def add_new_channel(self, nA, nB):
a_signkey = SigningKey.generate()
a_chankey = PrivateKey.generate()
a_CIDkey = os.urandom(32)
a_transports = nA.agent.individualize_transports(nA.agent.get_transports())
b_signkey = SigningKey.generate()
b_chankey = PrivateKey.generate()
b_CIDkey = os.urandom(32)
b_transports = nB.agent.individualize_transports(nB.agent.get_transports())
a_rec = { "channel_pubkey": a_chankey.public_key.encode().encode("hex"),
"CID_key": a_CIDkey.encode("hex"),
"transports": a_transports.values(),
}
b_rec = { "channel_pubkey": b_chankey.public_key.encode().encode("hex"),
"CID_key": b_CIDkey.encode("hex"),
"transports": b_transports.values(),
}
q = ("INSERT INTO addressbook"
" (petname, acked, next_outbound_seqnum,"
" my_signkey,"
" their_channel_record_json,"
" my_CID_key, next_CID_token,"
" highest_inbound_seqnum,"
" my_old_channel_privkey, my_new_channel_privkey,"
" they_used_new_channel_key, their_verfkey)"
" VALUES(?,?,?,?,?,?,?,?,?,?,?,?)")
vA=("petname-from-A", 1, 1,
a_signkey.encode().encode("hex"),
json.dumps(b_rec),
a_CIDkey.encode("hex"), None,
0,
a_chankey.encode().encode("hex"),
a_chankey.encode().encode("hex"),
0, b_signkey.verify_key.encode().encode("hex"),
)
vB=("petname-from-A", 1, 1,
b_signkey.encode().encode("hex"),
json.dumps(a_rec),
b_CIDkey.encode("hex"), None,
0,
b_chankey.encode().encode("hex"),
b_chankey.encode().encode("hex"),
0, a_signkey.verify_key.encode().encode("hex"),
)
nA.db.execute(q, vA)
nA.db.commit()
nB.db.execute(q, vB)
nA.db.commit()
entA = nA.db.execute("SELECT * FROM addressbook").fetchone()
entB = nB.db.execute("SELECT * FROM addressbook").fetchone()
return entA, entB
def test_nacl_encrypt_decrypt():
skbob = PrivateKey.generate()
pkbob = skbob.public_key
skalice = PrivateKey.generate()
pkalice = skalice.public_key
message_bytes = nacl.utils.random(SALT_SIZE)
encrypted = nacl_encrypt(message_bytes, skbob, pkalice)
decrypted = nacl_decrypt(encrypted, skalice, pkbob)
assert decrypted == message_bytes
def test_box_seal(
privalice, pubalice, privbob, pubbob, nonce, plaintext, ciphertext):
pubalice = PublicKey(pubalice, encoder=HexEncoder)
privalice = PrivateKey(privalice, encoder=HexEncoder)
plaintext = binascii.unhexlify(plaintext)
sealed = pubalice.seal(plaintext)
unsealed = privalice.seal_open(sealed)
assert plaintext == unsealed
sealed2 = privalice.seal(plaintext)
unsealed2 = privalice.seal_open(sealed2)
assert plaintext == unsealed2
def get_node(node_to_ask, recipient_guid, public_key):
def parse_response(response):
if not response[0]:
self.send_message(
Node(unhexlify(recipient_guid)),
nacl.signing.VerifyKey(public_key, encoder=nacl.encoding.HexEncoder)
.to_curve25519_public_key()
.encode(),
objects.PlaintextMessage.Type.Value("DISPUTE_OPEN"),
json.dumps(contract),
order_id,
store_only=True,
)
if node_to_ask:
enc_key = nacl.signing.VerifyKey(
public_key, encoder=nacl.encoding.HexEncoder
).to_curve25519_public_key()
skephem = PrivateKey.generate()
pkephem = skephem.public_key.encode(nacl.encoding.RawEncoder)
box = Box(skephem, enc_key)
nonce = nacl.utils.random(Box.NONCE_SIZE)
ciphertext = box.encrypt(json.dumps(contract, indent=4), nonce)
d = self.protocol.callDisputeOpen(node_to_ask, pkephem, ciphertext)
return d.addCallback(parse_response)
else:
return parse_response([False])
def authenticate(self, permissions=[]): #TODO check is needs to = None
keys = PrivateKey.generate()
nonce = nacl.utils.random(Box.NONCE_SIZE)
payload = {
'app': {
'name': self.name,
'version': self.version,
'vendor': self.vendor,
'id': self.id
},
'publicKey': base64.b64encode(keys.public_key.__bytes__()),
'nonce': base64.b64encode(nonce),
'permissions': permissions
}
headers = {
'Content-Type': 'application/json'
}
r = self._post('auth', headers, payload)
if r.status_code == 200:
responseJson = r.json()
cipherText = base64.b64decode(responseJson['encryptedKey'])
self.token = responseJson['token']
self.permissions = responseJson['permissions']
self.publicKey = base64.b64decode(responseJson['publicKey'])
box = Box(keys, PublicKey(self.publicKey))
data = box.decrypt(cipherText, nonce=nonce)
self.symmetricKey = data[0:PrivateKey.SIZE]
self.symmetricNonce = data[PrivateKey.SIZE:]
return True
else:
return False
def send_message(self, receiving_node, public_key, message_type, message, subject=None):
"""
Sends a message to another node. If the node isn't online it
will be placed in the dht for the node to pick up later.
"""
pro = Profile().get()
if len(message) > 1500:
return
p = objects.Plaintext_Message()
p.sender_guid = self.kserver.node.id
p.signed_pubkey = self.kserver.node.signed_pubkey
p.encryption_pubkey = PrivateKey(self.signing_key.encode()).public_key.encode()
p.type = message_type
p.message = message
if subject is not None:
p.subject = subject
if pro.handle:
p.handle = pro.handle
if pro.avatar_hash:
p.avatar_hash = pro.avatar_hash
p.timestamp = int(time.time())
signature = self.signing_key.sign(p.SerializeToString())[:64]
p.signature = signature
skephem = PrivateKey.generate()
pkephem = skephem.public_key.encode(nacl.encoding.RawEncoder)
box = Box(skephem, PublicKey(public_key, nacl.encoding.HexEncoder))
nonce = nacl.utils.random(Box.NONCE_SIZE)
ciphertext = box.encrypt(p.SerializeToString(), nonce)
def get_response(response):
if not response[0]:
self.kserver.set(digest(receiving_node.id), pkephem, ciphertext)
self.protocol.callMessage(receiving_node, pkephem, ciphertext).addCallback(get_response)
def send_rekey(self):
self.pkey = PrivateKey.generate()
msg = six.int2byte(Message.rekey) + encode_varint(self.my_seq) + self.pkey.public_key._public_key
mac = self.get_mac(msg)
self.my_seq += 1
self._send(msg + mac)
self.state = ClientState.rekey
def test_list_request(self):
serverkey = PrivateKey.generate()
RT = "01234567" # 8 bytes
req, tmppub = retrieval.encrypt_list_request(serverkey.public_key.encode(), RT)
got_tmppub, boxed0 = server.decrypt_list_request_1(req)
ts, got_RT = server.decrypt_list_request_2(got_tmppub, boxed0, serverkey)
self.failUnlessEqual(RT, got_RT)
def get_node(node_to_ask):
def parse_response(response):
if response[0] and response[1][0] == "True":
return True
elif not response[0]:
contract_dict = json.loads(json.dumps(contract.contract, indent=4),
object_pairs_hook=OrderedDict)
del contract_dict["vendor_order_confirmation"]
order_id = digest(json.dumps(contract_dict, indent=4)).encode("hex")
self.send_message(Node(unhexlify(guid)),
nacl.signing.VerifyKey(
contract.contract["buyer_order"]["order"]["id"]["pubkeys"]["guid"],
encoder=nacl.encoding.HexEncoder).to_curve25519_public_key().encode(),
objects.PlaintextMessage.Type.Value("ORDER_CONFIRMATION"),
json.dumps(contract.contract["vendor_order_confirmation"]),
order_id,
store_only=True)
return True
else:
return False
if node_to_ask:
public_key = nacl.signing.VerifyKey(
contract.contract["buyer_order"]["order"]["id"]["pubkeys"]["guid"],
encoder=nacl.encoding.HexEncoder).to_curve25519_public_key()
skephem = PrivateKey.generate()
pkephem = skephem.public_key.encode(nacl.encoding.RawEncoder)
box = Box(skephem, public_key)
nonce = nacl.utils.random(Box.NONCE_SIZE)
ciphertext = box.encrypt(json.dumps(contract.contract, indent=4), nonce)
d = self.protocol.callOrderConfirmation(node_to_ask, pkephem, ciphertext)
return d.addCallback(parse_response)
else:
return parse_response([False])
def respond_to_rekey(self, message):
# Verify length
if not len(message) == 34 + self._mac_length:
_logger.info('Invalid length of rekey')
# TODO: Multi-byte asequence numbers should also be allowed
return
# Verify MAC
msg, sig = message[:-self._mac_length], message[-self._mac_length:]
if not self.verify_mac(message):
_logger.info('Invalid MAC on rekey')
return
# Verify sequence number
if not self.validate_and_update_others_seqnum(msg):
_logger.info('Invalid sequence number on rekey')
return
client_pubkey = msg[2:]
self.pkey = PrivateKey.generate()
self.new_master_key = self.derive_shared_key(client_pubkey)
msg = six.int2byte(Message.rekey_response) + encode_varint(self.my_seq) + self.pkey.public_key._public_key
self.state = ServerState.rekey
full_msg = msg + self.get_mac(msg)
self._send(full_msg)
self.my_seq += 1
def purchase(self, node_to_ask, contract):
"""
Send an order message to the vendor.
Args:
node_to_ask: a `dht.node.Node` object
contract: a complete `Contract` object containing the buyer's order
"""
def parse_response(response):
try:
address = contract.contract["buyer_order"]["order"]["payment"]["address"]
chaincode = contract.contract["buyer_order"]["order"]["payment"]["chaincode"]
masterkey_b = contract.contract["buyer_order"]["order"]["id"]["pubkeys"]["bitcoin"]
buyer_key = derive_childkey(masterkey_b, chaincode)
amount = contract.contract["buyer_order"]["order"]["payment"]["amount"]
listing_hash = contract.contract["buyer_order"]["order"]["ref_hash"]
verify_key = nacl.signing.VerifyKey(node_to_ask.signed_pubkey[64:])
verify_key.verify(
str(address) + str(amount) + str(listing_hash) + str(buyer_key), response[1][0])
return response[1][0]
except Exception:
return False
public_key = contract.contract["vendor_offer"]["listing"]["id"]["pubkeys"]["encryption"]
skephem = PrivateKey.generate()
pkephem = skephem.public_key.encode(nacl.encoding.RawEncoder)
box = Box(skephem, PublicKey(public_key, nacl.encoding.HexEncoder))
nonce = nacl.utils.random(Box.NONCE_SIZE)
ciphertext = box.encrypt(json.dumps(contract.contract, indent=4), nonce)
d = self.protocol.callOrder(node_to_ask, pkephem, ciphertext)
self.log.info("purchasing contract %s from %s" % (contract.get_contract_id().encode("hex"), node_to_ask))
return d.addCallback(parse_response)
def create_node(so, stdout=sys.stdout, stderr=sys.stderr):
basedir = so["basedir"]
if os.path.exists(basedir):
print >>stderr, "basedir '%s' already exists, refusing to touch it" % basedir
return 1
os.mkdir(basedir)
dbfile = os.path.join(basedir, "petmail.db")
db = database.get_db(dbfile, stderr)
db.execute("INSERT INTO node (webhost, webport) VALUES (?,?)",
(so["webhost"], so["webport"]))
db.execute("INSERT INTO services (name) VALUES (?)", ("client",))
db.execute("INSERT INTO `client_profile`"
" (`name`, `icon_data`) VALUES (?,?)",
("",""))
privkey = PrivateKey.generate()
TID_tokenid, TID_privkey, TID_token0 = rrid.create()
server_desc = { "transport_privkey": privkey.encode().encode("hex"),
"TID_private_key": TID_privkey.encode("hex"),
"local_TID0": TID_token0.encode("hex"),
"local_TID_tokenid": TID_tokenid.encode("hex"),
}
db.execute("INSERT INTO mailbox_server_config"
" (private_descriptor_json, enable_retrieval)"
" VALUES (?,?)",
(json.dumps(server_desc), 0))
db.commit()
print >>stdout, "node created in %s" % basedir
return 0
def test_wrong_types():
priv = PrivateKey.generate()
check_type_error(("PrivateKey must be created from a 32 bytes long "
"raw secret key"),
PrivateKey, 12)
check_type_error(("PrivateKey must be created from a 32 bytes long "
"raw secret key"),
PrivateKey, priv)
check_type_error(("PrivateKey must be created from a 32 bytes long "
"raw secret key"),
PrivateKey, priv.public_key)
check_type_error("PublicKey must be created from 32 bytes",
PublicKey, 13)
check_type_error("PublicKey must be created from 32 bytes",
PublicKey, priv)
check_type_error("PublicKey must be created from 32 bytes",
PublicKey, priv.public_key)
check_type_error("Box must be created from a PrivateKey and a PublicKey",
Box, priv, "not a public key")
check_type_error("Box must be created from a PrivateKey and a PublicKey",
Box, priv.encode(), priv.public_key.encode())
check_type_error("Box must be created from a PrivateKey and a PublicKey",
Box, priv, priv.public_key.encode())
check_type_error("Box must be created from a PrivateKey and a PublicKey",
Box, priv.encode(), priv.public_key)
check_type_error("seed must be a 32 bytes long",
PrivateKey.from_seed, b"1")
def __enter__(self) -> typing.Tuple[PrivateKey, PrivateKey]:
"""
Provides a pair of private keys.
"""
# Derive the key from the passphrase.
derived = util.derive_passphrase(self.passphrase)
sign_box = SecretBox(derived)
enc_box = SecretBox(derived)
# Decrypt, using the two nonces.
s_d = sign_box.decrypt(self.key._private_signing_seed, self.key._private_signing_nonce)
e_d = enc_box.decrypt(self.key._private_key_raw, self.key._private_nonce)
# Generate a SigningKey out of the seed.
self.sign = SigningKey(s_d)
self.encrypt = PrivateKey(e_d)
# Update the key's public keys.
if self.key._public_key is None:
self.key._public_key = self.encrypt.public_key
if self.key._public_signing_key is None:
self.key._public_signing_key = self.sign.verify_key
return self.encrypt, self.sign
def storeAccount(phrase, uid, auth, alias):
"""
Store new account information
@param phrase: new passphrase as bytes
@param uid: user id
@param auth: authentication token
@param alias: user set alias for profile
@return: Profile ID of newly created profile and safe
"""
con = getCursor()
# random phrase buffer
buffer = nacl.utils.random(nacl.secret.SecretBox.KEY_SIZE)
# create safe (db encryption)
safe = SecretBox(b''.join((phrase, buffer[len(phrase) - 32:])))
# create new signing_key and verify_key (message signing)
skey = nacl.signing.SigningKey.generate()
# create new private and public key (message encryption)
mkey = PrivateKey.generate()
con.execute("INSERT INTO profiles (uid, auth, signing_key, verify_key, private_key, public_key, buffer, alias) "
"VALUES (?, ?, ?, ?, ?, ?, ?, ?)",
list(encrypt(safe, uid, auth, skey._seed, skey.verify_key.encode(encoder=nacl.encoding.HexEncoder),
mkey._private_key, mkey.public_key._public_key)) + [buffer, alias])
profileId = con.lastrowid
return profileId, safe
def __new__(cls, microdescriptor):
relay_identity = decodeMicrodescriptorIdentifier(microdescriptor)
relay_ntor_onion_key = base64.b64decode(microdescriptor.ntor_onion_key)
secret_key = PrivateKey.generate()
public_key = secret_key.public_key
return super(NTorState, cls).__new__(
cls, relay_identity, relay_ntor_onion_key, secret_key, public_key)
def get_node(node_to_ask):
def parse_response(response):
if response[0] and response[1][0] == "True":
return True
elif not response[0]:
contract_dict = json.loads(json.dumps(contract.contract, indent=4),
object_pairs_hook=OrderedDict)
del contract_dict["vendor_order_confirmation"]
del contract_dict["buyer_receipt"]
order_id = digest(json.dumps(contract_dict, indent=4)).encode("hex")
self.send_message(Node(unhexlify(guid)),
contract.contract["vendor_offer"]["listing"]["id"]["pubkeys"]["encryption"],
objects.Plaintext_Message.Type.Value("RECEIPT"),
json.dumps(contract.contract["buyer_receipt"]),
order_id,
store_only=True)
return True
else:
return False
if node_to_ask:
public_key = contract.contract["vendor_offer"]["listing"]["id"]["pubkeys"]["encryption"]
skephem = PrivateKey.generate()
pkephem = skephem.public_key.encode(nacl.encoding.RawEncoder)
box = Box(skephem, PublicKey(public_key, nacl.encoding.HexEncoder))
nonce = nacl.utils.random(Box.NONCE_SIZE)
ciphertext = box.encrypt(json.dumps(contract.contract, indent=4), nonce)
d = self.protocol.callCompleteOrder(node_to_ask, pkephem, ciphertext)
return d.addCallback(parse_response)
else:
return parse_response([False])
def key_gen(self): """Generate a private key""" import base64, zlib from nacl.public import PrivateKey privObj = PrivateKey.generate() privKey = base64.b64encode(zlib.compress(str(privObj), 9)) return privObj, privKey
def purchase(self, node_to_ask, contract):
"""
Send an order message to the vendor.
Args:
node_to_ask: a `dht.node.Node` object
contract: a complete `Contract` object containing the buyer's order
"""
def parse_response(response):
try:
address = contract.contract["buyer_order"]["order"]["payment"]["address"]
verify_key = nacl.signing.VerifyKey(node_to_ask.signed_pubkey[64:])
verify_key.verify(str(address), response[1][0])
return response[1][0]
except Exception:
return False
public_key = contract.contract["vendor_offer"]["listing"]["id"]["pubkeys"]["encryption"]
skephem = PrivateKey.generate()
pkephem = skephem.public_key.encode(nacl.encoding.RawEncoder)
box = Box(skephem, PublicKey(public_key, nacl.encoding.HexEncoder))
nonce = nacl.utils.random(Box.NONCE_SIZE)
ciphertext = box.encrypt(json.dumps(contract.contract, indent=4), nonce)
d = self.protocol.callOrder(node_to_ask, pkephem, ciphertext)
return d.addCallback(parse_response)
class IDPrivateKey:
def __init__(self, password = None, email = None):
if email is None:
self.salt = defaultsalt
else:
self.salt = email
if password is not None:
self.generate_key(password)
def generate_key(self, password):
self.pri = PrivateKey(scrypt(sha512(password,encoder = RawEncoder),
self.salt,
N = 1<<17,
r = 8,
p = 1,
buflen = 32),
encoder = RawEncoder)
pub = PublicID()
pub.salt = self.salt
pub.key = self.pri.public_key.encode()
self.pub = pub
def to_private_key(self):
return self.pri
def to_public_key(self):
return self.pub
def pri_base58(self):
return b58encode(self.pri.encode(encoder = RawEncoder))
def pub_base58(self):
return self.pub.base58()
def getauth(secret=''):
if secret != '':
try:
return nacl.public.PrivateKey(secret,encoder=nacl.encoding.HexEncoder)
except:
raise err.api('invalid secret')
else:
return PrivateKey.generate()
def generate_key(self):
"""
Generate a new private key and return a pair with the base64 encodings
of (priv_key, pub_key).
"""
key = PrivateKey.generate()
priv_key = key.encode(encoder=Base64Encoder)
pub_key = key.public_key.encode(encoder=Base64Encoder)
return (u'{}'.format(priv_key), u'{}'.format(pub_key))
def test_list_entry(self):
symkey = os.urandom(32)
tmppriv = PrivateKey.generate()
tmppub = tmppriv.public_key.encode()
entry, fetch_token, delete_token = server.create_list_entry(symkey, tmppub, 1234)
got_fetch_token, got_delete_token, length = retrieval.decrypt_list_entry(entry, symkey, tmppub)
self.failUnlessEqual(fetch_token, got_fetch_token)
self.failUnlessEqual(delete_token, got_delete_token)
self.failUnlessEqual(length, 1234)
def generate_key_hex(self):
"""
Generate a new private key and return a pair with the hex encodings
of (priv_key, pub_key).
"""
key = PrivateKey.generate()
priv_key = key.encode(encoder=HexEncoder)
pub_key = key.public_key.encode(encoder=HexEncoder)
return priv_key.decode('ascii'), pub_key.decode('ascii')
def test_sealed_box_too_short_msg():
empty_plaintext = b''
k = PrivateKey.generate()
enc_box = SealedBox(k.public_key)
dec_box = SealedBox(k)
msg = enc_box.encrypt(empty_plaintext)
with pytest.raises(CryptoError):
dec_box.decrypt(msg[:-1])
def startInvitation(self, petname, code, transports):
#print "invite", petname, code.encode("hex")
stretched = stretch(code)
inviteKey = SigningKey(stretched)
inviteID = inviteKey.verify_key.encode(Hex)
mySigningKey = SigningKey.generate()
myCIDkey = os.urandom(32)
myTempPrivkey = PrivateKey.generate()
# create my channel record
tids = ",".join([str(tid) for tid in sorted(transports.keys())])
channel_key = PrivateKey.generate()
pub_crec = { "channel_pubkey": channel_key.public_key.encode(Hex),
"CID_key": myCIDkey.encode("hex"),
"transports": transports.values(),
}
priv_data = { "my_signkey": mySigningKey.encode(Hex),
"my_CID_key": myCIDkey.encode("hex"),
"my_old_channel_privkey": channel_key.encode(Hex),
"my_new_channel_privkey": channel_key.encode(Hex),
"transport_ids": tids,
}
db = self.db
c = db.execute("SELECT inviteID FROM invitations")
if inviteID in [str(row[0]) for row in c.fetchall()]:
raise CommandError("invitation code already in use")
iid = db.insert("INSERT INTO `invitations`"
" (code, petname, inviteKey,"
" inviteID,"
" myTempPrivkey, mySigningKey,"
" my_channel_record, my_private_channel_data,"
" myMessages, theirMessages, nextExpectedMessage)"
" VALUES (?,?,?, ?, ?,?, ?,?, ?,?,?)",
(code.encode("hex"), petname, stretched.encode("hex"),
inviteID,
myTempPrivkey.encode(Hex), mySigningKey.encode(Hex),
json.dumps(pub_crec), json.dumps(priv_data),
"", "", 1),
"invitations")
self.subscribe(inviteID)
i = Invitation(iid, self.db, self)
i.sendFirstMessage()
self.db.commit()
def test_sealed_box_zero_length_plaintext():
empty_plaintext = b''
k = PrivateKey.generate()
enc_box = SealedBox(k.public_key)
dec_box = SealedBox(k)
msg = enc_box.encrypt(empty_plaintext)
decoded = dec_box.decrypt(msg)
assert decoded == empty_plaintext
def __init__(self, relay):
'''
:param stem.descriptor.server_descriptor.RelayDescriptor relay:
the relay that we're doing an ntor handshake with
'''
self._signing_key = tools.signingKeyToSHA1(relay.signing_key)
self._ntor_onion_key = base64.b64decode(relay.ntor_onion_key)
self._secret_key = PrivateKey.generate()
self._public_key = self._secret_key.public_key
self.is_bad = False
def asymmetricEncryption(toEncrypt): #generiranje privatnog kljuca posiljatelja koji mora ostati tajan skSender = PrivateKey.generate() #generiranje javnog kljuca posiljatelja pkSender = skSender.public_key #generiranje privatnog kljuca primatelja koji mora ostati tajan skReceiver = PrivateKey.generate() #generiranje javnog kljuca primatelja pkReceiver = skReceiver.public_key #"kutija" s posiljateljevim privatnim kljucem i primateljevim javnim kljucem #sluzi za enkriptiranje poruke senderBox = Box(skSender, pkReceiver) #broj koji se koristi samo jednom, ne smatra se tajnim i moze ga se slati uz enkriptiranu poruku #dobar izvor za nonce su nasumicna 24 byta nonce = nacl.utils.random(Box.NONCE_SIZE) #enkriptiranje poruke koja ce potom biti dulja za tocno 40 byta od originalne poruke #razlog tome je informacija o autentifikaciji i nonce koji se pohranjuju uz nju encrypted = senderBox.encrypt(toEncrypt, nonce, encoder = nacl.encoding.Base64Encoder) return pkSender, skReceiver, encrypted
def setUp(self):
super(RekeyCompleteTest, self).setUp()
self.session.send_rekey()
rekey_msg = self.channel.sent_messages.pop(0).msg
self.client_pubkey = rekey_msg[2:-self.mac_len]
pkey = PrivateKey.generate()
msg = b'\x83\x00' + pkey.public_key._public_key
mac = self.get_mac(msg)
response = self.get_response(msg + mac).msg
self.new_shared_key = crypto_scalarmult(pkey._private_key, self.client_pubkey)
def get_cybersource_test_settings(private_key=None):
"""
Generates a valid set of settings for CyberSource
"""
if private_key is None:
private_key = PrivateKey.generate()
return {
"CYBERSOURCE_WSDL_URL":
(f"http://localhost/service/CyberSourceTransaction_{SERVICE_VERSION}.wsdl"
),
"CYBERSOURCE_MERCHANT_ID":
"merchant_id",
"CYBERSOURCE_TRANSACTION_KEY":
"transaction_key",
"CYBERSOURCE_INQUIRY_LOG_NACL_ENCRYPTION_KEY":
Base64Encoder.encode(bytes(private_key.public_key)),
}
def keyMake(node, path):
## create a public, private, and signature key set
# generate the encryption keypair
key = PrivateKey.generate()
# generate the signature key
sig = nacl.signing.SigningKey.generate()
verify = sig.verify_key
sig_hex = verify.encode(encoder=nacl.encoding.HexEncoder)
# write all of the keys to file
with open(path + '/' + node + '.sig', 'w+') as signing_key:
pickle.dump(sig, signing_key)
with open(path + '/' + node + '.sighex', 'w+') as verify_hex:
pickle.dump(sig_hex, verify_hex)
with open(path + '/' + node + '.private', 'w+') as private:
pickle.dump(key, private)
with open(path + '/' + node + '.public', 'w+') as public:
pickle.dump(key.public_key, public)
def generate_keys():
logging.info("generating public-private key pair")
# create public/private pair
private_key = PrivateKey.generate()
public_key = private_key.public_key
key_length = private_key.SIZE * 8
# get key strings
public_key = public_key.encode(encoder=nacl.encoding.HexEncoder).decode()
private_key = private_key.encode(encoder=nacl.encoding.HexEncoder).decode()
# return key pair as dictionary
return({
"key_length_bits": key_length,
"public_key": public_key,
"private_key": private_key
})
def test_box_encryption(skalice, pkalice, skbob, pkbob, nonce, plaintext,
ciphertext):
pkalice = PublicKey(pkalice, encoder=HexEncoder)
skbob = PrivateKey(skbob, encoder=HexEncoder)
box = Box(skbob, pkalice)
encrypted = box.encrypt(
binascii.unhexlify(plaintext),
binascii.unhexlify(nonce),
encoder=HexEncoder,
)
expected = binascii.hexlify(
binascii.unhexlify(nonce) + binascii.unhexlify(ciphertext), )
assert encrypted == expected
assert encrypted.nonce == nonce
assert encrypted.ciphertext == ciphertext
def create_keychain(self):
print "Generating GUID, stand by..."
g = GUID()
self.guid = g.guid
self.guid_privkey = g.privkey
self.signing_key = nacl.signing.SigningKey(self.guid_privkey)
self.guid_signed_pubkey = g.signed_pubkey
self.db.set_key("guid", self.guid_privkey, self.guid_signed_pubkey)
self.bitcoin_master_privkey = bitcoin.bip32_master_key(
bitcoin.sha256(self.guid_privkey))
self.bitcoin_master_pubkey = bitcoin.bip32_privtopub(
self.bitcoin_master_privkey)
self.db.set_key("bitcoin", self.bitcoin_master_privkey,
self.bitcoin_master_pubkey)
self.encryption_key = PrivateKey(self.guid_privkey)
self.encryption_pubkey = self.encryption_key.public_key.encode()
def test_rekey(self):
pkey = PrivateKey.generate()
msg = b'\x03\x00' + pkey.public_key._public_key
response = self.send_with_mac(msg).msg
self.assertEqual(len(response), 34 + self.mac_len)
self.assert_correct_mac(response)
self.assertEqual(six.byte2int(response[1:]), 0x00)
self.assert_message_type(response, 0x83)
server_pubkey = response[2:-self.mac_len]
new_shared_secret = crypto_scalarmult(pkey._private_key, server_pubkey)
# Send confirm
self.session_key = new_shared_secret
msg = b'\x04'
response = self.send_with_mac(msg).msg
self.assert_correct_mac(response)
self.assert_message_type(response, 0x84)
self.assertEqual(self.session_key, self.channel.shared_key)
def read_config_file(commandlineoptions=None):
global config_file
if os.path.exists(config_file):
with open(config_file, 'r') as f:
return yaml.load(f)
else:
# generate the config file for the client including the secret key
# which must be kept secret
config = dict()
config['own_sk'] = PrivateKey.generate()
config['registration_successful'] = False
config['server_pk'] = PublicKey(
commandlineoptions.server_pk_str.decode('hex'))
config['contact_list'] = list()
config['username'] = "******"
config['status_msg'] = "Testing OnionPIR..."
save_config_file(config)
return config
def operator_key_pair_create():
try:
privKey = PrivateKey.generate()
pubKey = privKey.public_key
key_pair_res = {
"DID": ''.join(random.choices(string.ascii_uppercase + string.ascii_lowercase + string.digits, k=22)),
"public_key": binascii.b2a_base64(bytes(pubKey)).decode("utf-8").strip(),
"private_key": binascii.b2a_base64(bytes(privKey)).decode("utf-8").strip(),
"timestamp": str(int(time.time()))
}
client_key_res = copy.deepcopy(key_pair_res)
mongo_setup_provider.key_pair_col.insert_one(key_pair_res)
return jwt.encode(client_key_res, os.environ["VPNAAS_KEY"], algorithm="HS256")
except Exception as error:
logger.error(error)
sys.exit()
#tl.start(block=False)
def NACL_sealedBox_encrypt(text):
# Generate Bob's private key, as we've done in the Box example
skbob = PrivateKey.generate()
pkbob = skbob.public_key
# Alice wishes to send a encrypted message to Bob,
# but prefers the message to be untraceable
sealed_box = SealedBox(pkbob)
# This is Alice's message
message = bytes(text,'utf-8')
# Encrypt the message, it will carry the ephemeral key public part
# to let Bob decrypt it
encrypted = sealed_box.encrypt(message)
#Now, Bob wants to read the secret message he just received; therefore he must create a SealedBox using his own
#private key:
unseal_box = SealedBox(skbob)
# decrypt the received message
plaintext = unseal_box.decrypt(encrypted)
print(plaintext.decode('utf-8'))
return True
def parse_messages(messages):
if messages is not None:
for message in messages:
try:
value = objects.Value()
value.ParseFromString(message)
try:
box = Box(PrivateKey(self.signing_key.encode()),
PublicKey(value.valueKey))
ciphertext = value.serializedData
plaintext = box.decrypt(ciphertext)
p = objects.Plaintext_Message()
p.ParseFromString(plaintext)
signature = p.signature
p.ClearField("signature")
verify_key = nacl.signing.VerifyKey(
p.signed_pubkey[64:])
verify_key.verify(p.SerializeToString(), signature)
h = nacl.hash.sha512(p.signed_pubkey)
pow_hash = h[64:128]
if int(pow_hash[:6], 16) >= 50 or hexlify(
p.sender_guid) != h[:40]:
raise Exception('Invalid guid')
if p.type == objects.Plaintext_Message.Type.Value(
"ORDER_CONFIRMATION"):
c = Contract(self.db,
hash_value=unhexlify(p.subject))
c.accept_order_confirmation(
self.protocol.multiplexer.ws,
confirmation_json=p.message)
else:
listener.notify(
p.sender_guid, p.encryption_pubkey,
p.subject,
objects.Plaintext_Message.Type.Name(
p.type), p.message)
except Exception:
pass
signature = self.signing_key.sign(value.valueKey)[:64]
self.kserver.delete(self.kserver.node.id,
value.valueKey, signature)
except Exception:
pass
def generate_keys():
# Generate applications public and private key
# In practice, these would be set externally and stored outside the repository
sk = PrivateKey.generate()
pk = sk.public_key
# write to filesfor access if they don't exist
sk_path = os.path.join(os.path.dirname(__file__), "..", "private_key")
if not os.path.exists(sk_path):
# write as binary
with open(sk_path, 'wb') as f:
sk_bytes = bytes(sk)
f.write(sk_bytes)
pk_path = os.path.join(os.path.dirname(__file__), "..", "public_key")
if not os.path.exists(pk_path):
with open(pk_path, 'wb') as f:
pk_bytes = bytes(pk)
f.write(pk_bytes)
def rpc_complete_order(self, sender, pubkey, encrypted):
try:
box = Box(
PrivateKey(self.signing_key.encode(nacl.encoding.RawEncoder)),
PublicKey(pubkey))
order = box.decrypt(encrypted)
c = Contract(self.db,
contract=json.loads(order,
object_pairs_hook=OrderedDict),
testnet=self.multiplexer.testnet)
contract_id = c.accept_receipt(self.multiplexer.ws,
self.multiplexer.blockchain)
self.router.addContact(sender)
self.log.info("received receipt for order %s" % contract_id)
return ["True"]
except Exception:
self.log.error("unable to parse receipt from %s" % sender)
return ["False"]
def __init__(self, user, keyring, filename=None):
"""
we want to keep all the cryptographic functions as side-effect
free as possible, so when we instantiate a keyring we'll do as
much of the setup and I/O as possible.
"""
self.keyring = keyring
if not filename:
filename = keyring.lstrip('/key').replace('/', '.')
filename = os.path.join(DIR, '{}.{}'.format(user, filename))
try:
self._load_from_private_keyfile(filename)
except FileNotFoundError:
self.enc_key = PrivateKey.generate()
self.signing_key = nacl.signing.SigningKey.generate()
self.enc_key_id = uuid.uuid4().hex
self.signing_key_id = uuid.uuid4().hex
self._to_private_keyfile(filename)
def apply(document, config):
"""
Generates a deploy key, injects config/master keys and performs the extra deployment time encryption of secrets.
"""
url = util.rget(document, 'secretary', 'url')
if not url:
return config
# Check for encrypted secrets
found = False
for key, value in config.get('env', {}).iteritems():
envelopes = extractEnvelopes(value)
found = found or envelopes
# e.g. dots aren't valid in a shell identifier, so `secretary decrypt -e` wouldn't work with them
if envelopes and not _SHELL_IDENTIFIER_RE.match(key):
raise RuntimeError((
"The env var '%s' has an encrypted value but its name is not a valid shell script identifier and not supported by Secretary. "
+
"Only alphanumeric characters and underscores are supported, starting with an alphabetic or underscore character."
+
"Please check https://github.com/meltwater/lighter#secrets-management ."
) % key)
# Avoid adding public keys if no secrets present
if not found:
return config
result = deepcopy(config)
masterKey = decodePublicKey(
util.rget(document, 'secretary', 'master', 'publickey'))
result['env'] = result.get('env', {})
result['env']['SECRETARY_URL'] = url
result['env']['MASTER_PUBLIC_KEY'] = encodeKey(masterKey)
# Autogenerate a deploy key
deployKey = PrivateKey.generate()
result['env']['DEPLOY_PRIVATE_KEY'] = KeyValue(encodeKey(deployKey))
result['env']['DEPLOY_PUBLIC_KEY'] = KeyValue(
encodeKey(deployKey.public_key))
return result
def parse_messages(messages):
if messages is not None:
self.log.info("retrieved %s message(s) from the dht" % len(messages))
for message in messages:
try:
value = objects.Value()
value.ParseFromString(message)
try:
box = Box(PrivateKey(self.signing_key.encode()), PublicKey(value.valueKey))
ciphertext = value.serializedData
plaintext = box.decrypt(ciphertext).decode("zlib")
p = objects.PlaintextMessage()
p.ParseFromString(plaintext)
signature = p.signature
p.ClearField("signature")
verify_key = nacl.signing.VerifyKey(p.signed_pubkey[64:])
verify_key.verify(p.SerializeToString(), signature)
h = nacl.hash.sha512(p.signed_pubkey)
pow_hash = h[64:128]
if int(pow_hash[:6], 16) >= 50 or p.sender_guid.encode("hex") != h[:40]:
raise Exception('Invalid guid')
if p.type == objects.PlaintextMessage.Type.Value("ORDER_CONFIRMATION"):
c = Contract(self.db, hash_value=p.subject)
c.accept_order_confirmation(self.protocol.get_notification_listener(),
confirmation_json=p.message)
elif p.type == objects.PlaintextMessage.Type.Value("RECEIPT"):
c = Contract(self.db, hash_value=p.subject)
c.accept_receipt(self.protocol.get_notification_listener(),
self.protocol.multiplexer.blockchain,
receipt_json=p.message)
elif p.type == objects.PlaintextMessage.Type.Value("DISPUTE_OPEN"):
process_dispute(json.loads(p.message, object_pairs_hook=OrderedDict),
self.db, self.protocol.get_message_listener(),
self.protocol.get_notification_listener(),
self.protocol.multiplexer.testnet)
else:
listener.notify(p, signature)
except Exception:
pass
signature = self.signing_key.sign(value.valueKey)[:64]
self.kserver.delete(self.kserver.node.id, value.valueKey, signature)
except Exception:
pass
def _decrypt_and_set_private_key(self, private_key_store):
if not self.password:
raise AttributeError(
'No password found! Password must be set ahead!')
secure_key = pwhash.argon2i.kdf(
secret.SecretBox.KEY_SIZE,
Base64Encoder.decode(self.password),
Base64Encoder.decode(private_key_store['salt']),
opslimit=private_key_store['ops'],
memlimit=private_key_store['mem'],
)
encrypted = Base64Encoder.decode(private_key_store['private_key'])
box = secret.SecretBox(secure_key)
try:
self.private_key = PrivateKey(box.decrypt(encrypted))
self.public_key = self.private_key.public_key
return True
except Exception as e:
print(e)
def purchase(self, node_to_ask, contract):
"""
Send an order message to the vendor.
Args:
node_to_ask: a `dht.node.Node` object
contract: a complete `Contract` object containing the buyer's order
"""
def parse_response(response):
try:
address = contract.contract["buyer_order"]["order"]["payment"][
"address"]
chaincode = contract.contract["buyer_order"]["order"][
"payment"]["chaincode"]
masterkey_b = contract.contract["buyer_order"]["order"]["id"][
"pubkeys"]["bitcoin"]
buyer_key = derive_childkey(masterkey_b, chaincode)
amount = contract.contract["buyer_order"]["order"]["payment"][
"amount"]
listing_hash = contract.contract["buyer_order"]["order"][
"ref_hash"]
verify_key = nacl.signing.VerifyKey(
node_to_ask.signed_pubkey[64:])
verify_key.verify(
str(address) + str(amount) + str(listing_hash) +
str(buyer_key), response[1][0])
return response[1][0]
except Exception:
return False
public_key = contract.contract["vendor_offer"]["listing"]["id"][
"pubkeys"]["encryption"]
skephem = PrivateKey.generate()
pkephem = skephem.public_key.encode(nacl.encoding.RawEncoder)
box = Box(skephem, PublicKey(public_key, nacl.encoding.HexEncoder))
nonce = nacl.utils.random(Box.NONCE_SIZE)
ciphertext = box.encrypt(json.dumps(contract.contract, indent=4),
nonce)
d = self.protocol.callOrder(node_to_ask, pkephem, ciphertext)
self.log.info("purchasing contract %s from %s" %
(contract.get_contract_id().encode("hex"), node_to_ask))
return d.addCallback(parse_response)
def show_cluster_config(cluster_id: str) -> dict:
box = PrivateKey.generate()
private_key_hex = box.encode(encoder=nacl.encoding.HexEncoder)
public_key_hex = box.public_key.encode(encoder=nacl.encoding.HexEncoder)
if not cluster_id or cluster_id == 'None':
return {
'error': 'CLUSTER_ID required'
}
try:
cluster = Fileserver_Cluster.objects.filter(pk=cluster_id).get()
except Fileserver_Cluster.DoesNotExist:
return {
'error': 'A cluster with this id was not found. You can use "fsclusterlist" to display all'
}
if cluster.links.count() == 0:
return {
'error': ' Shard: Not found for this cluster. You can create one with "fsshardcreate TITLE \'Some description\'" and then link it to this cluster with "fsshardlink ' + str(
cluster.id) + ' SHARD_ID"'
}
uni = string.ascii_letters + string.digits + string.punctuation
print('SECRET_KEY: ' + repr((''.join([random.SystemRandom().choice(uni) for i in range(50)])).replace('\'', '"')))
print('PRIVATE_KEY: ' + repr(str(private_key_hex.decode())))
print('PUBLIC_KEY: ' + repr(str(public_key_hex.decode())))
print('SERVER_URL: ' + repr(settings.HOST_URL))
print('SERVER_PUBLIC_KEY: ' + repr(settings.PUBLIC_KEY))
print("CLUSTER_ID: '"+ str(cluster.id) +"'")
print("CLUSTER_PRIVATE_KEY: '"+ str(decrypt_with_db_secret(cluster.auth_private_key)) +"'")
shards = []
for links in cluster.links.all():
shards.append('{shard_id: ' + str(links.shard_id) + ', read: ' + str(links.read) + ', write: ' + str(links.write) + ', delete: ' + str(links.delete_capability) + ', allow_link_shares: ' + str(links.allow_link_shares) + ', engine: {class: \'local\', kwargs: {location: \'/opt/psono-shard/'+ str(links.shard_id) +'\'}}}')
print("SHARDS: ["+','.join(shards)+"]")
return {}
def new_shop(req: ShopCreateRequest):
try:
b64decode(req.shop_pub_key)
except binascii.Error:
raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST,
detail='公鑰錯誤')
shop = Shop(name=req.name, shop_pub_key=req.shop_pub_key)
private_key = PrivateKey.generate()
box = SecretBox(SERVER_MASTER_SECRET)
try:
Secret(shop=shop,
server_secret_key=b64encode(
box.encrypt(private_key._private_key)).decode('ascii'))
commit()
except TransactionIntegrityError:
rollback()
raise HTTPException(status_code=status.HTTP_409_CONFLICT,
detail='公鑰已被使用')
return b64encode(private_key.public_key._public_key).decode('ascii')
def rotate_user_key(args):
"""Rotates the user main key.
Required when a device was removed to keep future content safe.
Maximum rotation rate once per second, but please don't: it will just make
the user identity block bloated, eventually blocking the user by upload limit.
"""
username = get_username(args)
user_storage = LocalStorage(username)
old_signing = _get_user_signingkey(username)
old_private = _get_user_privatekey(username)
timestamp = get_timestamp_seconds()
with user_storage as us:
us["signingkey"] = SigningKey.generate().encode()
us["privatekey"] = PrivateKey.generate().encode()
us["previous_keys"][timestamp] = {
"signingkey": us["signingkey"],
"privatekey": us["privatekey"],
}
def fake_transport():
privkey = PrivateKey.generate()
pubkey_hex = privkey.public_key.encode().encode("hex")
TID_tokenid, TID_privkey, TID_token0 = rrid.create()
private = {
"privkey": privkey,
"TID": (TID_tokenid, TID_privkey, TID_token0)
}
# this is what lives in our database. All channels that share the same
# transport will use the same thing.
db_record = {
"for_sender": {
"type": "test-return",
"transport_pubkey": pubkey_hex,
},
"for_recipient": {
"TID": TID_token0.encode("hex")
},
}
return private, db_record
def decrypt(self, file):
# read encrypted data from file
with open(file) as f:
content = f.read()
f.close()
content2 = self.str_to_bytestring(content)
# decrypt encrypted data and write back to file
private_key2 = PrivateKey(
b'#"\xbf.\xe1[\xdd\x95\xe0s\xb7\xd8\xb5\xe3\xe3\x1e\xa1\x1c\xf7r\xec\xa3\\\xda\x7f4\x9cy\r7\xffJ'
)
public_key1 = PublicKey(
b"\xe6\xd2\xd1\x94\xde\x00s\xcew\xf1\xfc\x1a;\xacB]rqzu\xe8\rr\x19\x19p'\xbe\xe6z\xba "
)
user_box2 = Box(private_key2, public_key1)
decrypted = user_box2.decrypt(content2).decode("utf-8")
with open(file, "w") as text_file:
text_file.write(decrypted)
text_file.close()
def get_node(node_to_ask, recipient_guid, public_key):
def parse_response(response):
if not response[0]:
self.send_message(Node(unhexlify(recipient_guid)),
public_key,
objects.PlaintextMessage.Type.Value("DISPUTE_CLOSE"),
dispute_json,
order_id,
store_only=True)
if node_to_ask:
skephem = PrivateKey.generate()
pkephem = skephem.public_key.encode(nacl.encoding.RawEncoder)
box = Box(skephem, PublicKey(public_key, nacl.encoding.HexEncoder))
nonce = nacl.utils.random(Box.NONCE_SIZE)
ciphertext = box.encrypt(json.dumps(dispute_json, indent=4), nonce)
d = self.protocol.callDisputeClose(node_to_ask, pkephem, ciphertext)
return d.addCallback(parse_response)
else:
return parse_response([False])
def stream_encrypt(stream, target_pub, origin_priv):
# XXX if known, we should use the data size in the zfill
# so the len of the data can be checked when decrypted
priv = PrivateKey(binascii.unhexlify(origin_priv))
pub = PublicKey(binascii.unhexlify(target_pub))
box = Box(priv, pub)
pos = 0
def _encrypt(data, pos):
data += str(pos).zfill(10)
nonce = nacl.utils.random(Box.NONCE_SIZE)
return binascii.hexlify(box.encrypt(data, nonce))
while True:
data = stream.read(_CHUNK)
if not data:
break
yield _encrypt(data, pos)
pos += 1
def stream_decrypt(stream, origin_pub, target_priv):
priv = PrivateKey(binascii.unhexlify(target_priv))
pub = PublicKey(binascii.unhexlify(origin_pub))
box = Box(priv, pub)
pos = 0
while True:
data = stream.read(_HEX_ENC_CHUNK)
if not data:
break
data = box.decrypt(binascii.unhexlify(data))
found_pos = int(data[-_ENC_POS_SIZE:])
data = data[:-_ENC_POS_SIZE]
if pos != found_pos:
raise DecryptError('Mismatch')
yield data
pos += 1
def test_sealed_box_encryption(privalice, pubalice, plaintext, _encrypted):
pubalice = PublicKey(pubalice, encoder=HexEncoder)
privalice = PrivateKey(privalice, encoder=HexEncoder)
box = SealedBox(pubalice)
encrypted = box.encrypt(
binascii.unhexlify(plaintext),
encoder=HexEncoder,
)
assert encrypted != _encrypted
# since SealedBox.encrypt uses an ephemeral sender's keypair
box2 = SealedBox(privalice)
decrypted = box2.decrypt(
encrypted,
encoder=HexEncoder,
)
assert binascii.hexlify(decrypted) == plaintext
assert bytes(box) == bytes(box2)
def __init__(self, privk_path, pubk_path):
with open(privk_path, "rb") as privk:
self.privk = PrivateKey(
load_pem_private_key(
privk.read(),
password=None,
backend=default_backend(),
).private_bytes(Encoding.Raw, PrivateFormat.Raw, NoEncryption()),
RawEncoder,
)
with open(pubk_path, "rb") as pubk:
self.pubk = PublicKey(
load_pem_public_key(
pubk.read(),
backend=default_backend(),
).public_bytes(Encoding.Raw, PublicFormat.Raw),
RawEncoder,
)
self.box = Box(self.privk, self.pubk)
def setUp(self):
box = PrivateKey.generate()
private_key_hex = box.encode(encoder=nacl.encoding.HexEncoder)
public_key_hex = box.public_key.encode(
encoder=nacl.encoding.HexEncoder)
private_key_hex = encrypt_with_db_secret(private_key_hex.decode())
public_key_hex = encrypt_with_db_secret(public_key_hex.decode())
self.cluster = models.Fileserver_Cluster.objects.create(
title='Some Title',
auth_public_key=public_key_hex,
auth_private_key=private_key_hex,
file_size_limit=0,
)
self.shard = models.Fileserver_Shard.objects.create(
title='Some Title',
description='Some description',
)
def create_from_private_key(self, private_key):
priv = PrivateKey(bytes.fromhex(private_key))
publ = priv.public_key
self.public_key = public_key = encode(publ._public_key)
secret_key = encode(priv._private_key)
base_filename = os.path.join(self.keys_dir, self.keyname)
secret_key_file = "{0}.key_secret".format(base_filename)
public_key_file = "{0}.key".format(base_filename)
now = datetime.datetime.now()
zmq.auth.certs._write_key_file(
public_key_file, zmq.auth.certs._cert_public_banner.format(now),
public_key)
zmq.auth.certs._write_key_file(
secret_key_file,
zmq.auth.certs._cert_secret_banner.format(now),
public_key,
secret_key=secret_key)
def setup_secure_channel(self):
if not self.connected or self.default_ssl:
return False
private_key = PrivateKey(read_encryption_key('server', 'private'),
encoder=HexEncoder)
client_public_key = PublicKey(read_encryption_key('client', 'public'),
encoder=HexEncoder)
print('Server: Keys loaded.')
# Create a secret key and send it to the client
box = Box(private_key, client_public_key)
secret_key = random(SecretBox.KEY_SIZE)
encrypted = box.encrypt(secret_key)
send_message(self.socket, sign(self._signing_key, encrypted))
print('Server: Secret key sent.')
# Setup symmetric encryption using the secret key
self._set_secret_key(secret_key)
return True
