def get_gcm_decoded_private_key(encrypted_key_str: str, password: str,
b58_address: str, salt: str, n: int,
scheme: SignatureScheme) -> str:
"""
This interface is used to decrypt an private key which has been encrypted.
:param encrypted_key_str: an gcm encrypted private key in the form of string.
:param password: the secret pass phrase to generate the keys from.
:param b58_address: a base58 encode address which should be correspond with the private key.
:param salt: a string to use for better protection from dictionary attacks.
:param n: CPU/memory cost parameter.
:param scheme: the signature scheme.
:return: a private key in the form of string.
"""
r = 8
p = 8
dk_len = 64
scrypt = Scrypt(n, r, p, dk_len)
derivedkey = scrypt.generate_kd(password, salt)
iv = derivedkey[0:12]
derivedhalf2 = derivedkey[32:64]
encrypted_key = base64.b64decode(encrypted_key_str).hex()
mac_tag = a2b_hex(encrypted_key[64:96])
cipher_text = a2b_hex(encrypted_key[0:64])
private_key = AESHandler.aes_gcm_decrypt_with_iv(
cipher_text, b58_address.encode(), mac_tag, derivedhalf2, iv)
if len(private_key) == 0:
raise SDKException(ErrorCode.decrypt_encrypted_private_key_error)
private_key = b2a_hex(private_key).decode('ascii')
acct = Account(private_key, scheme)
if acct.get_address().b58encode() != b58_address:
raise RuntimeError
return private_key
def export_gcm_encrypted_private_key(self, password: str, salt: str,
n: int) -> str:
"""
This interface is used to export an AES algorithm encrypted private key with the mode of GCM.
:param password: the secret pass phrase to generate the keys from.
:param salt: A string to use for better protection from dictionary attacks.
This value does not need to be kept secret, but it should be randomly chosen for each derivation.
It is recommended to be at least 8 bytes long.
:param n: CPU/memory cost parameter. It must be a power of 2 and less than 2**32
:return: an gcm encrypted private key in the form of string.
"""
r = 8
p = 8
dk_len = 64
scrypt = Scrypt(n, r, p, dk_len)
derivedkey = scrypt.generate_kd(password, salt)
iv = derivedkey[0:12]
derivedhalf2 = derivedkey[32:64]
mac_tag, cipher_text = AESHandler.aes_gcm_encrypt_with_iv(
self.__private_key,
self.__address.b58encode().encode(), derivedhalf2, iv)
encrypted_key = b2a_hex(cipher_text) + b2a_hex(mac_tag)
encrypted_key_str = base64.b64encode(a2b_hex(encrypted_key))
return encrypted_key_str.decode()
def test_generate_kd(self):
scrypt = Scrypt()
salt = ''.join(map(chr, bytes([0xfa, 0xa4, 0x88, 0x3d])))
kd = scrypt.generate_kd('passwordtest', salt)
target_kd = '9f0632e05eab137baae6e0a83300341531e8638612a08042d3a4074578869af1' \
'ccf5008e434d2cae9477f9e6e4c0571ab65a60e32e8c8fc356d95f64dd9717c9'
target_kd = binascii.a2b_hex(target_kd)
self.assertEqual(target_kd, kd)
def test_generate_kd(self):
scrypt = Scrypt()
password = '******'
salt = "".join(map(chr, bytes([0xfa, 0xa4, 0x88, 0x3d])))
kd1 = scrypt.generate_kd(password, salt)
kd2 = bytes.fromhex(
"9f0632e05eab137baae6e0a83300341531e8638612a08042d3a4074578869af1ccf5008e434d2cae9477f9e6e4c0571ab65a60e32e"
"8c8fc356d95f64dd9717c9")
self.assertEqual(kd1, kd2)
def export_gcm_encrypted_private_key(self, password: str, salt: str, n: int):
r = 8
p = 8
dk_len = 64
scrypt = Scrypt(n, r, p, dk_len)
derivedkey = scrypt.generate_kd(password, salt)
iv = derivedkey[0:12]
derivedhalf2 = derivedkey[32:64]
mac_tag, cipher_text = AESHandler.aes_gcm_encrypt_with_iv(self.__private_key,
self.__address.b58encode().encode(),
derivedhalf2,
iv)
encrypted_key = b2a_hex(cipher_text) + b2a_hex(mac_tag)
encrypted_key_str = base64.b64encode(a2b_hex(encrypted_key))
return encrypted_key_str.decode()
def get_gcm_decoded_private_key(encrypted_key_str: str, password: str, address: str, salt: str, n: int,
scheme: SignatureScheme) -> str:
r = 8
p = 8
dk_len = 64
scrypt = Scrypt(n, r, p, dk_len)
derivedkey = scrypt.generate_kd(password, salt)
iv = derivedkey[0:12]
derivedhalf2 = derivedkey[32:64]
encrypted_key = base64.b64decode(encrypted_key_str).hex()
mac_tag = a2b_hex(encrypted_key[64:96])
cipher_text = a2b_hex(encrypted_key[0:64])
pri_key = AESHandler.aes_gcm_decrypt_with_iv(cipher_text, address.encode(), mac_tag, derivedhalf2, iv)
pri_key = b2a_hex(pri_key).decode('ascii')
acct = Account(pri_key, scheme)
if acct.get_address().b58encode() != address:
raise RuntimeError
return pri_key