def encrypt(
cls,
plaintext: bytes,
key: bytes,
footer=b'',
) -> bytes:
if cls.nonce_for_unit_testing:
nonce = cls.nonce_for_unit_testing
cls.nonce_for_unit_testing = None
else:
nonce = pysodium.randombytes(
pysodium.crypto_aead_xchacha20poly1305_ietf_NPUBBYTES)
nonce = pysodium.crypto_generichash(
plaintext,
k=nonce,
outlen=pysodium.crypto_aead_xchacha20poly1305_ietf_NPUBBYTES)
ciphertext = pysodium.crypto_aead_xchacha20poly1305_ietf_encrypt(
message=plaintext,
ad=pre_auth_encode(cls.local_header, nonce, footer),
nonce=nonce,
key=key)
token = cls.local_header + b64encode(nonce + ciphertext)
if footer:
token += b'.' + b64encode(footer)
return token
def test_aead_xchacha20poly1305_ietf(self):
if not pysodium.sodium_version_check(1, 0, 12): return
key = binascii.unhexlify(b"4290bcb154173531f314af57f3be3b5006da371ece272afa1b5dbdd1100a1007")
input_ = binascii.unhexlify(b"86d09974840bded2a5ca")
nonce = binascii.unhexlify(b"cd7cf67be39c794acd7cf67bcd7cf67be39c794acd7cf67b")
for ad in [binascii.unhexlify(b"87e229d4500845a079c0"), None]:
output = pysodium.crypto_aead_xchacha20poly1305_ietf_encrypt(input_, ad, nonce, key)
output = pysodium.crypto_aead_xchacha20poly1305_ietf_decrypt(output, ad, nonce, key)
self.assertEqual(output, input_)
def test_aead_xchacha20poly1305_ietf(self):
if not pysodium.sodium_version_check(1, 0, 12): return
key = binascii.unhexlify(b"4290bcb154173531f314af57f3be3b5006da371ece272afa1b5dbdd1100a1007")
input_ = binascii.unhexlify(b"86d09974840bded2a5ca")
nonce = binascii.unhexlify(b"cd7cf67be39c794acd7cf67bcd7cf67be39c794acd7cf67b")
for ad in [binascii.unhexlify(b"87e229d4500845a079c0"), None]:
output = pysodium.crypto_aead_xchacha20poly1305_ietf_encrypt(input_, ad, nonce, key)
output = pysodium.crypto_aead_xchacha20poly1305_ietf_decrypt(output, ad, nonce, key)
self.assertEqual(output, input_)
def encrypt(plaintext: bytes,
key: bytes,
footer=b'',
nonce_testing=None) -> bytes:
if nonce_testing is not None:
nonce = nonce_testing
else:
nonce = randombytes(crypto_aead_xchacha20poly1305_ietf_NPUBBYTES)
nonce = crypto_generichash(
plaintext,
k=nonce,
outlen=crypto_aead_xchacha20poly1305_ietf_NPUBBYTES)
ciphertext = crypto_aead_xchacha20poly1305_ietf_encrypt(
message=plaintext,
ad=pre_auth_encode(consts.local_header, nonce, footer),
nonce=nonce,
key=key)
token = consts.local_header + b64encode(nonce + ciphertext)
if footer:
token += b'.' + b64encode(footer)
return token
def get_pdf(modeladmin, request, queryset):
documents = []
response = HttpResponse(content_type="application/pdf")
for wallet in queryset.all():
encryption_key = bytes.fromhex(settings.ENCRYPTION_KEY)
nonce = pysodium.randombytes(pysodium.crypto_secretbox_NONCEBYTES)
pk = pysodium.crypto_aead_xchacha20poly1305_ietf_encrypt(
wallet.private_key.encode('UTF-8'), None, nonce, encryption_key)
decrypted_pk = pysodium.crypto_aead_xchacha20poly1305_ietf_decrypt(
pk, None, nonce, encryption_key)
payload = {
'nonce': nonce.hex(),
'id': wallet.wallet_id,
'pk': pk.hex()
}
qr_code = pyqrcode.create(json.dumps(payload), error='M')
template = get_template('wallet/paper_wallet_pdf.html')
html = template.render(
{
'image': qr_code.png_as_base64_str(scale=5),
'logo': settings.STATIC_ROOT + '/wallet/ecoo_logo_bw.png',
'wetzikon_bw': settings.STATIC_ROOT + '/wallet/wetzikon_bw.png'
}, request) # .encode(encoding="UTF-8")
documents.append(
weasyprint.HTML(
string=html, base_url=request.build_absolute_uri()).write_pdf(
target=response,
presentational_hints=True,
stylesheets=[
CSS(settings.STATIC_ROOT + '/wallet/print.css')
]))
return response
def encrypt(plaintext, key):
nonce = secrets.token_bytes(NONCE_SIZE)
ciphertext = pysodium.crypto_aead_xchacha20poly1305_ietf_encrypt(
message=plaintext, ad=nonce, nonce=nonce, key=key)
return MAGIC_HEADER + base64.urlsafe_b64encode(nonce + ciphertext)
