def verifySig(identifier, signature, msg) -> bool: key = cryptonymToHex(identifier) if not isHex(identifier) else identifier ser = serializeForSig(msg) b64sig = signature.encode('utf-8') sig = b64decode(b64sig) vr = Verifier(key) return vr.verify(sig, ser)
def testFullSigning(): # stored securely/privately seed = randombytes(32) # generates key pair based on seed sk = SigningKey(seed=seed) # helper for signing signer = Signer(sk) # this is the public key used to verify signatures (securely shared before-hand with recipient) verkey = signer.verhex # the message to be signed msg = b'1234' # the signature sig = signer.signature(msg) # helper for verification vr = Verifier(verkey) # verification isVerified = vr.verify(sig, msg) assert isVerified
def authenticate(self, msg: Mapping, identifier: str=None, signature: str=None) -> bool: """ Authenticate the client's message with the signature provided. :param identifier: some unique identifier; if None, then try to use msg['clientId'] as identifier :param signature: a utf-8 and base64 encoded signature :param msg: the message to authenticate :return: the identifier; an exception of type SigningException is raised if the signature is not valid """ try: if not signature: try: signature = msg["signature"] if not signature: raise EmptySignature except KeyError: raise MissingSignature if not identifier: try: identifier = msg[f.CLIENT_ID.nm] if not identifier: raise EmptyIdentifier except KeyError: raise MissingIdentifier b64sig = signature.encode('utf-8') sig = b64decode(b64sig) ser = serializeForSig(msg) try: verkey = self.clients[identifier] except KeyError: raise InvalidIdentifier vr = Verifier(verkey) isVerified = vr.verify(sig, ser) if not isVerified: raise InvalidSignature except SigningException: raise except Exception as ex: raise CouldNotAuthenticate from ex return identifier
class DidVerifier(Verifier): def __init__(self, verkey, identifier=None): self._verkey = None self._vr = None if identifier: rawIdr = b58decode(identifier) if len(rawIdr) == 32 and not verkey: # assume cryptonym verkey = identifier if verkey[0] == '~': # abbreviated verkey = b58encode( b58decode(identifier) + b58decode(verkey[1:])) self.verkey = verkey @property def verkey(self): return self._verkey @verkey.setter def verkey(self, value): self._verkey = value self._vr = NaclVerifier(b58decode(value)) def verify(self, sig, msg) -> bool: return self._vr.verify(sig, msg)
def authenticate(self, msg: Dict, identifier: str = None, signature: str = None) -> str: try: if not signature: try: signature = msg[f.SIG.nm] if not signature: raise EmptySignature(identifier, msg.get(f.REQ_ID.nm)) except KeyError: raise MissingSignature if not identifier: try: identifier = msg[f.IDENTIFIER.nm] if not identifier: raise EmptyIdentifier except KeyError: raise MissingIdentifier b64sig = signature.encode('utf-8') sig = b64decode(b64sig) ser = serializeForSig(msg) try: verkey = self.getVerkey(identifier) except KeyError: # TODO: Should probably be called UnknownIdentifier raise InvalidIdentifier(identifier, msg.get(f.REQ_ID.nm)) vr = Verifier(verkey) isVerified = vr.verify(sig, ser) if not isVerified: raise InvalidSignature except SigningException as e: raise e except Exception as ex: raise CouldNotAuthenticate from ex return identifier
class DidVerifier(Verifier): def __init__(self, verkey, identifier=None): self._verkey = None self._vr = None if identifier: rawIdr = b58decode(identifier) if len(rawIdr) == 32 and not verkey: # assume cryptonym verkey = identifier if verkey[0] == '~': # abbreviated verkey = b58encode(b58decode(identifier) + b58decode(verkey[1:])) self.verkey = verkey @property def verkey(self): return self._verkey @verkey.setter def verkey(self, value): self._verkey = value self._vr = NaclVerifier(b58decode(value)) def verify(self, sig, msg) -> bool: return self._vr.verify(sig, msg)