def node_private_helios_key(self): if self._node_private_helios_key is None: # if self.is_dev_test_node: # if "INSTANCE_NUMBER" in os.environ: # self._node_private_helios_key = get_primary_node_private_helios_key(int(os.environ["INSTANCE_NUMBER"])) # # else: if (self.keystore_path is None and KEYSTORE_FILENAME_TO_USE is None ) or self.keystore_password is None: raise ValueError( "You must provide a keystore file containing a private key for this node, and a password to open it." ) else: try: if self.keystore_path is not None: self._node_private_helios_key = keys.PrivateKey( eth_keyfile.extract_key_from_keyfile( self.keystore_path, self.keystore_password)) else: absolute_keystore_path = self.keystore_dir / KEYSTORE_FILENAME_TO_USE self._node_private_helios_key = keys.PrivateKey( eth_keyfile.extract_key_from_keyfile( str(absolute_keystore_path), self.keystore_password)) except ValueError: raise ValueError( "An error occured when decoding your keyfile. This can be caused by an incorrect password, or damaged keyfile." ) return self._node_private_helios_key
def load(file_path: str, password: str) -> 'KeyWallet': """Loads a wallet from a keystore file with your password and generates an instance of Wallet. :param file_path: File path of the keystore file. type(str) :param password: Password for the keystore file. It must include alphabet character, number, and special character. :return: An instance of Wallet class. """ try: with open(file_path, 'rb') as file: private_key: bytes = extract_key_from_keyfile( file, bytes(password, 'utf-8')) private_key_object = PrivateKey(private_key) wallet = KeyWallet(private_key_object) logger.info( f"Loaded Wallet by the keystore file. Address: {wallet.get_address()}, File path: {file_path}" ) return wallet except FileNotFoundError: logger.exception( f"Raised KeyStoreException while loading the wallet by the keystore file because the file is not found." ) raise KeyStoreException("File is not found.") except ValueError: logger.exception( f"Raised KeyStoreException while loading the wallet by the keystore file because the password is wrong." ) raise KeyStoreException("Password is wrong.") except Exception as e: logger.exception( f"Raised KeyStoreException while loading the wallet by the keystore file. Error message: {e}" ) raise KeyStoreException(f'keystore file error.{e}')
def get_private_key(key_path, password_path=None): """Open a JSON-encoded private key and return it If a password file is provided, uses it to decrypt the key. If not, the password is asked interactively. Raw hex-encoded private keys are supported, but deprecated.""" assert key_path, key_path if not os.path.exists(key_path): log.fatal("%s: no such file", key_path) return None # if not check_permission_safety(key_path): # log.fatal("Private key file %s must be readable only by its owner.", key_path) # return None # # if password_path and not check_permission_safety(password_path): # log.fatal("Password file %s must be readable only by its owner.", password_path) # return None with open(key_path) as keyfile: private_key = keyfile.readline().strip() if is_hex(private_key) and len(decode_hex(private_key)) == 32: log.warning( "Private key in raw format. Consider switching to JSON-encoded" ) else: if password_path: with open(password_path) as password_file: password = password_file.readline().strip() else: password = getpass.getpass("Enter the private key password: ") private_key = eth_keyfile.extract_key_from_keyfile( key_path, password).hex() return private_key
def load_pk(pk_file, pw_file=None): assert pk_file, pk_file if not os.path.exists(pk_file): logger.fatal("%s: no such file", pk_file) return None # if not check_permission_safety(pk_file): # logger.fatal("Private key file %s must be readable only by its owner.", pk_file) # return None # # if pw_file and not check_permission_safety(pw_file): # logger.fatal("Password file %s must be readable only by its owner.", pw_file) # return None with open(pk_file) as keyfile: private_key = keyfile.readline().strip() if is_hex(private_key) and len(decode_hex(private_key)) == 32: logger.warning( "Private key in raw format. Consider switching to JSON-encoded" ) else: if pw_file: with open(pw_file) as password_file: password = password_file.readline().strip() else: password = getpass.getpass("Enter the private key password: ") private_key = eth_keyfile.extract_key_from_keyfile( pk_file, password).hex() return private_key
def _install_w3_middleware(self): """install signing middleware if an account is configured""" if "account" not in self.config: logger.warning("No account configured") return keystore_path = self.config["account"]["keystore_path"] keystore_password_path = self.config["account"][ "keystore_password_path"] with open(keystore_password_path, "r") as password_file: password = password_file.readline().strip() try: private_key = eth_keyfile.extract_key_from_keyfile( keystore_path, password.encode("utf-8")) except ValueError: raise ValueError( "Could not decrypt keystore. Please make sure the password is correct." ) account = eth_account.Account.from_key(private_key) signing_middleware.install_signing_middleware(self._web3, account) logger.info( f"private key for address {account.address} loaded for signing transactions" )
def key_from_key_store(file_path, password): """ :param file_path: :return: """ with open(file_path, 'rb') as file: private_key = extract_key_from_keyfile(file, password) return private_key
def get_authorized_private_key(password: str) -> str: """ Returns the private key associated with stored keyfile. Password required. """ keyfile_path = get_keyfile_path() try: private_key = eth_keyfile.extract_key_from_keyfile( str(keyfile_path), to_bytes(text=password)) except ValueError: raise AuthorizationError( f"Provided keyfile password: {password} is not a valid " f"password for encrypted keyfile at {keyfile_path}.") return private_key
def get_private_key(key_file_path, password): """Gets private key from ethereum key file Args: key_file_path: path to the ethereum key file password: password to decrypt the file Returns: [str]: hex encoded private key """ private_key_bytes = extract_key_from_keyfile(key_file_path, password) return encode_hex(private_key_bytes)
def from_prikey_file(cls: Type[T], prikey_file: str, password: Union[str, bytes]) -> T: if isinstance(password, str): password = password.encode() try: if prikey_file.endswith('.der'): prikey = DerSerializer.deserialize_private_key_file(prikey_file, password) elif prikey_file.endswith('.pem'): prikey = PemSerializer.deserialize_private_key_file(prikey_file, password) else: with open(prikey_file, 'rb') as file: prikey = eth_keyfile.extract_key_from_keyfile(file, password) except Exception: raise ValueError("Invalid Password.") return cls.from_prikey(prikey)
def key_from_key_store(file_path: str, password: (bytes, str)) -> bytes: """Get private key from keystore file. :param file_path: keystore file path. :param password: password of keystore file. :return: private key """ try: with open(file_path, 'rb') as file: private_key = extract_key_from_keyfile(file, password) except ValueError: raise KeyStoreException('Invalid password.') except Exception as e: raise KeyStoreException(f'keystore file error.{e}') else: return private_key
def set_password(self, password: str) -> None: keystore_path = self._datadir / self.KEYSTORE_FILENAME if keystore_path.exists(): self._privkey = extract_key_from_keyfile( str(keystore_path), password.encode('utf-8'), ) else: log.info("Generating new Ethereum private key") self._privkey = os.urandom(32) keystore = create_keyfile_json( self._privkey, password.encode('utf-8'), iterations=1024, ) with open(keystore_path, 'w') as f: json.dump(keystore, f)
def load(file_path: str, password: str) -> "KeyWallet": """Loads a wallet from a keystore file with your password and generates an instance of Wallet. :param file_path: File path of the keystore file. type(str) :param password: Password for the keystore file. It must include alphabet character, number, and special character. :return: An instance of Wallet class. """ try: with open(file_path, "rb") as file: private_key: bytes = extract_key_from_keyfile(file, bytes(password, "utf-8")) return KeyWallet(private_key) except FileNotFoundError: raise KeyStoreException("File is not found.") except ValueError: raise KeyStoreException("Password is wrong.") except Exception as e: raise KeyStoreException(f"keystore file error.{e}")
def __init__(self, keyfile=None, password=None, private_key=None, path='./'): if isinstance(password, str): password = password.encode() # create new account if none given if all(p is None for p in [keyfile, private_key]): private_key = os.urandom(32) if password is None: password = os.urandom(10) if len(password): log.info('-' * 15, 'Save this password somewhere', '-' * 15) log.info('<', password.hex(), '>') log.info('-' * 58) else: log.info('-' * 5, '<empty password>', '-' * 5) keyfile_data = create_keyfile_json(private_key, password) # filename = 'keyfile--'+keyfile_data['address'] filename = os.path.join(path, 'keyfile--' + keyfile_data['address']) with open(filename, 'w') as file: file.write(json.dumps(keyfile_data)) # load account from existing keyfile else: if private_key is None: private_key = extract_key_from_keyfile(keyfile, password) # init stuff for this account self.private_key = KeyAPI.PrivateKey(private_key) self.public_key = keys.PublicKey.from_private(self.private_key) self.address = self.public_key.to_address() self.nonce = 0 log.debug('public_key=%s type %s', self.public_key, type(self.public_key)) log.debug('address=%s, type %s', self.address, type(self.address)) """ convert and keep private_key, public_key, signature in to_bytes() """
def get_validator_private_key(config: dict) -> bytes: """Get the private key of the validator from the configuration. The private key get decoded or decrypted into its origin byte representation. If the key is provided by a keystore, the password is first read in to decrypt the store. This function expects an earlier validation of the configuration and does not check if the parameters do actually exist. Anyways this is the place where the existence of the keystore and password file is verified. """ private_key: dict = config["validator_private_key"] if "raw" in private_key: return private_key["raw"] else: keystore_path = private_key["keystore_path"] keystore_password_path = private_key["keystore_password_path"] if not os.path.isfile(keystore_path) or not os.access( keystore_path, os.R_OK): raise ValueError( f"The keystore file does not exist or is not readable: '{keystore_path}'" ) if not os.path.isfile(keystore_password_path) or not os.access( keystore_password_path, os.R_OK): raise ValueError( f"The keystore password file does not exist or is not readable: '{keystore_password_path}'" ) with open(keystore_password_path, "r") as password_file: password = password_file.readline().strip() try: return extract_key_from_keyfile(keystore_path, password.encode("utf-8")) except ValueError: raise ValueError( f"Could not decrypt keystore. Please make sure the password is correct." )
def load(file_path, password): """Loads a wallet from a keystore file with your password and generates an instance of Wallet. :param file_path: File path of the keystore file. type(str) :param password: Password for the keystore file. It must include alphabet character, number, and special character. :return: An instance of Wallet class. """ try: with open(file_path, 'rb') as file: bytes_private_key = extract_key_from_keyfile(file, bytes(password, 'utf-8')) private_key_object = PrivateKey(bytes_private_key) wallet = KeyWallet(private_key_object) return wallet except FileNotFoundError: raise KeyStoreException("File is not found.") except ValueError: raise KeyStoreException("Password is wrong.") except Exception as e: raise KeyStoreException(f'keystore file error.{e}')
def __key_from_key_store(file_path, password): with open(file_path, 'rb') as file: private_key = extract_key_from_keyfile(file, password) return private_key
def decrypt_private_key(keystore_path: str, password: str) -> bytes: return extract_key_from_keyfile(keystore_path, password.encode("utf-8"))
def load_keystore(keystore, passphrase): keys = KeyAPI(NativeECCBackend) priv = extract_key_from_keyfile(keystore, passphrase) acc = Account.from_key(priv) return keys.PrivateKey(priv), acc
def from_eth_keyfile(cls, path: str, password: Optional[str] = None) -> 'PrivateKey': key_bytes = extract_key_from_keyfile(path, password) return cls.from_bytes(key_bytes)
def load_private_key_from_keystore(key_path, password='******'): key_bytes = extract_key_from_keyfile(key_path, password) return key_bytes
def get_private_key_from_keyfile_by_asking_password(file: str) -> bytes: password = getpass.getpass("Password: "******"hex") decoded_private_key = encoded.decode() return decoded_private_key
#!/usr/bin/env python3 """ Script to convert keystore files to raw hex private keys. - `keystore files` are used to import/export identities into yagna - `raw hex private keys` are used in metamask """ from eth_keyfile import extract_key_from_keyfile import sys if __name__ == "__main__": if len(sys.argv) < 2: print(f"Usage: {sys.argv[0]} <private_key_json>") exit(1) print("Reading keyfile: " + sys.argv[1]) eth_key_password = b"" eth_key_hex = extract_key_from_keyfile(sys.argv[1], eth_key_password) print(eth_key_hex.hex())
""" # First, install required python package: pip install eth-keyfile # Then execute the script to extract your private key from the json keystore python3 decrypt_private_key.py --keystore keystore.json --password 123 """ import argparse import binascii import eth_keyfile parser = argparse.ArgumentParser() parser.add_argument("--keystore", type=str, help="path to the json keystore file", required=True) parser.add_argument("--password", type=str, help="password to decrypt the keystore", required=True) args = parser.parse_args() binary_private_key = eth_keyfile.extract_key_from_keyfile(args.keystore, args.password) hex_data = binascii.hexlify(binary_private_key) private_key = hex_data.decode('utf-8') print('Your private key is:') print(private_key)
def get_private_key_from_keyfile_by_explicit_password( file: str, password: str) -> bytes: private_key = extract_key_from_keyfile(file, password.encode()) encoded = encode(private_key, "hex") decoded_private_key = encoded.decode() return decoded_private_key
def purge( db_uri, server, admin_access_token_file, admin_user, admin_password, admin_private_key, admin_private_key_password, admin_private_key_generate, admin_private_key_print_only, server_name, admin_set, keep_newer, keep_min_msgs, parallel_purges, post_sql, docker_restart_label, ): """ Purge historic data from rooms in a synapse server DB_URI: DB connection string: postgres://user:password@netloc:port/dbname SERVER: matrix synapse server url, e.g.: http://hostname All option can be passed through uppercase environment variables prefixed with 'MATRIX_' e.g.: export MATRIX_KEEP_MIN_MSGS=100 """ try: session = requests.Session() # no --server-name, defaults to server hostname if not server_name: server_name = urlparse(server).hostname # admin_access_token_file has priority over everything else, to avoid re-logins if os.path.isfile(admin_access_token_file): with open(admin_access_token_file, 'r') as fo: admin_user, admin_access_token = itemgetter( 'admin_user', 'admin_access_token', )(json.load(fo)) else: if ( not admin_user and not os.path.isfile(admin_private_key) and admin_private_key_generate ): if admin_private_key_password is None: admin_private_key_password = click.prompt( 'JSON keyfile password', default='', hide_input=True, ) with open(admin_private_key, 'w') as fo: json.dump(create_keyfile_json( os.urandom(32), admin_private_key_password.encode(), ), fo, indent=2) # derive admin_user and admin_password from private key if not admin_user and os.path.isfile(admin_private_key): if admin_private_key_password is None: admin_private_key_password = click.prompt( 'JSON keyfile password', default='', hide_input=True, ) pk_bin = extract_key_from_keyfile( admin_private_key, admin_private_key_password.encode(), ) pk = keys.PrivateKey(pk_bin) # username is 0x-prefixed lowercase eth address admin_user = f'@{pk.public_key.to_address()}:{server_name}' # password is server_name signed with key, with eth_sign prefixed hash admin_password_bin = pk.sign_msg_hash( eth_sign_hash(server_name.encode()), ).to_bytes() admin_password = encode_hex( admin_password_bin[:-1] + bytes([admin_password_bin[-1] + 27]) # v += 27 ) if admin_private_key_print_only: click.secho(f'PK to Matrix User: {admin_user}') click.secho(f'PK to Matrix Password: {admin_password}') return if admin_user: if not admin_password: admin_password = click.prompt( 'Admin user password', default='', hide_input=True, ) response = session.post( urljoin(server, '/_matrix/client/r0/login'), json={ 'type': 'm.login.password', 'user': admin_user, 'password': admin_password, }, ) assert response.status_code == 200, f'{response!r} => {response.text!r}' admin_access_token = response.json()['access_token'] with open(admin_access_token_file, 'w') as fo: json.dump({ 'admin_user': admin_user, 'admin_access_token': admin_access_token, }, fo, indent=2) else: raise RuntimeError('No admin_user nor previous access token found') if admin_private_key_print_only: # only hit if --admin-private-key-print-only passed, but an access token or admin user # was already present, or no --admin-private-key file nor --admin-private-key-generate return with psycopg2.connect(db_uri) as db, db.cursor() as cur: # set user as admin in database if needed cur.execute( 'SELECT admin FROM users WHERE name = %s ;', (admin_user,), ) if not cur.rowcount: raise RuntimeError(f'User {admin_user!r} not found') is_admin, = cur.fetchone() if admin_set and not is_admin: cur.execute( 'UPDATE users SET admin=1 WHERE name = %s ;', (admin_user,), ) db.commit() elif not is_admin: raise RuntimeError(f'User {admin_user!r} is not an admin. See --admin-set option') purges = dict() def wait_and_purge_room(room_id=None, event_id=None): """ Wait for available slots in parallel_purges and purge room If room_id is None, just wait for current purges to complete and return If event_id is None, purge all events in room """ while len(purges) >= (parallel_purges if room_id else 1): # wait and clear completed purges time.sleep(1) for _room_id, purge_id in list(purges.items()): response = session.get( urljoin( server, '/_matrix/client/r0/admin/purge_history_status/' + quote(purge_id), ), params={'access_token': admin_access_token}, ) assert response.status_code == 200, f'{response!r} => {response.text!r}' if response.json()['status'] != 'active': click.secho(f'Finished purge: room {_room_id!r}, purge {purge_id!r}') purges.pop(_room_id) if not room_id: return body = {'delete_local_events': True} if event_id: body['purge_up_to_event_id'] = event_id else: body['purge_up_to_ts'] = int(time.time() * 1000) response = session.post( urljoin(server, '/_matrix/client/r0/admin/purge_history/' + quote(room_id)), params={'access_token': admin_access_token}, json=body, ) if response.status_code == 200: purge_id = response.json()['purge_id'] purges[room_id] = purge_id return purge_id if not keep_newer and not keep_min_msgs: click.confirm( 'No --keep-newer nor --keep-min-msgs option provided. Purge all history?', abort=True, ) ts_ms = None if keep_newer: ts = datetime.datetime.now() - datetime.timedelta(keep_newer) ts_ms = int(ts.timestamp() * 1000) cur.execute('SELECT room_id FROM rooms ;') all_rooms = {row for row, in cur} click.secho(f'Processing {len(all_rooms)} rooms') for room_id in all_rooms: # no --keep-min-msgs nor --keep-newer, purge everything if not keep_newer and not keep_min_msgs: wait_and_purge_room(room_id) continue cur.execute( f""" SELECT event_id FROM ( SELECT event_id, received_ts, COUNT(*) OVER (ORDER BY received_ts DESC) AS msg_count_above FROM events WHERE room_id=%(room_id)s AND type='m.room.message' ORDER BY received_ts DESC ) t WHERE true {'AND received_ts < %(ts_ms)s' if keep_newer else ''} {'AND msg_count_above > %(keep_min_msgs)s' if keep_min_msgs else ''} LIMIT 1 ;""", { 'room_id': room_id, 'ts_ms': ts_ms, 'keep_min_msgs': keep_min_msgs, }, ) if cur.rowcount: event_id, = cur.fetchone() wait_and_purge_room(room_id, event_id) # else: room doesn't have messages eligible for purging, skip wait_and_purge_room(None) if post_sql: click.secho(f'Running {post_sql.name!r}') with psycopg2.connect(db_uri) as db, db.cursor() as cur: cur.execute(post_sql.read()) click.secho(f'Results {cur.rowcount}:') for i, row in enumerate(cur): click.secho(f'{i}: {row}') finally: if docker_restart_label: client = docker.from_env() for container in client.containers.list(): if container.attrs['State']['Status'] != 'running' or\ not container.attrs['Config']['Labels'].get(docker_restart_label): continue try: # parse container's env vars env_vars = dict( itemgetter(0, 2)(e.partition('=')) for e in container.attrs['Config']['Env'] ) remote_config_file = env_vars.get( 'URL_KNOWN_FEDERATION_SERVERS', ) or URL_KNOWN_FEDERATION_SERVERS_DEFAULT # fetch remote file remote_whitelist = yaml.load(requests.get(remote_config_file).text) # fetch local list from container's synapse config local_whitelist = yaml.load( container.exec_run(['cat', SYNAPSE_CONFIG_PATH]).output, )['federation_domain_whitelist'] # if list didn't change, don't proceed to restart container if local_whitelist and remote_whitelist == local_whitelist: continue click.secho( f'Whitelist changed. Restarting. new_list={remote_whitelist!r}', ) except ( KeyError, IndexError, requests.RequestException, yaml.scanner.ScannerError, ) as ex: click.secho( f'An error ocurred while fetching whitelists: {ex!r}\n' 'Restarting anyway', err=True, ) # restart container container.restart(timeout=30)
def decrypt_keyfile(file: str, password: str): private_key = extract_key_from_keyfile(file, password.encode()) encoded = encode(private_key, "hex") decoded_private_key = encoded.decode() print(f"{decoded_private_key}")
from eth_keys import keys from eth_keyfile import extract_key_from_keyfile from cpchain import config from cpchain.utils import join_with_root priv_bytes = extract_key_from_keyfile( join_with_root(config.wallet.private_key_file), open(join_with_root(config.wallet.private_key_password_file)).read()) print(priv_bytes) priv_key = keys.PrivateKey(priv_bytes) pub_key = priv_key.public_key addr = pub_key.to_address() print(addr)