def test_vectors(self):
for v in self.vectors:
key = load_ed25519_private_key(v['key'])
k = AsymmetricKey.put(self.session, 0, 'Test Ed25519', 0xffff,
CAPABILITY.SIGN_EDDSA, key)
self.assertEqual(serialize_ed25519_public_key(k.get_public_key()),
v['pubkey'])
self.assertEqual(k.sign_eddsa(v['msg']), v['sig'])
k.delete()
def test_vectors(self):
for v in self.vectors:
key = load_ed25519_private_key(v["key"])
k = AsymmetricKey.put(self.session, 0, "Test Ed25519", 0xFFFF,
CAPABILITY.SIGN_EDDSA, key)
self.assertEqual(serialize_ed25519_public_key(k.get_public_key()),
v["pubkey"])
self.assertEqual(k.sign_eddsa(v["msg"]), v["sig"])
k.delete()
def test_generate_sign_long(self):
key = AsymmetricKey.generate(self.session, 0, 'Test Ed25519', 0xffff,
CAPABILITY.SIGN_EDDSA,
ALGORITHM.EC_ED25519)
pubkey = key.get_public_key()
data = os.urandom(2019)
sig = key.sign_eddsa(data)
v_key = ed25519.VerifyingKey(serialize_ed25519_public_key(pubkey))
v_key.verify(sig, data)
key.delete()
def test_import_sign(self):
s_key, v_key = ed25519.create_keypair()
key = AsymmetricKey.put(self.session, 0, 'Test Ed25519', 0xffff,
CAPABILITY.SIGN_EDDSA,
load_ed25519_private_key(s_key.to_seed()))
data = os.urandom(129)
sig = key.sign_eddsa(data)
v_key.verify(sig, data)
self.assertEqual(sig, s_key.sign(data))
pub = key.get_public_key()
self.assertEqual(v_key.to_bytes(), serialize_ed25519_public_key(pub))
key.delete()
def test_import_sign(self):
s_key = ed25519.Ed25519PrivateKey.generate()
v_key = s_key.public_key()
key = AsymmetricKey.put(self.session, 0, "Test Ed25519", 0xFFFF,
CAPABILITY.SIGN_EDDSA, s_key)
data = os.urandom(129)
sig = key.sign_eddsa(data)
v_key.verify(sig, data)
self.assertEqual(sig, s_key.sign(data))
pub = key.get_public_key()
self.assertEqual(
v_key.public_bytes(serialization.Encoding.Raw,
serialization.PublicFormat.Raw),
serialize_ed25519_public_key(pub),
)
key.delete()
from yubihsm import YubiHsm
from yubihsm.defs import CAPABILITY, ALGORITHM
from yubihsm.objects import AsymmetricKey
from yubihsm import eddsa
authkeyID = 101 # For consistency, always create key number 101
password = getpass.getpass()
hsm = YubiHsm.connect("http://localhost:12345/connector/api")
session = hsm.create_session_derived(authkeyID, password)
# Generate recovery service keypairs on the YubiHSM for creating signatures. Always
# generate two sets of 64 keys, numbered 5001 through 5064 and 6001 through 6064.
for keynum in range(10001, 10065):
key = AsymmetricKey.generate( # Generate a new key object in the YubiHSM.
session, # Secure YubiHsm session to use.
keynum, # Object ID
"ndau key " + str(keynum), # Label for the object.
1, # Domain(s) for the object.
CAPABILITY.SIGN_EDDSA, # Capabilities for the ojbect.
ALGORITHM.EC_ED25519, # Algorithm for the key.
)
pub_key = eddsa.serialize_ed25519_public_key(key.get_public_key())
print("Public key number " + str(keynum) + ": " +
base64.standard_b64encode(pub_key).decode())
session.close()
hsm.close()
)
print("Created " + str(authkey))
session.close()
# Log in with new authentication key, create EDDSA asymmetric key, delete
# default authentication key
signkeynum = 1001 # ID used for first BPC signing key
session = hsm.create_session_derived(authkeynum, authpass)
signkey = AsymmetricKey.generate(
session,
signkeynum,
"ndau BPC signing key",
1,
CAPABILITY.SIGN_EDDSA,
ALGORITHM.EC_ED25519,
)
print("Created " + str(signkey))
print("Public key: " + str(
base64.b64encode(
eddsa.serialize_ed25519_public_key(signkey.get_public_key()))))
# Delete the default authentication key
session.get_object(default_authkey, OBJECT.AUTHENTICATION_KEY).delete()
session.close()
hsm.close()
exit(0)