must have the standalone AID. Defaults to None, in which case the `AccessoryDriver` will assign the standalone AID to this `Accessory`. :type aid: int :param mac: The MAC address of this `Accessory`, needed by HAP clients. Defaults to None, in which case the `AccessoryDriver` will assign a random MAC address to this `Accessory`. :type mac: str :param pincode: The pincode that HAP clients must prove they know in order to pair with this `Accessory`. Defaults to None, in which case a random pincode is generated. The pincode has the format "xxx-xx-xxx", where x is a digit. :type pincode: bytearray :param setup_id: Setup ID can be provided, although, per spec, should be random every time the instance is started. If not provided on init, will be random. 4 digit string 0-9 A-Z :type setup_id: str """ self.display_name = display_name self.aid = aid self.mac = mac self.config_version = 2 self.reachable = True self._pincode = pincode self._setup_id = setup_id self.broker = None # threading.Event that gets set when the Accessory should stop. self.run_sentinel = None sk, vk = ed25519.create_keypair() self.private_key = sk self.public_key = vk self.paired_clients = {} self.services = [] self.iid_manager = iid_manager or IIDManager() self._set_services()
def make_keys(self, overwrite=False): """Makes public and private keys for signing and verification Kwargs: overwrite (bool): Determines if existing keys are overwritten """ # Makes a set of private and public keys # Used for authentication log.debug(u'Making keys') self.privkey, self.pubkey = ed25519.create_keypair() self._write_keys_to_file(overwrite)
async def login(websocket, session): assert not session username = await aioconsole.ainput('Username: '******'Password: '******'login', [username, password, session_key]) session.append(private_key)
def test_import_sign(self): s_key, v_key = ed25519.create_keypair() key = AsymmetricKey.put(self.session, 0, 'Test Ed25519', 0xffff, CAPABILITY.SIGN_EDDSA, load_ed25519_private_key(s_key.to_seed())) data = os.urandom(129) sig = key.sign_eddsa(data) v_key.verify(sig, data) self.assertEqual(sig, s_key.sign(data)) pub = key.get_public_key() self.assertEqual(v_key.to_bytes(), serialize_ed25519_public_key(pub)) key.delete()
def ed25519_generate_key_pair(): """ Generate a new key pair and return the pair encoded in base58 """ sk, vk = ed25519.create_keypair() # Private key private_value_base58 = Ed25519SigningKey(base58.b58encode(sk.to_bytes())).to_ascii() # Public key public_value_compressed_base58 = Ed25519VerifyingKey(base58.b58encode(vk.to_bytes())).to_ascii() return private_value_base58, public_value_compressed_base58
def generate_signing(signing_key, verifying_key, passphrase=None): # Generate the keys sk, vk = ed25519.create_keypair() # TODO: Encrypt the private key (like passphrase -> key, and AES) # signing_key: private part, verifying_key: public part with open(verifying_key, 'wt') as pubfile, open(signing_key, 'wt') as privfile: pubfile.write(vk.to_bytes().hex()) privfile.write(sk.to_bytes().hex())
def generate_key(cls, level, expiration_ms=None): signing_key, verifying_key = ed25519.create_keypair() expires_at_ms = None if expiration_ms: expires_at_ms = int(round(time.time() * 1000)) + expiration_ms return cls( verifying_key=verifying_key, signing_key=signing_key, level=level, expires_at_ms=expires_at_ms )
def __init__(self, port, keypair_seed): self.socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP) self.socket.bind(("", port)) self.socket.settimeout(0.05) self.public_key, self.private_key = ed25519.create_keypair(keypair_seed) self.certificate_requests = {} self.accounts = { "nightcracker": (0, binascii.unhexlify("f3b2ae5cb5032ae47c72de331d7dd674914716bd")), "orpheon": (1, binascii.unhexlify("fae11bb38d7fe48dced1a0c070d4c6efafeae931")) }
def gen_key(self): priv, verifying_key = ed25519.create_keypair() print(verifying_key) vkey_hex = verifying_key.to_ascii(encoding="hex") s = open('.env').read() s = s.replace("GATE_PUB_KEYS=", "GATE_PUB_KEYS="+vkey_hex) f = open('.env', 'w') f.write(s) f.close() self.get_env() open(os.environ['GATE_SEED_PATH'],"wb").write(priv.to_bytes()) vkey = os.environ['GATE_PUB_KEYS'].split(',')[0] print "the public key is", vkey
def create_node(so, stdout=sys.stdout, stderr=sys.stderr): basedir = so["basedir"] if os.path.exists(basedir): print >>stderr, "basedir '%s' already exists, refusing to touch it" % basedir return 1 os.mkdir(basedir) sqlite, db = database.get_db(os.path.join(basedir, "toolbed.db"), stderr) c = db.cursor() c.execute("INSERT INTO node (webport) VALUES (?)", (so["webport"],)) c.execute("INSERT INTO services (name) VALUES (?)", ("client",)) sk,vk = ed25519.create_keypair() sk_s = sk.to_ascii(prefix="sk0", encoding="base32") vk_s = vk.to_ascii(prefix="vk0", encoding="base32") c.execute("INSERT INTO `client_config`" " (`privkey`, `pubkey`, `relay_location`) VALUES (?,?,?)", (sk_s, vk_s, so["relay"])) c.execute("INSERT INTO `client_profile`" " (`name`, `icon_data`) VALUES (?,?)", ("","")) db.commit() print >>stdout, "node created in %s" % basedir return 0
def test_prefix(self): sk1,vk1 = ed25519.create_keypair() PREFIX = "private0-" p = sk1.to_bytes(PREFIX) # that gives us a binary string with a prefix self.failUnless(p.startswith(PREFIX), repr(p)) sk2 = ed25519.SigningKey(p, prefix=PREFIX) self.failUnlessEqual(sk1, sk2) self.failUnlessEqual(repr(sk1.to_bytes()), repr(sk2.to_bytes())) self.failUnlessRaises(ed25519.BadPrefixError, ed25519.SigningKey, p, prefix="WRONG-") # SigningKey.to_seed() can do a prefix too p = sk1.to_seed(PREFIX) self.failUnless(p.startswith(PREFIX), repr(p)) sk3 = ed25519.SigningKey(p, prefix=PREFIX) self.failUnlessEqual(sk1, sk3) self.failUnlessEqual(repr(sk1.to_bytes()), repr(sk3.to_bytes())) self.failUnlessRaises(ed25519.BadPrefixError, ed25519.SigningKey, p, prefix="WRONG-") # verifying keys can do this too PREFIX = "public0-" p = vk1.to_bytes(PREFIX) self.failUnless(p.startswith(PREFIX), repr(p)) vk2 = ed25519.VerifyingKey(p, prefix=PREFIX) self.failUnlessEqual(vk1, vk2) self.failUnlessEqual(repr(vk1.to_bytes()), repr(vk2.to_bytes())) self.failUnlessRaises(ed25519.BadPrefixError, ed25519.VerifyingKey, p, prefix="WRONG-") # and signatures PREFIX = "sig0-" p = sk1.sign("msg", PREFIX) self.failUnless(p.startswith(PREFIX), repr(p)) vk1.verify(p, "msg", PREFIX) self.failUnlessRaises(ed25519.BadPrefixError, vk1.verify, p, "msg", prefix="WRONG-")
def _new_key(self): sk, vk = ed25519.create_keypair() return sk
import ed25519 import base64 private_key, public_key = ed25519.create_keypair() message = b"Ok to open that door." print(base64.b64encode(private_key.to_seed()).decode('ASCII')) print(base64.b64encode(public_key.to_bytes()).decode('ASCII')) print(base64.b64encode(private_key.sign(message)).decode('ASCII'))
def _create_key(self): sk, vk = ed25519.create_keypair() self._store_key(sk)
'meta_service': 'http://meta.openmedialibrary.com/api/', 'release_url': 'http://downloads.openmedialibrary.com/release.json', } for key in server_defaults: if key not in server: server[key] = server_defaults[key] release = pdict(os.path.join(config_path, 'release.json')) if os.path.exists(key_path): with open(key_path, 'rb') as fd: sk = ed25519.SigningKey(fd.read()) vk = sk.get_verifying_key() else: sk, vk = ed25519.create_keypair() with open(key_path, 'wb') as fd: os.chmod(key_path, 0o600) fd.write(sk.to_bytes()) os.chmod(key_path, 0o400) USER_ID = get_user_id(ssl_key_path, ssl_cert_path) OLD_USER_ID = vk.to_ascii(encoding='base64').decode() OML_UPDATE_KEY='K55EZpPYbP3X+3mA66cztlw1sSaUMqGwfTDKQyP2qOU' if 'modules' in release and 'openmedialibrary' in release['modules']: MINOR_VERSION = release['modules']['openmedialibrary']['version'] else: MINOR_VERSION = 'git'
def manage_certificate(self): if self.certificate is None and (time.time() - self.last_certificate_request_time) > 5.0: self.last_certificate_request_time = time.time() self.last_certificate_request_nonce = os.urandom(32) self.last_certificate_request_public_key, self.last_certificate_request_private_key = ed25519.create_keypair(ed25519.create_seed()) message = self.last_certificate_request_nonce message += struct.pack("32p", self.username) message += self.last_certificate_request_public_key self.socket.sendto(CERT_REQUEST_INIT + message, self.ca_address)