def create_wallet(seed=None):
"""
Generate a new wallet. The wallet uses a key pair and an address
based on the SHA1 of the generated wallet's public key. The keys
generated use the ECDSA key generation algorithm with the curve
SECP256k1, the same as bitcoin.
"""
logging.debug("Creating wallet(seed={})".format(seed))
if seed is None:
seed = ''.join([
random.SystemRandom().choice(string.ascii_letters +
string.digits) for _ in range(50)
])
seed = int(hashlib.sha256(seed).hexdigest(), 16)
secret_exponent = randrange_from_seed__trytryagain(
seed, SECP256k1.order)
private_key = SigningKey.from_secret_exponent(secret_exponent,
curve=SECP256k1)
public_key = private_key.get_verifying_key()
address = 'QC' + hashlib.sha1(public_key.to_string()).hexdigest()
wallet = {
'private_key': binascii.b2a_base64(private_key.to_string()),
'public_key': binascii.b2a_base64(public_key.to_string()),
'address': address
}
return wallet
def getPrivateKeyFromPassPhrase(passphrase):
logging.debug(
f'getPrivateKeyFromPassPhrase called with passphrase {passphrase}')
secexp = randrange_from_seed__trytryagain(
hashlib.sha256(str(passphrase).encode(ENCODING)).hexdigest(),
NIST256p.order)
sk = SigningKey.from_secret_exponent(secexp, curve=NIST256p)
return binaryStringFormat(sk.to_pem())
def signMessageFromPassPhrase(message, passphrase):
logging.debug(
f'signMessageFromPassPhrase call with message {message} and passphrase {passphrase}'
)
secexp = randrange_from_seed__trytryagain(
hashlib.sha256(str(passphrase).encode(ENCODING)).hexdigest(),
NIST256p.order)
sk = SigningKey.from_secret_exponent(secexp, curve=NIST256p)
return signMessage(message, binaryStringFormat(sk.to_pem()))
def getPublicKeyFromPassPhrase(passphrase):
logging.debug(
f'getPublicKeyFromPassPhrase called with passphrase {passphrase}')
secexp = randrange_from_seed__trytryagain(
hashlib.sha256(str(passphrase).encode(ENCODING)).hexdigest(),
NIST256p.order)
sk = SigningKey.from_secret_exponent(secexp, curve=NIST256p)
vk = sk.get_verifying_key()
return '04' + vk.to_string().hex()
def verifyMessageFromPassPhrase(message, signedMessage, passphrase):
logging.debug(
f'verifyMessageFromPassPhrase call with message {message}, signedMessage {signedMessage} and passphrase {passphrase}'
)
secexp = randrange_from_seed__trytryagain(
hashlib.sha256(str(passphrase).encode(ENCODING)).hexdigest(),
NIST256p.order)
sk = SigningKey.from_secret_exponent(secexp, curve=NIST256p)
vk = sk.get_verifying_key()
return verifyMessage(message, signedMessage, vk.to_string().hex())
def __init__(self, name, privkey=None):
"""
A wallet object is initialized by a private key.
"""
self.name = name
if privkey is None:
secexp = randrange_from_seed__trytryagain(
os.urandom(SECP256k1.baselen), SECP256k1.order)
self.privkey = SigningKey.from_secret_exponent(secexp,
curve=SECP256k1)
else:
self.privkey = privkey
self.pubkey = self.privkey.get_verifying_key()
self.address = tools.make_address([self.pubkey], 1)
def make_key_with_salt(seed, salt):
"""generates a key from a given seed, returns the key and a salt
Args:
seed
Returns:
signing key, a salt
Raises:
assertion failure if the signature is not verified
"""
ecdsa_seed = hash_256(seed + salt)
secexp = randrange_from_seed__trytryagain(ecdsa_seed, SECP256k1.order)
return SigningKey.from_secret_exponent(secexp, curve=SECP256k1), salt
def __init__(self, seed=None, signing_key=None):
assert seed is None or signing_key is None
if signing_key:
self.signing_key = signing_key
elif seed:
secret_exp = randrange_from_seed__trytryagain(seed, CURVE.order)
self.signing_key = SigningKey.from_secret_exponent(secret_exp,
curve=CURVE)
else:
self.signing_key = SigningKey.generate(curve=CURVE)
# The next two fields depend only on the signing_key
self.verifying_key = self.signing_key.get_verifying_key()
# note that if instead of to_string() we would use to_der()
# or to_pem(), we could use different elliptic curves for different addresses
self.address = self.verifying_key.to_string().hex()
def make_key(seed):
"""generates a key from a given seed, returns the key and a salt
Args:
seed
Returns:
signing key, a salt
Raises:
assertion failure if the signature is not verified
"""
random_bytes = hexlify(urandom(32))
salt = base64.urlsafe_b64encode(random_bytes)
ecdsa_seed = hash_256(seed + salt)
secexp = randrange_from_seed__trytryagain(ecdsa_seed, SECP256k1.order)
return SigningKey.from_secret_exponent(secexp, curve=SECP256k1), salt
def genkey_main():
from ecdsa import SigningKey, NIST256p
from ecdsa.util import randrange_from_seed__trytryagain
if asked_for_help() or len(sys.argv) not in (2, 3):
print(
"""
Generates key pair that can be used for Solo's signed firmware updates.
usage: %s <output-pem-file> [input-seed-file] [-h]
* Generates NIST P256 keypair.
* Public key must be copied into correct source location in solo bootloader
* The private key can be used for signing updates.
* You may optionally supply a file to seed the RNG for key generating.
"""
% sys.argv[0]
)
sys.exit(1)
if len(sys.argv) > 2:
seed = sys.argv[2]
print('using input seed file ', seed)
rng = open(seed, 'rb').read()
secexp = randrange_from_seed__trytryagain(rng, NIST256p.order)
sk = SigningKey.from_secret_exponent(secexp, curve=NIST256p)
else:
sk = SigningKey.generate(curve=NIST256p)
sk_name = sys.argv[1]
print('Signing key for signing device firmware: ' + sk_name)
open(sk_name, 'wb+').write(sk.to_pem())
vk = sk.get_verifying_key()
print('Public key in various formats:')
print()
print([c for c in vk.to_string()])
print()
print(''.join(['%02x' % c for c in vk.to_string()]))
print()
print('"\\x' + '\\x'.join(['%02x' % c for c in vk.to_string()]) + '"')
print()
def genkey(output_pem_file, input_seed_file=None):
from ecdsa import NIST256p, SigningKey
from ecdsa.util import randrange_from_seed__trytryagain
if input_seed_file is not None:
seed = input_seed_file
print("using input seed file ", seed)
rng = open(seed, "rb").read()
secexp = randrange_from_seed__trytryagain(rng, NIST256p.order)
sk = SigningKey.from_secret_exponent(secexp, curve=NIST256p)
else:
sk = SigningKey.generate(curve=NIST256p)
sk_name = output_pem_file
print(f"Signing key for signing device firmware: {sk_name}")
with open(sk_name, "wb+") as fh:
fh.write(sk.to_pem())
vk = sk.get_verifying_key()
return vk
def make_key(seed):
secexp = randrange_from_seed__trytryagain(seed)
return SigningKey.from_secret_exponent(secexp)
from ecdsa import SigningKey, NIST256p
from ecdsa.util import randrange_from_seed__trytryagain
import sys
if len(sys.argv) > 1:
print('using input seed file ', sys.argv[1])
rng = open(sys.argv[1], 'rb').read()
secexp = randrange_from_seed__trytryagain(rng, NIST256p.order)
sk = SigningKey.from_secret_exponent(secexp, curve=NIST256p)
else:
sk = SigningKey.generate(curve=NIST256p)
sk_name = 'signing_key.pem'
print('Signing key for signing device firmware: ' + sk_name)
open(sk_name, 'wb+').write(sk.to_pem())
vk = sk.get_verifying_key()
print('Public key in various formats:')
print()
print([c for c in vk.to_string()])
print()
print(''.join(['%02x' % c for c in vk.to_string()]))
print()
print('"\\x' + '\\x'.join(['%02x' % c for c in vk.to_string()]) + '"')
print()
def _get_verifying_key_string(seed):
# Returns the string of the verifying key, given the seed as input
secret_exponent = randrange_from_seed__trytryagain(seed, NIST384p.order)
signing_key = SigningKey.from_secret_exponent(secret_exponent, curve=NIST384p)
return signing_key.get_verifying_key().to_string()
def make_Skey(self, seed):
secexp = randrange_from_seed__trytryagain(seed, NIST384p.order)
return SigningKey.from_secret_exponent(secexp, curve=NIST384p)
def make_key(rnd, max_range=BLS12_381_ORDER):
secexp = randrange_from_seed__trytryagain(rnd, max_range)
return SigningKey.from_secret_exponent(secexp, curve=SECP256k1)
def make_key_from_seed(seed, curve=SECP256k1):
secexp = randrange_from_seed__trytryagain(seed, curve.order)
return SigningKey.from_secret_exponent(secexp, curve)
def _get_signing_key(seed):
# Transforming the seed in int (secret_exponent) of correct range and then returning a SigningKey aka private key
# Opens the door for HD address generation
secret_exponent = randrange_from_seed__trytryagain(seed, NIST384p.order)
return SigningKey.from_secret_exponent(secret_exponent, curve=NIST384p)
def generate_wallet(self):
seed = os.urandom(self.curve.baselen)
secexp = randrange_from_seed__trytryagain(seed, self.curve.order)
priv = SigningKey.from_secret_exponent(secexp, curve=self.curve, hashfunc=self.hash)
pub = priv.get_verifying_key()
return self.key_to_string(pub), self.key_to_string(priv), self.pub_to_address(self.key_to_string(pub))
def create_keypair(generator):
secexp = randrange_from_seed__trytryagain(generator, SECP256k1.order)
private_key = SigningKey.from_secret_exponent(secexp, curve=SECP256k1)
public_key = private_key.get_verifying_key()
return (private_key, public_key)
def secure_gen_private_key(seed):
secexp = randrange_from_seed__trytryagain(seed, NIST384p.order)
return SigningKey.from_secret_exponent(secexp, curve=NIST384p)