def post(self, request): form = USF(request.POST) if not form.is_valid(): raise RuntimeError("Invalid HTML Form submitted") password = form.cleaned_data['password'] pseudonym = form.cleaned_data['pseudonym'] kdf = KDF( algorithm=hashes.Whirlpool(), length=int( 32 + 32), # 32: Edwards25519 seed, second 32: Curve25519 seed salt=whirlpool(pseudonym.encode()), iterations=int(1e6), backend=default_backend()) key = kdf.derive(password.encode()) edkey = signfool.SigningKey( key[0:32] ) # Use the first 32-bytes of the derived key as Edwards25519 seed cvkp = pubfool.PrivateKey( key[32:64]) # Use the second half as Curve25519 seed try: sig = db.get('gks').sign(cvkp.public_key.encode(encoder=b64)) except KeyError: return render(request, 'freakedup.html', {'err': "You are not part of a group, yet"}) db.set("user-edkeys", edkey) db.set("user-cvkeys", cvkp) db.set("user-keysig", sig) edkey_fingerprint = base64.b64encode(whirlpool( edkey._signing_key)).decode() cvkey_fingerprint = base64.b64encode(whirlpool( cvkp._private_key)).decode() ctx = dict(edkey_fp=edkey_fingerprint, cvkey_fp=cvkey_fingerprint, sig=base64.b64encode(sig).decode()) return render(request, 'user.post.html', ctx)
def from_raw_key(cls, filename, comment=None): """ Load an Ed25519 (private) signing key (actually, the seed for the key) from a raw file of 32 bytes length. This can be any random byte sequence, such as generated from Python code like os.urandom(32) or from the shell dd if=/dev/urandom of=client02.key bs=1 count=32 :param filename: Filename of the key. :type filename: unicode :param comment: Comment for key (optional). :type comment: unicode or None """ if not (comment is None or type(comment) == six.text_type): raise Exception("invalid type {} for comment".format( type(comment))) if type(filename) != six.text_type: raise Exception( "invalid type {} for filename".format(filename)) with open(filename, 'rb') as f: keydata = f.read() if len(keydata) != 32: raise Exception("invalid key length {}".format(len(keydata))) key = signing.SigningKey(keydata) return cls(key, comment)
def test_get_key_of_expected_type(self): raw_seed = os.urandom(32) signing_key = ed25519.SigningKey(raw_seed) verify_key = signing_key.verify_key assert _get_key_of_expected_type(signing_key, ed25519.SigningKey) == signing_key assert _get_key_of_expected_type(verify_key, ed25519.VerifyKey) == verify_key
def __init__(self): """Load or initialize crypto keys.""" try: with open("key", "rb") as keys_file: keys = keys_file.read() except IOError: keys = None if keys: self.pkey = public.PrivateKey(keys, STORE_ENC) self.skey = signing.SigningKey(keys, STORE_ENC) else: kp = public.PrivateKey.generate() with open("key", "wb") as keys_file: keys_file.write(kp.encode(STORE_ENC)) self.pkey = kp self.skey = signing.SigningKey(bytes(self.pkey), nacl.encoding.RawEncoder)
def from_key_bytes(cls, keydata, comment=None): if not (comment is None or type(comment) == six.text_type): raise ValueError("invalid type {} for comment".format(type(comment))) if len(keydata) != 32: raise ValueError("invalid key length {}".format(len(keydata))) key = signing.SigningKey(keydata) return cls(key, comment)
def from_raw_ed25519_seed(cls, raw_seed: bytes) -> "Keypair": """Generate a :class:`Keypair` object from ed25519 secret key seed raw bytes. :param raw_seed: ed25519 secret key seed raw bytes :return: A new :class:`Keypair` instance derived by the ed25519 secret key seed raw bytes """ signing_key = ed25519.SigningKey(raw_seed) verify_key = signing_key.verify_key return cls(verify_key, signing_key)
def from_key_bytes(cls, keydata, comment=None): if not (comment is None or type(comment) == str): raise ValueError("invalid type {} for comment".format(type(comment))) if type(keydata) != bytes: raise ValueError("invalid key type {} (expected binary)".format(type(keydata))) if len(keydata) != 32: raise ValueError("invalid key length {} (expected 32)".format(len(keydata))) key = signing.SigningKey(keydata) return cls(key, comment)
def to_public_key(mnemonic): """ Return the public key for the mnemonic. Args: mnemonic (str): mnemonic of the public key Returns: str: public key in base32 """ key_bytes = _to_key(mnemonic) key = signing.SigningKey(key_bytes) return encoding.encode_address(key.verify_key.encode())
def to_private_key(mnemonic): """ Return the private key for the mnemonic. Args: mnemonic (str): mnemonic of the private key Returns: str: private key in base64 """ key_bytes = _to_key(mnemonic) key = signing.SigningKey(key_bytes) return base64.b64encode(key.encode() + key.verify_key.encode()).decode()
def __init__(self, keypair: Optional[nacl.public.PrivateKey] = None) -> None: """Create a new keypair instance. Generate random keypair if no keypair is provided. Initialize class variables. """ if keypair is None: # the PrivateKey object comes with a public key too self._keypair = nacl.public.PrivateKey.generate() else: self._keypair = keypair verify_key = signing.SigningKey(bytes(self._keypair)).verify_key self._public_key = solana.publickey.PublicKey(verify_key)
def from_raw(cls, filename, comment=None): """ Load a Ed25519 private key (actually, the seed for the key) from a raw file of 32 bytes length. This can be any random byte sequence, such as generated from Python code like os.urandom(32) or from the shell dd if=/dev/urandom of=client02.key bs=1 count=32 """ with open(filename, 'rb') as f: keydata = f.read() # key = public.PrivateKey(keydata) key = signing.SigningKey(keydata) return cls(key, comment, True)
def sign(self, msg: bytes) -> signing.SignedMessage: """Sign a message with this account. :param msg: message to sign. :returns: A signed messeged object. >>> secret_key = bytes([1] * 32) >>> acc = Account(secret_key) >>> msg = b"hello" >>> signed_msg = acc.sign(msg) >>> signed_msg.signature.hex() 'e1430c6ebd0d53573b5c803452174f8991ef5955e0906a09e8fdc7310459e9c82a402526748c3431fe7f0e5faafbf7e703234789734063ee42be17af16438d08' >>> signed_msg.message.decode('utf-8') 'hello' """ # pylint: disable=line-too-long return signing.SigningKey(self.secret_key()).sign(msg)
def from_ssh_data(cls, keydata): """ Load an Ed25519 key from SSH key file. The key file can be a (private) signing key (from a SSH private key file) or a (public) verification key (from a SSH public key file). A private key file must be passphrase-less. """ SSH_BEGIN = u'-----BEGIN OPENSSH PRIVATE KEY-----' if keydata.startswith(SSH_BEGIN): # OpenSSH private key keydata, comment = _read_ssh_ed25519_privkey(keydata) key = signing.SigningKey(keydata, encoder=encoding.RawEncoder) else: # OpenSSH public key keydata, comment = _read_ssh_ed25519_pubkey(keydata) key = signing.VerifyKey(keydata) return cls(key, comment)
def FromBytes(cls, key_bytes: bytes) -> IPrivateKey: """ Construct class from key bytes. Args: key_bytes (bytes): Key bytes Returns: IPrivateKey: IPrivateKey object Raises: ValueError: If key bytes are not valid """ try: return cls(signing.SigningKey(key_bytes)) except (exceptions.RuntimeError, exceptions.ValueError) as ex: raise ValueError("Invalid private key bytes") from ex
def from_ssh_key(cls, filename): """ Load an Ed25519 key from a SSH key file. The key file can be a (private) signing key (from a SSH private key file) or a (public) verification key (from a SSH public key file). A private key file must be passphrase-less. """ SSH_BEGIN = u'-----BEGIN OPENSSH PRIVATE KEY-----' with open(filename, 'r') as f: keydata = f.read().strip() if keydata.startswith(SSH_BEGIN): # OpenSSH private key keydata, comment = _read_ssh_ed25519_privkey(keydata) key = signing.SigningKey(keydata, encoder=encoding.RawEncoder) else: # OpenSSH public key keydata, comment = _read_ssh_ed25519_pubkey(filename) key = public.PublicKey(keydata, encoder=encoding.RawEncoder) return cls(key, comment)
def sign(self, msg: bytes) -> signing.SignedMessage: """Sign a message with this keypair. Args: msg: message to sign. Returns: A signed messeged object. Example: >>> seed = bytes([1] * 32) >>> keypair = Keypair.from_seed(seed) >>> msg = b"hello" >>> signed_msg = keypair.sign(msg) >>> signed_msg.signature.hex() 'e1430c6ebd0d53573b5c803452174f8991ef5955e0906a09e8fdc7310459e9c82a402526748c3431fe7f0e5faafbf7e703234789734063ee42be17af16438d08' >>> signed_msg.message.decode('utf-8') 'hello' """ # pylint: disable=line-too-long return signing.SigningKey(self.seed).sign(msg)
def _maybe_generate_node_key(cbdir, privfile='key.priv', pubfile='key.pub'): privkey_path = os.path.join(cbdir, privfile) pubkey_path = os.path.join(cbdir, pubfile) # node private key seems to exist already: read and check! if os.path.exists(privkey_path): # read all tags, including private tags priv_tags = _parse_node_key(privkey_path, private=True) # check mandatory tags - the following tags are optional: # - node-authid # - node-cluster-ip # - public-adr-eth # - private-key-eth for tag in [ 'creator', 'created-at', 'machine-id', 'public-key-ed25519', 'private-key-ed25519' ]: if tag not in priv_tags: raise Exception( "Corrupt node private key file {} - {} tag not found". format(privkey_path, tag)) privkey_hex = priv_tags['private-key-ed25519'] privkey = signing.SigningKey(privkey_hex, encoder=encoding.HexEncoder) pubkey = privkey.verify_key pubkey_hex = pubkey.encode(encoder=encoding.HexEncoder).decode('ascii') # check that the public key in the key file matches the private key therein if priv_tags['public-key-ed25519'] != pubkey_hex: raise Exception(( "Inconsistent node private key file {} - public-key-ed25519 doesn't" " correspond to private-key-ed25519").format(privkey_path)) eth_pubadr = None eth_privkey_seed_hex = priv_tags.get('private-key-eth', None) if eth_privkey_seed_hex: eth_privkey_seed = binascii.a2b_hex(eth_privkey_seed_hex) eth_privkey = KeyAPI(NativeECCBackend).PrivateKey(eth_privkey_seed) eth_pubadr = eth_privkey.public_key.to_checksum_address() if 'public-adr-eth' in priv_tags: if priv_tags['public-adr-eth'] != eth_pubadr: raise Exception(( "Inconsistent node private key file {} - public-adr-eth doesn't" " correspond to private-key-eth").format(privkey_path)) if os.path.exists(pubkey_path): pub_tags = _parse_node_key(pubkey_path, private=False) # node-authid and node-cluster-ip are optional! for tag in [ 'creator', 'created-at', 'machine-id', 'public-key-ed25519' ]: if tag not in pub_tags: raise Exception( "Corrupt node public key file {} - {} tag not found". format(pubkey_path, tag)) if pub_tags['public-key-ed25519'] != pubkey_hex: raise Exception(( "Inconsistent node public key file {} - public-key-ed25519 doesn't" " correspond to private-key-ed25519 in private key file {}" ).format(pubkey_path, privkey_path)) if pub_tags.get('public-adr-eth', None) != eth_pubadr: raise Exception(( "Inconsistent node public key file {} - public-adr-eth doesn't" " correspond to private-key-eth in private key file {}" ).format(pubkey_path, privkey_path)) else: log.info( "Node public key file {pub_path} not found - re-creating from node private key file {priv_path}", pub_path=pubkey_path, priv_path=privkey_path, ) pub_tags = OrderedDict([ ('creator', priv_tags['creator']), ('created-at', priv_tags['created-at']), ('machine-id', priv_tags['machine-id']), ('node-authid', priv_tags.get('node-authid', None)), ('node-cluster-ip', priv_tags.get('node-cluster-ip', None)), ('public-key-ed25519', pubkey_hex), ('public-adr-eth', eth_pubadr), ]) msg = 'Crossbar.io node public key\n\n' _write_node_key(pubkey_path, pub_tags, msg) log.info( 'Node key files exist and are valid. Node public key is {pubkey}', pubkey=hlid('0x' + pubkey_hex)) was_new = False else: # node private key does not yet exist: generate a new one # Node key (Ed25519) privkey = signing.SigningKey.generate() privkey_hex = privkey.encode( encoder=encoding.HexEncoder).decode('ascii') pubkey = privkey.verify_key pubkey_hex = pubkey.encode(encoder=encoding.HexEncoder).decode('ascii') # Node Ethereum key eth_privkey_seed = os.urandom(32) eth_privkey_seed_hex = binascii.b2a_hex(eth_privkey_seed).decode() eth_privkey = KeyAPI(NativeECCBackend).PrivateKey(eth_privkey_seed) eth_pubadr = eth_privkey.public_key.to_checksum_address() if 'CROSSBAR_NODE_ID' in os.environ and os.environ[ 'CROSSBAR_NODE_ID'].strip() != '': node_authid = os.environ['CROSSBAR_NODE_ID'] log.info( 'using node_authid from environment variable CROSSBAR_NODE_ID: "{node_authid}"', node_authid=node_authid) else: node_authid = socket.gethostname() log.info('using node_authid from hostname: "{node_authid}"', node_authid=node_authid) if 'CROSSBAR_NODE_CLUSTER_IP' in os.environ and os.environ[ 'CROSSBAR_NODE_CLUSTER_IP'].strip() != '': node_cluster_ip = os.environ['CROSSBAR_NODE_CLUSTER_IP'] log.info( 'using node_cluster_ip from environment variable CROSSBAR_NODE_CLUSTER_IP: "{node_cluster_ip}"', node_cluster_ip=node_cluster_ip) else: node_cluster_ip = '127.0.0.1' log.info( 'using node_cluster_ip for localhost (builtin): "{node_cluster_ip}"', node_cluster_ip=node_cluster_ip) # first, write the public file tags = OrderedDict([ ('creator', _creator()), ('created-at', utcnow()), ('machine-id', _machine_id()), ('node-authid', node_authid), ('node-cluster-ip', node_cluster_ip), ('public-key-ed25519', pubkey_hex), ('public-adr-eth', eth_pubadr), ]) msg = 'Crossbar.io node public key\n\n' _write_node_key(pubkey_path, tags, msg) # now, add the private key and write the private file tags['private-key-ed25519'] = privkey_hex tags['private-key-eth'] = eth_privkey_seed_hex msg = 'Crossbar.io node private key - KEEP THIS SAFE!\n\n' _write_node_key(privkey_path, tags, msg) log.info( 'New node key pair generated! public-key-ed25519={pubkey}, node-authid={node_authid}, public-adr-eth={eth_pubadr}', pubkey=hlid('0x' + pubkey_hex), node_authid=node_authid, eth_pubadr=hlid(eth_pubadr)) was_new = True # fix file permissions on node public/private key files # note: we use decimals instead of octals as octal literals have changed between Py2/3 # if os.stat( pubkey_path).st_mode & 511 != 420: # 420 (decimal) == 0644 (octal) os.chmod(pubkey_path, 420) log.info("File permissions on node public key fixed") if os.stat(privkey_path ).st_mode & 511 != 384: # 384 (decimal) == 0600 (octal) os.chmod(privkey_path, 384) log.info("File permissions on node private key fixed") log.info( 'Node key loaded from {priv_path}', priv_path=hlid(privkey_path), ) return was_new, cryptosign.CryptosignKey(privkey, can_sign=True)
import json from base64 import b64decode from nacl import signing priv_val = json.load(open('priv_validator.json')) # The *amino type* 954568A3288910 is 64 bytes long, where # raw 32-byte priv key are concatenated to raw 32-byte pub key. raw_key = b64decode(priv_val['priv_key']['value']) signing_key_bytes, verifying_key_bytes = raw_key[:32], raw_key[32:] signing_key = signing.SigningKey(signing_key_bytes) verify_key = signing.VerifyKey(verifying_key_bytes) signed = signing_key.sign(b'I love cats.') # Will raise nacl.exceptions.BadSignatureError if the signature check fails verify_key.verify(signed) # The following code will raise the exception. # signing.VerifyKey(verifying_key_bytes[:31] + b'\x00').verify(signed)
def __init__(self): self._seed = os.urandom(32) self._ed25519_secret = signing.SigningKey(self._seed)
def _maybe_generate_key(cbdir, privfile=u'key.priv', pubfile=u'key.pub'): was_new = True privkey_path = os.path.join(cbdir, privfile) pubkey_path = os.path.join(cbdir, pubfile) if os.path.exists(privkey_path): # node private key seems to exist already .. check! priv_tags = _parse_key_file(privkey_path, private=True) for tag in [ u'creator', u'created-at', u'machine-id', u'public-key-ed25519', u'private-key-ed25519' ]: if tag not in priv_tags: raise Exception( "Corrupt node private key file {} - {} tag not found". format(privkey_path, tag)) privkey_hex = priv_tags[u'private-key-ed25519'] privkey = signing.SigningKey(privkey_hex, encoder=encoding.HexEncoder) pubkey = privkey.verify_key pubkey_hex = pubkey.encode(encoder=encoding.HexEncoder).decode('ascii') if priv_tags[u'public-key-ed25519'] != pubkey_hex: raise Exception(( "Inconsistent node private key file {} - public-key-ed25519 doesn't" " correspond to private-key-ed25519").format(pubkey_path)) if os.path.exists(pubkey_path): pub_tags = _parse_key_file(pubkey_path, private=False) for tag in [ u'creator', u'created-at', u'machine-id', u'public-key-ed25519' ]: if tag not in pub_tags: raise Exception( "Corrupt node public key file {} - {} tag not found". format(pubkey_path, tag)) if pub_tags[u'public-key-ed25519'] != pubkey_hex: raise Exception(( "Inconsistent node public key file {} - public-key-ed25519 doesn't" " correspond to private-key-ed25519").format(pubkey_path)) else: log.info( "Node public key file {pub_path} not found - re-creating from node private key file {priv_path}", pub_path=pubkey_path, priv_path=privkey_path, ) pub_tags = OrderedDict([ (u'creator', priv_tags[u'creator']), (u'created-at', priv_tags[u'created-at']), (u'machine-id', priv_tags[u'machine-id']), (u'public-key-ed25519', pubkey_hex), ]) msg = u'Crossbar.io node public key\n\n' _write_node_key(pubkey_path, pub_tags, msg) log.info( 'Node key files exist and are valid. Node public key is {pubkey}', pubkey=hlid('0x' + pubkey_hex)) was_new = False else: # node private key does not yet exist: generate one privkey = signing.SigningKey.generate() privkey_hex = privkey.encode( encoder=encoding.HexEncoder).decode('ascii') pubkey = privkey.verify_key pubkey_hex = pubkey.encode(encoder=encoding.HexEncoder).decode('ascii') # first, write the public file tags = OrderedDict([ (u'creator', _creator()), (u'created-at', utcnow()), (u'machine-id', _machine_id()), (u'public-key-ed25519', pubkey_hex), ]) msg = u'Crossbar.io node public key\n\n' _write_node_key(pubkey_path, tags, msg) # now, add the private key and write the private file tags[u'private-key-ed25519'] = privkey_hex msg = u'Crossbar.io node private key - KEEP THIS SAFE!\n\n' _write_node_key(privkey_path, tags, msg) log.info('New node key pair generated! Public key is {pubkey}', pubkey=hlid('0x' + pubkey_hex)) # fix file permissions on node public/private key files # note: we use decimals instead of octals as octal literals have changed between Py2/3 # if os.stat( pubkey_path).st_mode & 511 != 420: # 420 (decimal) == 0644 (octal) os.chmod(pubkey_path, 420) log.info("File permissions on node public key fixed") if os.stat(privkey_path ).st_mode & 511 != 384: # 384 (decimal) == 0600 (octal) os.chmod(privkey_path, 384) log.info("File permissions on node private key fixed") log.info( 'Node key loaded from {priv_path}', priv_path=hlid(privkey_path), ) return was_new, cryptosign.SigningKey(privkey)
def keypair(self) -> bytes: """The 64 byte keypair for this account (base 58 encoded).""" return b58encode( self.secret_key() + bytes(signing.SigningKey(self.secret_key()).verify_key))
def public_key(self) -> PublicKey: """The public key for this account.""" verify_key = signing.SigningKey(self.secret_key()).verify_key return PublicKey(bytes(verify_key))
def load_key(private): private = signing.SigningKey(private.encode(), encoder=encoding.URLSafeBase64Encoder) public = private.verify_key.encode(encoding.Base32Encoder).decode() database.write(public, 'keypair', 'public') database.write(private, 'keypair', 'private')
def post(self, request): form = GSF(request.POST) pubk = None privk = None pubfp = None privfp = None edseed = None if not form.is_valid(): raise RuntimeError("Invalid HTML form submitted") seed = form.cleaned_data['seed'] if seed == 'none': gke = pubfool.PrivateKey.generate() gks = signfool.SigningKey.generate() db.set('gke', gke) db.set('gks', gks) seed = base64.b64encode( json.dumps( dict(gke={ 'public_key': base64.b64encode(gke.public_key._public_key).decode(), 'private_key': base64.b64encode(gke._private_key).decode() }, gks={'seed': base64.b64encode(gks._seed).decode() })).encode()).decode() pubk = gke.public_key._public_key privk = gke._private_key edseed = gks._seed sk = gks.verify_key.encode(encoder=b64) ek = gke.public_key.encode(encoder=b64) gkfp = base64.b64encode(whirlpool(sk + ek)) db.set('gkfp', gkfp.decode()) sendgroup(gkfp, sk, ek) else: seed = base64.b64decode(seed).decode() seed = json.loads(seed) # Format of seed: # {'public_key': 'base64-encoded PublicKey', 'private_key': 'base64-encoded PrivateKey'} pub = pubk = base64.b64decode(seed['gke']['public_key']) if len(pub) != 32: return "Error: Public key's length should be 32 bytes, check your input" priv = privk = base64.b64decode(seed['gke']['private_key']) if len(priv) != 32: return "Error: Private key's length should be 32 bytes, check your input tool" # Construct a PublicKey object pub = pubfool.PublicKey(pub) # Construct a Private Key object priv = pubfool.PrivateKey(priv) priv.public_key = pub edseed = base64.b64decode(seed['gks']['seed']) gks = signfool.SigningKey(seed=edseed) sk = gks.verify_key.encode(encoder=b64) ek = priv.public_key.encode(encoder=b64) gkfp = base64.b64encode(whirlpool(sk + ek)) # Save the key db.set('gke', priv) db.set('gks', gks) db.set('gkfp', gkfp.decode()) # I think it's already sent to the server because it was off a seed # Create a seed pubfp = base64.b64encode(whirlpool(pubk)).decode() privfp = base64.b64encode(whirlpool(privk)).decode() edseed = base64.b64encode(whirlpool(edseed)).decode() return render(request, 'group.post.html', { 'edseed': edseed, 'pubfp': pubfp, 'privfp': privfp, 'seed': seed, })
# dd if=/dev/urandom of=my-secret-seed bs=1 count=32 seed = open("/home/00/d861703/Nextcloud/projects/scripts/my-secret-seed", "rb").read() keydata = {} keydata['ssh-rsa'] = RSA.generate(4096, randfunc=PRNG(seed)) keydata['ecdsa-sha2-nistp521'] = ecdsa.SigningKey.generate( entropy=PRNG(seed), curve=ecdsa.NIST521p) # Convert ecdsa key to format used by OpenSSH ecdsa_pub = commands.getoutput( "echo '%s' | ssh-keygen -i -m PKCS8 -f /dev/stdin" % keydata['ecdsa-sha2-nistp521'].get_verifying_key().to_pem()) keydata['ssh-ed25519'] = ed25519.SigningKey(seed) ed25519_base64 = codecs.encode(putEd25519Key(keydata['ssh-ed25519'], comment), 'base64').rstrip() # Write key data to disk f = open('ssh_host_rsa_key', 'wb+') f.write(keydata['ssh-rsa'].exportKey('PEM')) f.write("\n") f.close() f2 = open('ssh_host_rsa_key.pub', 'wb+') f2.write(keydata['ssh-rsa'].publickey().exportKey('OpenSSH')) f2.write("\n") f2.close() f3 = open('ssh_host_ecdsa_key', 'wb+')
#!/usr/bin/env python3 import argparse from nacl import encoding, signing import os parser = argparse.ArgumentParser() parser.add_argument('--key', help='location of signing key file, default ./keys/sign') parser.add_argument('file', nargs='+', help='files to sign') args = parser.parse_args() if args.key is None: args.key = os.path.dirname(os.path.realpath(__file__)) + "/keys/sign" sign_key_f = os.open(args.key, os.O_RDONLY) sign_key_hex = os.read(sign_key_f, 64) os.close(sign_key_f) sign_key = signing.SigningKey(sign_key_hex, encoder=encoding.HexEncoder) for arg in args.file: with open(arg, "rb") as f: signed = sign_key.sign(f.read()) with open(arg + ".signed", "wb") as f: f.write(signed)
def __init__(self, access_key: str, signing_key_seed: bytes): self.access_key = access_key self.signing_key = signing.SigningKey(signing_key_seed)
def __init__(self, private_key: bytes): self._signing_key = signing.SigningKey(private_key)
def get_pub_key_from_priv(priv_key: UserIDSecretKey, raw_encoding: bool = False) -> UserID: return signing.SigningKey( priv_key, encoder=encoding.Base32Encoder).verify_key.encode( encoding.Base32Encoder)
def sign_message(message, passphrase): priv_key = signing.SigningKey(sha256(str.encode(passphrase)).digest()) signature = hexlify(priv_key.sign(str.encode(message))).decode() pub_key = priv_key.verify_key.encode(encoder=encoding.HexEncoder).decode() return (signature, pub_key)