def __encrypt_secret(public_key: str, secret_value: str) -> str:
# https://developer.github.com/v3/actions/secrets/#example-encrypting-a-secret-using-python
public_key = public.PublicKey(public_key.encode('utf-8'),
encoding.Base64Encoder())
sealed_box = public.SealedBox(public_key)
encrypted = sealed_box.encrypt(secret_value.encode('utf-8'))
return b64encode(encrypted).decode('utf-8')
def encrypt(public_key: str, secret_value: str) -> str:
"""Encrypt a Unicode string using the public key."""
public_key = public.PublicKey(public_key.encode("utf-8"),
encoding.Base64Encoder())
sealed_box = public.SealedBox(public_key)
encrypted = sealed_box.encrypt(secret_value.encode("utf-8"))
return b64encode(encrypted).decode("utf-8")
def generate_zos_keys(node_public_key):
"""Generate a new set of wireguard key pair and encrypt
the private side using the public key of a 0-OS node.
Args:
node_public_key (str): hex encoded public key of 0-OS node.
This is the format you find in the explorer
Returns:
tuple: tuple containing 3 fields (private key, private key encrypted, public key)
"""
wg_private = public.PrivateKey.generate()
wg_public = wg_private.public_key
wg_private_base64 = wg_private.encode(Base64Encoder)
wg_public_base64 = wg_public.encode(Base64Encoder)
node_public_bin = binascii.unhexlify(node_public_key)
node_public = VerifyKey(node_public_bin)
box = public.SealedBox(node_public.to_curve25519_public_key())
wg_private_encrypted = box.encrypt(wg_private_base64)
wg_private_encrypted_hex = binascii.hexlify(wg_private_encrypted)
return (wg_private_base64.decode(), wg_private_encrypted_hex.decode(),
wg_public_base64.decode())
def _encrypt_github_secret(public_key, secret_value):
"""Encrypt a Unicode string using the public key."""
public_key = public.PublicKey(public_key.encode("utf-8"),
encoding.Base64Encoder())
sealed_box = public.SealedBox(public_key)
encrypted = sealed_box.encrypt(secret_value.encode("utf-8"))
return base64.b64encode(encrypted).decode("utf-8")
def encrypt(encrypt_key: str, secret_value: str) -> str:
#private_key = public.PrivateKey.generate()
public_key = public.PublicKey(encrypt_key.encode("utf-8"),
encoding.Base64Encoder())
sealed_box = public.SealedBox(public_key)
encrypted = sealed_box.encrypt(secret_value.encode("utf-8"))
### print(encrypted)
return b64encode(encrypted).decode("utf-8")
def encrypt_secrets(self):
logging.info(f'正在加密{self.secrets_key}')
public_key = public.PublicKey(self.public_key['key'].encode('utf-8'),
encoding.Base64Encoder())
sealed_box = public.SealedBox(public_key)
encrypted = sealed_box.encrypt(self.secrets_value.encode('utf-8'))
encrypted_value = b64encode(encrypted).decode('utf-8')
logging.info(f'加密{self.secrets_key}成功')
return encrypted_value
def encrypt_secret(self, node_id, value):
key = base58.b58decode(node_id)
pk = signing.VerifyKey(key)
encryption_key = pk.to_curve25519_public_key()
box = public.SealedBox(encryption_key)
result = box.encrypt(value.encode())
return binascii.hexlify(result).decode()
def encrypt(publicKey: str, secretValue: str) -> str:
publicKey = public.PublicKey(publicKey.encode("utf-8"),
encoding.Base64Encoder())
sealed_box = public.SealedBox(publicKey)
encrypted = sealed_box.encrypt(secretValue.encode("utf-8"))
return b64encode(encrypted).decode("utf-8")
def encrypt_secret(public_key: str, secret_value: str) -> str:
""" Encrypt a string for use as a GitHub secret using a public key """
public_key = public.PublicKey(
public_key.encode("utf-8"),
encoding.Base64Encoder(),
)
sealed_box = public.SealedBox(public_key)
encrypted = sealed_box.encrypt(secret_value.encode("utf-8"))
return b64encode(encrypted).decode("utf-8")
def encrypt_using_key(value: str, key: str) -> str:
sealed_box = public.SealedBox(
public.PublicKey(
key.encode('utf-8'),
encoding.Base64Encoder(),
), )
encrypted = sealed_box.encrypt(value.encode('utf-8'))
return base64.b64encode(encrypted).decode('utf-8')
def encrypt_secret(public_key, secret_value):
"""Encrypt a Unicode string using the public key."""
from base64 import encodebytes
from nacl import encoding, public
public_key = public.PublicKey(public_key.encode("utf-8"),
encoding.Base64Encoder())
sealed_box = public.SealedBox(public_key)
encrypted = sealed_box.encrypt(secret_value.encode("utf-8"))
return encodebytes(encrypted).decode("utf-8")
def encrypt(public_key: str, secret_value: str) -> str:
"""
Encrypt a Unicode string using the public key
https://developer.github.com/v3/actions/secrets/#example-encrypting-a-secret-using-python
"""
public_key = public.PublicKey(public_key.encode("utf-8"),
encoding.Base64Encoder())
sealed_box = public.SealedBox(public_key)
encrypted = sealed_box.encrypt(secret_value.encode("utf-8"))
return b64encode(encrypted).decode("utf-8")
def encrypt_secret(user_public_key: str, secret_value: str):
"""
Encrypt a Unicode string using the public key.
https://docs.github.com/en/rest/reference/actions#create-or-update-a-repository-secret
"""
public_key = public.PublicKey(user_public_key.encode("utf-8"),
encoding.Base64Encoder())
sealed_box = public.SealedBox(public_key)
encrypted = sealed_box.encrypt(secret_value.encode("utf-8"))
return b64encode(encrypted).decode("utf-8")
def _encrypt_for_github_actions(self, public_key: str,
secret_value: str) -> str:
from base64 import b64encode
from nacl import encoding, public
"""Encrypt a Unicode string using the public key."""
public_key = public.PublicKey(public_key.encode("utf-8"),
encoding.Base64Encoder())
sealed_box = public.SealedBox(public_key)
encrypted = sealed_box.encrypt(secret_value.encode("utf-8"))
return b64encode(encrypted).decode("utf-8")
def encrypt(public_key: str, secret_value: str) -> str:
"""Encrypt a Unicode string using the public key.
Args:
public_key: (str) encryption salt public key.
secret_value: (str) value for encrypt.
Returns:
Encrypted Unicode string.
"""
public_key = public.PublicKey(public_key.encode('utf-8'), encoding.Base64Encoder())
sealed_box = public.SealedBox(public_key)
encrypted = sealed_box.encrypt(secret_value.encode('utf-8'))
return b64encode(encrypted).decode('utf-8')
def encrypt_sync_secret(public_key: str, token: str) -> str:
"""
Encrypt the sync secret (which is the PAT).
:param public_key: Public key of the repo we want to create a secret for
:param token: The users PAT with repo scope as the secret
:return: The encrypted secret (PAT)
"""
"""Encrypt a Unicode string using the public key."""
public_key = public.PublicKey(public_key.encode("utf-8"),
encoding.Base64Encoder())
sealed_box = public.SealedBox(public_key)
encrypted = sealed_box.encrypt(token.encode("utf-8"))
return b64encode(encrypted).decode("utf-8")
def encrypt_sync_secret(public_key: Union[str, PublicKey],
token: Union[str, bool]) -> str:
"""
Encrypt the sync secret (which is the PAT).
:param public_key: Public key of the repo we want to create a secret for
:param token: The users PAT with repo scope as the secret
:return: The encrypted secret (PAT)
"""
"""Encrypt a Unicode string using the public key."""
log.debug("Encrypting Github repository secret.")
public_key = public.PublicKey(public_key.encode("utf-8"),
encoding.Base64Encoder()) # type: ignore
sealed_box = public.SealedBox(public_key)
encrypted = sealed_box.encrypt(token.encode("utf-8")) # type: ignore
return b64encode(encrypted).decode("utf-8")
def decrypt_file(loaded_private_key, file):
if file.endswith(".crypt"):
file = os.path.abspath(file)
outfile = re.sub('\.crypt$', '', file)
with open(file, 'rb') as in_file:
data = in_file.read()
box = public.SealedBox(loaded_private_key)
decrypted = box.decrypt(data)
with open(outfile, 'wb') as out_file:
out_file.write(decrypted)
print("Decrypted {0} to {1}".format(file, outfile))
def decrypt_files_in_dir(loaded_private_key, directory):
for file in os.listdir(directory):
if file.endswith(".crypt"):
try:
file = os.path.join(os.path.abspath(directory), file)
outfile = re.sub('\.crypt$', '', file)
with open(file, 'rb') as in_file:
data = in_file.read()
box = public.SealedBox(loaded_private_key)
decrypted = box.decrypt(data)
with open(outfile, 'wb') as out_file:
out_file.write(decrypted)
print("Decrypted {0} to {1}".format(file, outfile))
except:
print("Failed to decrypt {0}".format(file))
def encrypt(self, public_key, value):
"""
Encrypt a Unicode string using the public key.
:param public_key: str
:param value: str
:return: str
"""
public_key_encoded = public.PublicKey(public_key.encode("utf-8"),
encoding.Base64Encoder())
sealed_box = public.SealedBox(public_key_encoded)
encrypted = sealed_box.encrypt(value.encode("utf-8"))
encrypted_string = self._base64encode(encrypted)
# In Python 3.1+ base64.encodebytes inserts "\n" after every 76 bytes of output and
# adds a trailing newline character to follow RFC 2045
# https://docs.python.org/3/library/base64.html#base64.encodebytes
# To make sure GitHub API accepts payload, remove "\n" from the encrypted value.
result = encrypted_string.replace("\n", "")
self._log("Encrypted value %s", result)
return result
def encrypt_secret(self, node_id: str, value: str) -> str:
"""encrypt value with the public key of the node identity by node_id
use this method to generate the content of 'secret_env' argument of the create method
Args:
node_id(str): target node ID
value(str): value to encrypt
node_id: str:
value: str:
Returns:
str: encrypted string
"""
key = base58.b58decode(node_id)
pk = signing.VerifyKey(key)
encryption_key = pk.to_curve25519_public_key()
box = public.SealedBox(encryption_key)
result = box.encrypt(value.encode())
return binascii.hexlify(result).decode()
def encrypt(public_key, plaintext):
public_key = public.PublicKey(public_key.encode("utf-8"), encoding.Base64Encoder())
sealed_box = public.SealedBox(public_key)
encrypted = sealed_box.encrypt(plaintext.encode("utf-8"))
return b64encode(encrypted).decode("utf-8")
def encrypt(public_key, secret_value):
public_key = public.PublicKey(public_key.encode("utf-8"), encoding.Base64Encoder())
sealed_box = public.SealedBox(public_key)
encrypted = sealed_box.encrypt(secret_value.encode("utf-8"))
return b64encode(encrypted).decode("utf-8")
def sealed_box(public_key, data):
box = public.SealedBox(public_key)
return box.encrypt(data)
