def encrypt_and_sign( recipient_pubkey_enc: UmbralPublicKey, plaintext: bytes, signer: 'SignatureStamp', sign_plaintext: bool = True) -> Tuple[UmbralMessageKit, Signature]: if signer is not constants.DO_NOT_SIGN: # The caller didn't expressly tell us not to sign; we'll sign. if sign_plaintext: # Sign first, encrypt second. sig_header = constants.SIGNATURE_TO_FOLLOW signature = signer(plaintext) ciphertext, capsule = pre.encrypt( recipient_pubkey_enc, sig_header + signature + plaintext) else: # Encrypt first, sign second. sig_header = constants.SIGNATURE_IS_ON_CIPHERTEXT ciphertext, capsule = pre.encrypt(recipient_pubkey_enc, sig_header + plaintext) signature = signer(ciphertext) message_kit = UmbralMessageKit( ciphertext=ciphertext, capsule=capsule, sender_verifying_key=signer.as_umbral_pubkey(), signature=signature) else: # Don't sign. signature = sig_header = constants.NOT_SIGNED ciphertext, capsule = pre.encrypt(recipient_pubkey_enc, sig_header + plaintext) message_kit = UmbralMessageKit(ciphertext=ciphertext, capsule=capsule) return message_kit, signature
def _encrypt_credential_and_voter_short_private_key( self, credential: Tuple[UmbralPublicKey, Signer], private_key: UmbralPrivateKey) -> Dict[str, Tuple[bytes, Capsule]]: """encrypt credential and voter short private key Arguments: credential {Tuple[UmbralPublicKey, Signer]} private_key {UmbralPrivateKey} Returns: Dict[str, Tuple[bytes, Capsule]] -- need to save Capsule """ credential_bytes = credential[0].to_bytes() + bytes(credential[1]) private_key_bytes = private_key.to_bytes() (enc_credential, c_capsule) = encrypt(self.public_key, credential_bytes) (enc_private_key, p_capsule) = encrypt(self.public_key, private_key_bytes) voter_public_key = credential[0] for capsule in (c_capsule, p_capsule): capsule.set_correctness_keys(delegating=self.public_key, receiving=voter_public_key, verifying=self.verifying_key) return { "credential": (enc_credential, c_capsule), "private_key": (enc_private_key, p_capsule) }
def newUser(self, userAddress, firstName, lastName, dateOfBirth): userAddress = Web3.toChecksumAddress(userAddress) firstName, firstNameCapsule = pre.encrypt(self.publicKey, firstName) lastName, lastNameCapsule = pre.encrypt(self.publicKey, lastName) dateOfBirth, dateOfBirthCapsule = pre.encrypt(self.publicKey, dateOfBirth) firstNameCapsule = firstNameCapsule.to_bytes() lastNameCapsule = lastNameCapsule.to_bytes() dateOfBirthCapsule = dateOfBirthCapsule.to_bytes() self.ehr.newUser(userAddress, firstNameCapsule, lastNameCapsule, dateOfBirthCapsule, firstName, lastName, dateOfBirth)
def updateDisease(self, userAddress, diseaseTimestamp, message): userAddress = Web3.toChecksumAddress(userAddress) historyTimestamp = time.time() historyTimestamp = str(historyTimestamp).split('.')[0] historyTimestamp = bytes(historyTimestamp, encoding='utf-8') historyTimestamp, historyTimestampCapsule = pre.encrypt( self.publicKey, historyTimestamp) message, messageCapsule = pre.encrypt(self.publicKey, message) historyTimestamp = historyTimestamp.to_bytes() messageCapsule = messageCapsule.to_bytes() self.ehr.updateDisease(userAddress, historyTimestampCapsule, messageCapsule, diseaseTimestamp, historyTimestamp, message)
def addDisease(self, userAddress, diagnosis, therapy): userAddress = Web3.toChecksumAddress(userAddress) diseaseTimestamp = time.time() diseaseTimestamp = str(diseaseTimestamp).split('.')[0] diseaseTimestamp = bytes(diseaseTimestamp, encoding='utf-8') diagnosis, diagnosisCapsule = pre.encrypt(self.publicKey, diagnosis) therapy, therapyCapsule = pre.encrypt(self.publicKey, therapy) diseaseTimestamp, diseaseTimestampCapsule = pre.encrypt( self.publicKey, diseaseTimestamp) diagnosisCapsule = diagnosisCapsule.to_bytes() therapyCapsule = therapyCapsule.to_bytes() diseaseTimestampCapsule = diseaseTimestampCapsule.to_bytes() self.ehr.addDisease(userAddress, diseaseTimestampCapsule, diagnosisCapsule, therapyCapsule, diseaseTimestamp, diagnosis, therapy)
def encrypt(): # Get data from request json_data = json.loads(request.data.decode('utf-8')) data = json_data["hash"].encode( 'utf-8') #, json_data['alice_pubkey'], json_data['alice_privkey'] alice_pubkey, alice_privkey = gen_alice() # Encrypt some data plaintext = data ciphertext, capsule = pre.encrypt(alice_pubkey, plaintext) alice_signing_privkey = keys.UmbralPrivateKey.gen_key() alice_signing_pubkey = alice_signing_privkey.get_pubkey() alice_signer = Signer(alice_signing_privkey) # Perform split-rekey and grant re-encryption policy alice_kfrags = pre.split_rekey(alice_privkey, alice_signer, bob_pubkey, 10, 20) policy_id = mock_kms.grant(alice_kfrags) alice_pubkey.from_bytes response = { "ciphertext": bytes_to_string(ciphertext), "policy_id": policy_id, "capsule": bytes_to_string(capsule.to_bytes()), "alice_pubkey": bytes_to_string(alice_pubkey.to_bytes()), "alice_signing_pubkey": bytes_to_string(alice_signing_pubkey.to_bytes()) } return jsonify(response)
def encrypt(): if request.content_type.lower() != "application/json": abort(415) data = request.get_json() if "publicKey" in data and "plaintext" in data: try: start = time.perf_counter() publicKey = keys.UmbralPublicKey.from_hex(data["publicKey"]) plaintext = data["plaintext"].encode("utf-8") ciphertext, capsule = pre.encrypt(publicKey, plaintext) end = time.perf_counter() time_stats_endpoints["encrypt"].append(end - start) return { "status": "ok", "ciphertext": ciphertext.hex(), "capsule": capsule.to_bytes().hex() } except Exception as e: return {"status": "error", "error": str(e)} abort(400)
def generate_secret_key(): alices_private_key = keys.UmbralPrivateKey.gen_key() alices_public_key = alices_private_key.get_pubkey() alices_signing_key = keys.UmbralPrivateKey.gen_key() alices_verifying_key = alices_signing_key.get_pubkey() alices_signer = signing.Signer(private_key=alices_signing_key) # Generate Umbral keys for Bob. bobs_private_key = keys.UmbralPrivateKey.gen_key() bobs_public_key = bobs_private_key.get_pubkey() plaintext = b'Proxy Re-Encryption is cool!' ciphertext, capsule = pre.encrypt(alices_public_key, plaintext) # Decrypt data with Alice's private key. cleartext = pre.decrypt(ciphertext=ciphertext, capsule=capsule, decrypting_key=alices_private_key) kfrags = pre.generate_kfrags(delegating_privkey=alices_private_key, signer=alices_signer, receiving_pubkey=bobs_public_key, threshold=10, N=20) return jsonify( { "encrypted_result": f'{kfrags}' } )
def main(m, n, filenames): files = [open(filename, 'w') for filename in filenames] config.set_default_curve() alice_privkey = keys.UmbralPrivateKey.gen_key() alice_pubkey = alice_privkey.get_pubkey() bob_privkey = keys.UmbralPrivateKey.gen_key() bob_pubkey = bob_privkey.get_pubkey() mock_kms = MockNetwork() sys.stderr.write('Server with PID %s is ready to pipe messages.\n' % os.getpid()) for line in sys.stdin: ciphertext, capsule = pre.encrypt(alice_pubkey, line.rstrip('\n').encode('utf8')) alice_kfrags = pre.split_rekey(alice_privkey, bob_pubkey, m, n) policy_id = mock_kms.grant(alice_kfrags) bob_cfrags = mock_kms.reencrypt(policy_id, capsule, m) bob_capsule = capsule for cfrag in bob_cfrags: bob_capsule.attach_cfrag(cfrag) decrypted = pre.decrypt(ciphertext, bob_capsule, bob_privkey, alice_pubkey) for file in files: file.write('%s\n' % decrypted.decode('utf8')) file.flush() mock_kms.revoke(policy_id)
def alicebob_side_channel(alice): plaintext = b"Welcome to the flippering." ciphertext, capsule = pre.encrypt(alice.public_key(EncryptingPower), plaintext) return MessageKit(ciphertext=ciphertext, capsule=capsule, alice_pubkey=alice.public_key(EncryptingPower))
def test_alice_sends_fake_kfrag_to_ursula(N, M): priv_key_alice = keys.UmbralPrivateKey.gen_key() pub_key_alice = priv_key_alice.get_pubkey() priv_key_bob = keys.UmbralPrivateKey.gen_key() pub_key_bob = priv_key_bob.get_pubkey() plaintext = b'peace at dawn' ciphertext, capsule = pre.encrypt(pub_key_alice, plaintext) cleartext = pre.decrypt(capsule, priv_key_alice, ciphertext) assert cleartext == plaintext k_frags = pre.split_rekey(priv_key_alice, pub_key_bob, M, N) # Alice tries to frame the first Ursula by sending her a random kFrag k_frags[0].bn_key = BigNum.gen_rand() for k_frag in k_frags: c_frag = pre.reencrypt(k_frag, capsule) capsule.attach_cfrag(c_frag) with pytest.raises(Exception): _ = pre.decrypt(capsule, priv_key_bob, ciphertext, pub_key_alice)
def encrypt_and_save(file_content, filename, key): # Convert to UTF-8 bytes if not already in bytes format. try: if not isinstance(file_content, (bytes, bytearray)): file_content = str(file_content).encode('utf-8') # TODO: pass keys in as params. priv_key = keys.UmbralPrivateKey.gen_key() pub_key = priv_key.get_pubkey() # Encrypt file data with public key. ciphertext, capsule = pre.encrypt(pub_key, file_content) # Save file locally on the server. # TODO: can use external (nonlocal) service such as S3 for storing/retrieving encrypted files. bytes_written = 0 with open("%s/%s" % (DEST_FOLDER, filename), 'wb') as f: bytes_written = f.write(ciphertext) capsule_written = 0 with open("%s/capsule_%s" % (DEST_FOLDER, filename), 'wb') as f: capsule_written = f.write(str(capsule).encode()) print('wrote %d encrypted bytes to %s, with %d capsule bytes' % (bytes_written, filename, capsule_written)) except Exception as e: print(e)
def test_decryption_fails_when_it_expects_a_proof_and_there_isnt(N, M, alices_keys, bobs_keys): """Manually injects umbralparameters for multi-curve testing.""" delegating_privkey, signing_privkey = alices_keys delegating_pubkey = delegating_privkey.get_pubkey() signer = Signer(signing_privkey) priv_key_bob, pub_key_bob = bobs_keys plain_data = b'peace at dawn' ciphertext, capsule = pre.encrypt(delegating_privkey.get_pubkey(), plain_data) kfrags = pre.split_rekey(delegating_privkey, signer, pub_key_bob, M, N) capsule.set_correctness_keys(delegating=delegating_privkey.get_pubkey(), receiving=pub_key_bob, verifying=signing_privkey.get_pubkey()) for kfrag in kfrags[:M]: cfrag = pre.reencrypt(kfrag, capsule) capsule.attach_cfrag(cfrag) # Even thought we can successfully attach a CFrag, if the proof is lost # (for example, it is chopped off a serialized CFrag or similar), then decrypt # will still fail. cfrag.proof = None with pytest.raises(cfrag.NoProofProvided): _cleartext = pre.decrypt(ciphertext, capsule, priv_key_bob)
def encrypt(): if not request.json: abort(400) bob_public_key = request.json['recipient'] pop_correct_public_key_hex = "03" + bob_public_key[-64:] print(pop_correct_public_key_hex) signedtext = request.json['data'] alices_signing_key = keys.UmbralPrivateKey.gen_key() alices_verifying_key = alices_signing_key.get_pubkey() alices_signer = signing.Signer(private_key=alices_signing_key) #signedText bob = keys.UmbralPublicKey.from_bytes( bytes.fromhex(pop_correct_public_key_hex)) ciphertext, capsule = pre.encrypt(bob, str.encode(signedtext)) #grants access to Bob # kfrags = pre.generate_kfrags(delegating_privkey=alices_signing_key, # signer=alices_signer, # receiving_pubkey=bob, # threshold=10, # N=20) #, "capsule":capsule return jsonify(ciphertext=ciphertext.hex(), capsule=capsule.to_bytes().hex()), 200
def test_simple_api(N, M, curve=default_curve()): """Manually injects umbralparameters for multi-curve testing.""" params = UmbralParameters(curve=curve) delegating_privkey = UmbralPrivateKey.gen_key(params=params) delegating_pubkey = delegating_privkey.get_pubkey() signing_privkey = UmbralPrivateKey.gen_key(params=params) signing_pubkey = signing_privkey.get_pubkey() signer = Signer(signing_privkey) receiving_privkey = UmbralPrivateKey.gen_key(params=params) receiving_pubkey = receiving_privkey.get_pubkey() plain_data = b'peace at dawn' ciphertext, capsule = pre.encrypt(delegating_pubkey, plain_data) cleartext = pre.decrypt(ciphertext, capsule, delegating_privkey) assert cleartext == plain_data capsule.set_correctness_keys(delegating=delegating_pubkey, receiving=receiving_pubkey, verifying=signing_pubkey) kfrags = pre.split_rekey(delegating_privkey, signer, receiving_pubkey, M, N) for kfrag in kfrags: cfrag = pre.reencrypt(kfrag, capsule) capsule.attach_cfrag(cfrag) reenc_cleartext = pre.decrypt(ciphertext, capsule, receiving_privkey) assert reenc_cleartext == plain_data
def encrypt(): # Get data from request json_data = json.loads(request.data.decode('utf-8')) data, alice_pubkey, alice_privkey = json_data["hash"].encode( 'utf-8'), json_data['alice_pubkey'], json_data['alice_privkey'] alice_pubkey = string_to_bytes(alice_pubkey) alice_pubkey = keys.UmbralPublicKey.from_bytes(alice_pubkey) alice_privkey = string_to_bytes(alice_privkey) alice_privkey = keys.UmbralPrivateKey.from_bytes(alice_privkey) # Encrypt some data plaintext = data ciphertext, capsule = pre.encrypt(alice_pubkey, plaintext) # convert capsule to str capsule_id = str(uuid.uuid4()) string_capsule = bytes_to_string(capsule.to_bytes()) r.set(capsule_id, string_capsule) # capsule_id = mock_kms.putcapsule(capsule) response = { "ciphertext": bytes_to_string(ciphertext), "capsule_id": capsule_id, } return jsonify(response)
def test_simple_api(N, M, curve=default_curve()): """Manually injects umbralparameters for multi-curve testing.""" params = UmbralParameters(curve=curve) priv_key_alice = keys.UmbralPrivateKey.gen_key(params=params) pub_key_alice = priv_key_alice.get_pubkey() priv_key_bob = keys.UmbralPrivateKey.gen_key(params=params) pub_key_bob = priv_key_bob.get_pubkey() plain_data = b'peace at dawn' ciphertext, capsule = pre.encrypt(pub_key_alice, plain_data, params=params) cleartext = pre.decrypt(ciphertext, capsule, priv_key_alice, params=params) assert cleartext == plain_data kfrags = pre.split_rekey(priv_key_alice, pub_key_bob, M, N, params=params) for kfrag in kfrags: cfrag = pre.reencrypt(kfrag, capsule, params=params) capsule.attach_cfrag(cfrag) reenc_cleartext = pre.decrypt(ciphertext, capsule, priv_key_bob, pub_key_alice, params=params) assert reenc_cleartext == plain_data
def test_capsule_as_dict_key(alices_keys): priv_key_alice, pub_key_alice = alices_keys plain_data = b'peace at dawn' ciphertext, capsule = pre.encrypt(pub_key_alice, plain_data) # We can use the capsule as a key, and successfully lookup using it. some_dict = {capsule: "Thing that Bob wants to try per-Capsule"} assert some_dict[capsule] == "Thing that Bob wants to try per-Capsule" kfrags = pre.split_rekey(alices_keys.priv, alices_keys.pub, 1, 2) cfrag = pre.reencrypt(kfrags[0], capsule) capsule.attach_cfrag(cfrag) cfrag = pre.reencrypt(kfrags[1], capsule) capsule.attach_cfrag(cfrag) # Even if we activate the capsule, it still serves as the same key. cleartext = pre.decrypt(ciphertext, capsule, alices_keys.priv, alices_keys.pub) assert some_dict[capsule] == "Thing that Bob wants to try per-Capsule" assert cleartext == plain_data # And if we change the value for this key, all is still well. some_dict[capsule] = "Bob has changed his mind." assert some_dict[capsule] == "Bob has changed his mind." assert len(some_dict.keys()) == 1
def get(self): sk_filename = "pk1" sk = keys.UmbralPrivateKey.gen_key() open("data/pk/" + sk_filename, "w").write(sk.to_bytes().hex()) vk = sk.get_pubkey() user_id = vk.to_bytes().hex() timestamp = str(time.time()) sk_sign = signing.Signer(sk) signature = sk_sign(timestamp.encode("utf8")) content = b"{}" ciphertext, capsule = pre.encrypt(vk, content) folder_size = "0" block_size = len(ciphertext) folder_hash = hashlib.sha1(ciphertext).hexdigest() folder_hash_binary = bin(int(folder_hash, 16))[2:].zfill(32 * 4) addr, groupid = yield get_group(folder_hash_binary) print("ciphertext", len(ciphertext), "capsule", capsule.to_bytes().hex()) http_client = tornado.httpclient.AsyncHTTPClient() url = "http://%s:%s/user?user_id=%s&folder_hash=%s&block_size=%s&folder_size=%s&groupid=%s&capsule=%s×tamp=%s&signature=%s" \ % (tuple(addr)+(user_id, folder_hash, block_size, folder_size, groupid, capsule.to_bytes().hex(), timestamp, bytes(signature).hex())) try: response = yield http_client.fetch(url, method="POST", body=ciphertext) except Exception as e: print("Error: %s" % e) self.finish({"user_id": user_id})
def file_encrypt_and_upload(self,file): #file代表文件位置 #该函数处理数据加密以及上传至ipfs以及区块链的功能 with open(file,"rb") as f: data=f.read() encrpted_file=fernet.Fernet(self.key).encrypt(data) with open("%s_encrypted"%file,"wb") as f_: f_.write(encrpted_file) res=self.client.add("%s_encrypted"%file) #删除加密文件,防止积累 os.remove("./%s_encrypted"%file) upload=[]#可能需要加密 upload.append(res['Hash']) key=str(self.key,encoding="utf-8") upload.append(key) upload=" ".join(upload)#上链字符串数据 print(upload) ciphertext,capsule=pre.encrypt(self.pub_key,bytes(upload,encoding="utf-8")) #print(ciphertext) #可能需要非对称加密 upload_data=self.w3.toHex(ciphertext) txo = {} txo['from'] = self.w3.eth.accounts[0] txo['to'] = self.w3.eth.accounts[1] txo['value'] = self.w3.toHex(0) txo['data'] = upload_data self.w3.geth.personal.unlockAccount(self.w3.eth.accounts[0], "123456") transaction_hash = self.w3.eth.sendTransaction(txo)#交易hash可以以数据库形式存储 self.w3.geth.miner.start() self.w3.eth.waitForTransactionReceipt(transaction_hash) self.w3.geth.miner.stop() print("成功上链") #建立交易哈希与capsule的键值关系,保存至json文件 #self.record[transaction_hash]=capsule capsule=capsule.to_bytes()#capsule #print(type(capsule)) #transaction_hash=transaction_hash.hex() data={transaction_hash:capsule} print(data) if not os.path.exists("data.pkl"): list=[] with open("data.pkl","wb") as f: list.append(data) pickle.dump(list,f) else: fr=open("data.pkl","rb") old_pickle=pickle.load(fr) fr.close() old_pickle.append(data) with open("data.pkl","wb") as f: pickle.dump(old_pickle,f) data={"IP":self.IP,"tx_hash":transaction_hash.hex()} responce=requests.post(url="http://10.134.205.182:8085/sendjson",json=data,verify=False) if responce.status_code==200: print("上传完毕")
def get_signer_keys (): alices_private_key = keys.UmbralPrivateKey.gen_key() alices_public_key = alices_private_key.get_pubkey() alices_signing_key = keys.UmbralPrivateKey.gen_key() alices_verifying_key = alices_signing_key.get_pubkey() alices_signer = signing.Signer(private_key=alices_signing_key) newkeys = {"privateSigningKey": alices_signing_key, "publicSigningKey": alices_verifying_key, "signer": alices_signer} # print (newkeys) with open("python/proxy/23.jpg", "rb") as imageFile: f = imageFile.read() plaintext = bytes(f) # print("imgStart") # print(b) # print("imgEnd") # plaintext = b'Proxy Re-encryption is cool!' # print("@@@@") # print(plaintext) ciphertext, capsule = pre.encrypt(alices_public_key, plaintext) # print(ciphertext) print(capsule) bob_capsule = capsule bobs_private_key = keys.UmbralPrivateKey.gen_key() bobs_public_key = bobs_private_key.get_pubkey() kfrags = pre.generate_kfrags(delegating_privkey=alices_private_key, signer=alices_signer, receiving_pubkey=bobs_public_key, threshold=10, N=20) print(kfrags) bob_capsule.set_correctness_keys(delegating=alices_public_key, receiving=bobs_public_key, verifying=alices_verifying_key)
def file_encrypt_and_upload(self, file): symmetric_key = fernet.Fernet.generate_key() with open(file, "rb") as f: data = f.read() encrpted_file = fernet.Fernet(symmetric_key).encrypt(data) encrypted_key, capsule = pre.encrypt(self.pub_key, symmetric_key) print(encrypted_key) upload = encrpted_file + b" " + encrypted_key res = self.client.add_bytes(upload) print(res, capsule) data_now = {res: capsule} self.record.update(data_now) capsule = capsule.to_bytes() data = {res: capsule} if not os.path.exists("data.pkl"): list = [] with open("data.pkl", "wb") as f: list.append(data) pickle.dump(list, f) print("file upload sucess") else: fr = open("data.pkl", "rb") old_pickle = pickle.load(fr) fr.close() old_pickle.append(data) with open("data.pkl", "wb") as f: pickle.dump(old_pickle, f) print("file upload success")
def test_public_key_encryption(alices_keys): delegating_privkey, _ = alices_keys plain_data = b'peace at dawn' ciphertext, capsule = pre.encrypt(delegating_privkey.get_pubkey(), plain_data) cleartext = pre.decrypt(ciphertext, capsule, delegating_privkey) assert cleartext == plain_data
def newKey(self, keyName, keyValue, path): keyValue, keyCapsule = pre.encrypt(self.publicKey, keyValue) keyCapsule = keyCapsule.to_bytes() tx = self._buildTx().newKey(keyName, keyValue, keyCapsule, self.publicKeyBytes) result = self._ethTransaction(tx) if result: print('Key added') else: print('Key is already exist')
def updateKey(self, keyName, keyValue, path): keyValue, keyCapsule = pre.encrypt(self.publicKey, keyValue) keyCapsule = keyCapsule.to_bytes() tx = self._buildTx().updateKey(keyName, keyValue, keyCapsule) result = self._ethTransaction(tx) if result: print('Key updated') else: print('Key is not exist or you not creator')
def encrypto(self, clear_text, owner_public_key): crypto_start_time = time.time() ciphertext, capsule = pre.encrypt(owner_public_key, clear_text) print('{} {}'.format(sys.getsizeof(ciphertext), sys.getsizeof(capsule))) crypto_end_time = time.time() timeUsed = type_convert.double_process(crypto_end_time - crypto_start_time) return ciphertext, capsule, timeUsed
def en(alices_public_key, plaintext): ################# ENCRYPT # Encrypt data with Alice's public key. ################# [] # plaintext = b'Proxy Re-Encryption is cool!' ciphertext, capsule = pre.encrypt(alices_public_key, str.encode(plaintext)) # print("params", params.to_bytes()) return ciphertext, capsule
def encrypt_(): user_id = request.args.get('user_id') if not user_id in users: print("User not found, creating new") new_user(user_id) user = users[user_id] global capsule ciphertext, capsule = pre.encrypt(user['pubk'], request.args.get('msg').encode()) return base64.b64encode(ciphertext).decode()
def encrypt_message(receiver_pub_key, plaintext, sender_priv_key): ciphertext, capsule = pre.encrypt(receiver_pub_key, plaintext) kfrags = pre.split_rekey(sender_priv_key, receiver_pub_key, 10, 20) for k in kfrags: cfrag = pre.reencrypt(kfrag, capsule) capsule.attach_cfrag(cfrag) return ciphertext, capsule
def encrypt_for( self, recipient: "Character", plaintext: bytes, sign: bool = True, sign_plaintext=True, ) -> tuple: """ Encrypts plaintext for recipient actor. Optionally signs the message as well. :param recipient: The character whose public key will be used to encrypt cleartext. :param plaintext: The secret to be encrypted. :param sign: Whether or not to sign the message. :param sign_plaintext: When signing, the cleartext is signed if this is True, Otherwise, the resulting ciphertext is signed. :return: A tuple, (ciphertext, signature). If sign==False, then signature will be NOT_SIGNED. """ recipient_pubkey_enc = recipient.public_key(EncryptingPower) if sign: if sign_plaintext: # Sign first, encrypt second. signature = self.stamp(plaintext) ciphertext, capsule = pre.encrypt(recipient_pubkey_enc, signature + plaintext) else: # Encrypt first, sign second. ciphertext, capsule = pre.encrypt(recipient_pubkey_enc, plaintext) signature = self.stamp(ciphertext) else: # Don't sign. signature = NOT_SIGNED ciphertext, capsule = pre.encrypt(recipient_pubkey_enc, plaintext) message_kit = MessageKit(ciphertext=ciphertext, capsule=capsule) message_kit.alice_pubkey = self.public_key(SigningPower) return message_kit, signature