def setUpClass(cls):
priv, pub = ed25519.create_keypair()
extauth_settings.update({
'PRIVATE_KEY': priv.to_bytes(),
'PUBLIC_KEY': pub.to_bytes(),
})
cls.url = reverse('api:ext-auth-view')
def _make_keys(self):
# Makes a set of private and public keys
# Used for authentication
privkey, pubkey = ed25519.create_keypair()
pri = privkey.to_ascii(encoding=self.key_encoding)
pub = pubkey.to_ascii(encoding=self.key_encoding)
return pri, pub
def test_token_generation(self):
privkey, pubkey = ed25519.create_keypair()
token = make_login_token('bob',
1, ['MOD', 'HOST'],
'deadbeef',
key=privkey)
version, payload, sig = token.split('.')
self.assertEqual(version, '1')
pubkey.verify(sig, (version + '.' + payload).encode('utf-8'),
encoding='base64')
with self.assertRaises(ed25519.BadSignatureError):
pubkey.verify(sig, (version + '...' + payload).encode('utf-8'),
encoding='base64')
payload = json.loads(
b64decode(payload.encode('utf-8')).decode('utf-8'))
self.assertEqual(payload['username'], 'bob')
self.assertEqual(payload['uid'], 1)
self.assertEqual(payload['flags'], ['MOD', 'HOST'])
self.assertEqual(payload['nonce'], 'deadbeef')
self.assertEqual(type(payload['iat']), int)
def _make_keys(self):
# Makes a set of private and public keys
# Used for authentication
privkey, pubkey = ed25519.create_keypair()
pri = privkey.to_ascii(encoding=self.key_encoding)
pub = pubkey.to_ascii(encoding=self.key_encoding)
return pri, pub
def get_key(output_dir, role, key_type):
if key_type == 'ed25519':
try:
with open(path.join(output_dir, 'keys', '{}.priv'.format(role)), 'r') as f:
priv = f.read()
with open(path.join(output_dir, 'keys', '{}.pub'.format(role)), 'r') as f:
pub = f.read()
except IOError:
priv, pub = ed25519.create_keypair()
priv = binascii.hexlify(priv.to_bytes()).decode('utf-8')
pub = binascii.hexlify(pub.to_bytes()).decode('utf-8')
with open(path.join(output_dir, 'keys', '{}.priv'.format(role)), 'w') as f:
f.write(priv)
with open(path.join(output_dir, 'keys', '{}.pub'.format(role)), 'w') as f:
f.write(pub)
else:
raise Exception('unknown key type: {}'.format(key_type))
return (priv, pub)
def genkey():
signing_key, verifying_key = ed25519.create_keypair()
open("root_signing.key", "wb").write(signing_key.to_bytes())
open("root_signing.seed", "wb").write(signing_key.to_seed())
vkey_hex = verifying_key.to_ascii(encoding="hex")
print "the public key is", vkey_hex
pass
def setup(self):
super().setup()
if self.cnf.newprivatekey:
if self.cnf.privatekey:
self.logger.critical(
"Either generate a new key; or set one. Not both. Aborting."
)
sys.exit(1)
privatekey, publickey = ed25519.create_keypair()
if self.cnf.privatekeyfile:
if os.path.isfile(self.cnf.privatekeyfile):
self.logger.critical(
"Refusing to overwrite existing private key. Aborting."
)
sys.exit(1)
if 32 != open(self.cnf.privatekeyfile, "wb").write(
privatekey.to_seed()):
self.logger.critical(
"Failed to write the newly generated privatekeyfile. Aborting."
)
sys.exit(1)
self.logger.info("Wrote out newly generated private key")
else:
self.logger.info("Using empheral private key")
if self.cnf.privatekey:
seed = base64.b64decode(self.cnf.privatekey)
if len(seed) != 32:
self.logger.critical(
"Command line private key not exactly 32 bytes. aborting.")
sys.exit(1)
self.cnf.privatekey = ed25519.SigningKey(seed)
else:
if self.cnf.privatekeyfile:
seed = open(self.cnf.privatekeyfile, "rb").read(32)
if len(seed) != 32:
self.logger.critical(
"Private key in file is not exactly 32 bytes. aborting."
)
sys.exit(1)
self.cnf.privatekey = ed25519.SigningKey(seed)
if self.cnf.tofconly and not self.cnf.privatekey:
self.logger.critical("No private key - cannot do TOFC . Aborting.")
sys.exit(1)
self.cnf.publickey = self.cnf.privatekey.get_verifying_key()
self.pubkeys[self.cnf.node] = self.cnf.publickey
self.session_priv = curve.generatePrivateKey(Random.new().read(32))
self.session_pub = curve.generatePublicKey(self.session_priv)
def make_keypair(self):
priv, pub = ed25519.create_keypair()
print(r"""# Ext auth key pair. Place this in local_settings.py
DRAWPILE_EXT_AUTH = {{
'PRIVATE_KEY': b64decode({priv}),
'PUBLIC_KEY': {pub},
}}""".format(priv=b64encode(priv.to_bytes()), pub=b64encode(pub.to_bytes())))
def gen_seckey(cls) -> bytes:
"""Generates a secret key.
Returns:
A binary representation of the secret key.
"""
sk, vk = ed25519.create_keypair()
return sk.to_bytes()
def _make_keys(self):
# Makes a set of private and public keys
# Used for authentication
self.keysdb.load()
privkey, pubkey = ed25519.create_keypair()
pri = privkey.to_ascii(encoding=self.key_encoding)
pub = pubkey.to_ascii(encoding=self.key_encoding)
self.keysdb.add_key(pub, pri)
def generateSeed(hashable_keyword: str = '') -> bytes:
"""Generate a private key, with optional keyword to get reproducible tests results or later HD Wallet."""
if len(hashable_keyword):
seed = hashlib.sha256(hashable_keyword).digest()
signing_key = ed25519.SigningKey(seed)
else:
signing_key, _ = ed25519.create_keypair()
return signing_key.to_bytes()[:32]
def _make_keys(self):
# Makes a set of private and public keys
# Used for authentication
self.keysdb.load()
privkey, pubkey = ed25519.create_keypair()
pri = privkey.to_ascii(encoding=self.key_encoding)
pub = pubkey.to_ascii(encoding=self.key_encoding)
self.keysdb.add_key(pub, pri)
def __init__(self):
self.signing_key, self.verifying_key = ed25519.create_keypair()
self.PublicKey = self.verifying_key.to_ascii(encoding="hex")
self.PrivateKey = self.signing_key.to_ascii(encoding="hex")
self.SigningKey = self.signing_key
self.VerifiyingKey = self.verifying_key
self.Username = str(self.PublicKey)[2:-1]
self.Password = str(self.PrivateKey)[2:-1]
def generateKey():
private_key, public_key = ed25519.create_keypair()
pubHandle = open(PUBLIC_KEY, "wb")
pubHandle.write(public_key.to_bytes())
pubHandle.close()
privHandle = open(PRIVATE_KEY, "wb")
privHandle.write(private_key.to_bytes())
privHandle.close()
def generate_key(prefix):
""" generate a private key """
signing_key, verifying_key = ed25519.create_keypair()
filename = prefix + "-secret-key.txt"
open(filename, "wb").write(signing_key.to_bytes())
print('wrote ' + filename)
vkey_hex = verifying_key.to_ascii(encoding="hex")
print(prefix + " public key is", vkey_hex)
return vkey_hex
def main():
for x in range(0, 10):
sk, vk = ed25519.create_keypair(entropy=os.urandom)
vk = sk.get_verifying_key()
message = bytes(bytearray(os.urandom(1000)))
signature = sk.sign(message)
verify(signature, vk, message)
newSignature = generateNewSignature(signature)
verify(newSignature, vk, message)
def randomByRandom(self):
# os.urandom(32)
signing_key, verifying_key = ed25519.create_keypair(entropy=os.urandom)
# print signing_key.to_ascii(encoding="hex")
# print len(signing_key.to_seed())
vk = signing_key.get_verifying_key()
self.rawPrivateKey = signing_key.to_seed()
rawPublicKey = vk.to_ascii(encoding="hex")
self.rawPublicKey = self.to_ascii(rawPublicKey)
def setup(self):
super().setup()
if self.cnf.newprivatekey:
if self.cnf.privatekey:
self.logger.critical("Either generate a new key; or set one. Not both. Aborting.")
sys.exit(1);
privatekey, publickey = ed25519.create_keypair()
if self.cnf.privatekeyfile:
if os.path.isfile(self.cnf.privatekeyfile):
self.logger.critical("Refusing to overwrite existing private key. Aborting.")
sys.exit(1);
if 32 != open(self.cnf.privatekeyfile,"wb").write(privatekey.to_seed()):
self.logger.critical("Failed to write the newly generated privatekeyfile. Aborting.");
sys.exit(1);
self.logger.info("Wrote out newly generated private key");
else:
self.logger.info("Using empheral private key");
self.cnf.privatekey = base64.b64encode(privatekey.to_seed())
if self.cnf.privatekey:
seed = base64.b64decode(self.cnf.privatekey)
if len(seed) != 32:
self.logger.critical("Command line private key not exactly 32 bytes. aborting.");
sys.exit(1);
self.cnf.privatekey = ed25519.SigningKey(seed)
else:
if self.cnf.privatekeyfile:
seed = open(self.cnf.privatekeyfile,"rb").read(32)
if len(seed) != 32:
self.logger.critical("Private key in file is not exactly 32 bytes. aborting.");
sys.exit(1);
else:
self.logger.critical("No seed (private key).");
sys.exit(1);
self.cnf.privatekey = ed25519.SigningKey(seed)
if self.cnf.tofconly and not self.cnf.privatekey:
self.logger.critical("No private key - cannot do TOFC . Aborting.")
sys.exit(1);
if self.cnf.trustdb:
if not self.load_pkdb():
sys.exit(1);
self.cnf.publickey = self.cnf.privatekey.get_verifying_key()
self.pubkeys[ self.cnf.node ] = self.cnf.publickey
self.session_priv = curve.generatePrivateKey(Random.new().read(32));
self.session_pub = curve.generatePublicKey(self.session_priv);
def keypair():
"""
Create Key pair
Returns: bytes, bytes
"""
sk, pk = ed25519.create_keypair()
return sk.to_bytes(), pk.to_bytes()
def generate_messenger_pubkeys(n):
pubkeys = []
for i in range(n):
pct = math.ceil(i * 100 / n)
sys.stdout.write("\rGenerating pubkey: %i%% " % pct)
sys.stdout.flush()
_, verifying_key = ed25519.create_keypair()
pubkeys.append(verifying_key.to_ascii(encoding="hex").decode('ascii'))
return pubkeys
def main():
"""Temp test, not to be used"""
signing_key, verifying_key = ed25519.create_keypair()
print(
"Original private key",
ByteUtil.bytes_as_string_with_dashes(signing_key.to_bytes()[:32]))
# signing key has signing + verifying, we keep the first 32 to only get the private part.
print("Original public key",
ByteUtil.bytes_as_string_with_dashes(verifying_key.to_bytes()))
def create_key_pair():
"""
Creates a new secret/private and public key pair.
:return: tuple of secret/private and public keys
"""
sk, vk = ed25519.create_keypair()
return str(sk.to_ascii(encoding="hex"),
encoding='UTF-8'), str(vk.to_ascii(encoding="hex"),
encoding='UTF-8')
def __initByType(self, keyType):
if keyType == KeyType.ED25519:
sk, vk = ed25519.create_keypair(urandom)
self.__keyMember.setRawSKey(sk.to_seed())
rawPKey = self.getPublicKey(self.__keyMember)
self.publicKey.setRawPublicKey(rawPKey)
else:
pass
self.setKeyType(keyType)
self.publicKey.setKeyType(keyType)
def create_key():
'''
Generates a long-term key pair.
Returns:
priv (bytes): A base64 encoded ed25519 private key.
publ (bytes): A base64 encoded ed25519 public key.
'''
priv, publ = ed25519.create_keypair()
return base64.b64encode(priv.to_bytes()), \
base64.b64encode(publ.to_bytes())
def test_keypair(self):
sk, vk = ed25519.create_keypair()
self.failUnless(isinstance(sk, ed25519.SigningKey), sk)
self.failUnless(isinstance(vk, ed25519.VerifyingKey), vk)
sk2, vk2 = ed25519.create_keypair()
self.failIfEqual(hexlify(sk.to_bytes()), hexlify(sk2.to_bytes()))
# you can control the entropy source
def not_so_random(length):
return b"4"*length
sk1, vk1 = ed25519.create_keypair(entropy=not_so_random)
self.failUnlessEqual(sk1.to_ascii(encoding="base64"),
b"NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ")
self.failUnlessEqual(vk1.to_ascii(encoding="base64"),
b"6yzxO/euOl9hQWih+wknLTl3HsS4UjcngV5GbK+O4WM")
sk2, vk2 = ed25519.create_keypair(entropy=not_so_random)
self.failUnlessEqual(sk1.to_ascii(encoding="base64"),
sk2.to_ascii(encoding="base64"))
self.failUnlessEqual(vk1.to_ascii(encoding="base64"),
vk2.to_ascii(encoding="base64"))
def test_keypair(self):
sk, vk = ed25519.create_keypair()
self.failUnless(isinstance(sk, ed25519.SigningKey), sk)
self.failUnless(isinstance(vk, ed25519.VerifyingKey), vk)
sk2, vk2 = ed25519.create_keypair()
self.failIfEqual(hexlify(sk.to_bytes()), hexlify(sk2.to_bytes()))
# you can control the entropy source
def not_so_random(length):
return "4"*length
sk1, vk1 = ed25519.create_keypair(entropy=not_so_random)
self.failUnlessEqual(sk1.to_ascii(encoding="base64"),
"NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ")
self.failUnlessEqual(vk1.to_ascii(encoding="base64"),
"6yzxO/euOl9hQWih+wknLTl3HsS4UjcngV5GbK+O4WM")
sk2, vk2 = ed25519.create_keypair(entropy=not_so_random)
self.failUnlessEqual(sk1.to_ascii(encoding="base64"),
sk2.to_ascii(encoding="base64"))
self.failUnlessEqual(vk1.to_ascii(encoding="base64"),
vk2.to_ascii(encoding="base64"))
def generate_key():
"""
To generate ed25519 key pair, and use verifying_key as api_token.
:return:
"""
signing_key, verifying_key = ed25519.create_keypair()
# open("my-secret-key","wb").write(signing_key.to_bytes())
vkey_hex = verifying_key.to_ascii(encoding="hex").decode()
# print("the public key is", str(vkey_hex))
return vkey_hex
def _create_key_pair(seed=None):
if seed is not None:
if len(seed) > 32:
raise Exception('max seed length is 32')
seed = seed.encode('utf-8')
kwargs = {}
if seed is not None:
kwargs['entropy'] = lambda x: seed.ljust(32)
return ed25519.create_keypair(**kwargs)
def __init__(self,
display_name,
aid=None,
mac=None,
pincode=None,
iid_manager=None,
setup_id=None):
"""Initialise with the given properties.
:param display_name: Name to be displayed in the Home app.
:type display_name: str
:param aid: The accessory ID, uniquely identifying this accessory.
`Accessories` that advertised on the network must have the
standalone AID. Defaults to None, in which case the `AccessoryDriver`
will assign the standalone AID to this `Accessory`.
:type aid: int
:param mac: The MAC address of this `Accessory`, needed by HAP clients.
Defaults to None, in which case the `AccessoryDriver`
will assign a random MAC address to this `Accessory`.
:type mac: str
:param pincode: The pincode that HAP clients must prove they know in order
to pair with this `Accessory`. Defaults to None, in which case a random
pincode is generated. The pincode has the format "xxx-xx-xxx", where x is
a digit.
:type pincode: bytearray
:param setup_id: Setup ID can be provided, although, per spec, should be random
every time the instance is started. If not provided on init, will be random.
4 digit string 0-9 A-Z
:type setup_id: str
"""
self.display_name = display_name
self.aid = aid
self.mac = mac
self.config_version = 2
self.reachable = True
self._pincode = pincode
self._setup_id = setup_id
self.broker = None
# threading.Event that gets set when the Accessory should stop.
self.run_sentinel = None
sk, vk = ed25519.create_keypair()
self.private_key = sk
self.public_key = vk
self.paired_clients = {}
self.services = []
self.iid_manager = iid_manager or IIDManager()
self._set_services()
def make_keys(self, overwrite=False):
"""Makes public and private keys for signing and verification
Kwargs:
overwrite (bool): Determines if existing keys are overwritten
"""
# Makes a set of private and public keys
# Used for authentication
log.debug(u'Making keys')
self.privkey, self.pubkey = ed25519.create_keypair()
self._write_keys_to_file(overwrite)
async def login(websocket, session):
assert not session
username = await aioconsole.ainput('Username: '******'Password: '******'login', [username, password, session_key])
session.append(private_key)
def test_import_sign(self):
s_key, v_key = ed25519.create_keypair()
key = AsymmetricKey.put(self.session, 0, 'Test Ed25519', 0xffff,
CAPABILITY.SIGN_EDDSA,
load_ed25519_private_key(s_key.to_seed()))
data = os.urandom(129)
sig = key.sign_eddsa(data)
v_key.verify(sig, data)
self.assertEqual(sig, s_key.sign(data))
pub = key.get_public_key()
self.assertEqual(v_key.to_bytes(), serialize_ed25519_public_key(pub))
key.delete()
def make_keys(self, overwrite=False):
"""Makes public and private keys for signing and verification
Kwargs:
overwrite (bool): Determines if existing keys are overwritten
"""
# Makes a set of private and public keys
# Used for authentication
log.debug(u'Making keys')
self.privkey, self.pubkey = ed25519.create_keypair()
self._write_keys_to_file(overwrite)
def ed25519_generate_key_pair():
"""
Generate a new key pair and return the pair encoded in base58
"""
sk, vk = ed25519.create_keypair()
# Private key
private_value_base58 = Ed25519SigningKey(base58.b58encode(sk.to_bytes())).to_ascii()
# Public key
public_value_compressed_base58 = Ed25519VerifyingKey(base58.b58encode(vk.to_bytes())).to_ascii()
return private_value_base58, public_value_compressed_base58
def generate_signing(signing_key, verifying_key, passphrase=None):
# Generate the keys
sk, vk = ed25519.create_keypair()
# TODO: Encrypt the private key (like passphrase -> key, and AES)
# signing_key: private part, verifying_key: public part
with open(verifying_key, 'wt') as pubfile, open(signing_key,
'wt') as privfile:
pubfile.write(vk.to_bytes().hex())
privfile.write(sk.to_bytes().hex())
def generate_key(cls, level, expiration_ms=None):
signing_key, verifying_key = ed25519.create_keypair()
expires_at_ms = None
if expiration_ms:
expires_at_ms = int(round(time.time() * 1000)) + expiration_ms
return cls(
verifying_key=verifying_key,
signing_key=signing_key,
level=level,
expires_at_ms=expires_at_ms
)
def __init__(self, port, keypair_seed):
self.socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
self.socket.bind(("", port))
self.socket.settimeout(0.05)
self.public_key, self.private_key = ed25519.create_keypair(keypair_seed)
self.certificate_requests = {}
self.accounts = {
"nightcracker": (0, binascii.unhexlify("f3b2ae5cb5032ae47c72de331d7dd674914716bd")),
"orpheon": (1, binascii.unhexlify("fae11bb38d7fe48dced1a0c070d4c6efafeae931"))
}
def gen_key(self):
priv, verifying_key = ed25519.create_keypair()
print(verifying_key)
vkey_hex = verifying_key.to_ascii(encoding="hex")
s = open('.env').read()
s = s.replace("GATE_PUB_KEYS=", "GATE_PUB_KEYS="+vkey_hex)
f = open('.env', 'w')
f.write(s)
f.close()
self.get_env()
open(os.environ['GATE_SEED_PATH'],"wb").write(priv.to_bytes())
vkey = os.environ['GATE_PUB_KEYS'].split(',')[0]
print "the public key is", vkey
def create_node(so, stdout=sys.stdout, stderr=sys.stderr):
basedir = so["basedir"]
if os.path.exists(basedir):
print >>stderr, "basedir '%s' already exists, refusing to touch it" % basedir
return 1
os.mkdir(basedir)
sqlite, db = database.get_db(os.path.join(basedir, "toolbed.db"), stderr)
c = db.cursor()
c.execute("INSERT INTO node (webport) VALUES (?)", (so["webport"],))
c.execute("INSERT INTO services (name) VALUES (?)", ("client",))
sk,vk = ed25519.create_keypair()
sk_s = sk.to_ascii(prefix="sk0", encoding="base32")
vk_s = vk.to_ascii(prefix="vk0", encoding="base32")
c.execute("INSERT INTO `client_config`"
" (`privkey`, `pubkey`, `relay_location`) VALUES (?,?,?)",
(sk_s, vk_s, so["relay"]))
c.execute("INSERT INTO `client_profile`"
" (`name`, `icon_data`) VALUES (?,?)",
("",""))
db.commit()
print >>stdout, "node created in %s" % basedir
return 0
def test_prefix(self):
sk1,vk1 = ed25519.create_keypair()
PREFIX = "private0-"
p = sk1.to_bytes(PREFIX)
# that gives us a binary string with a prefix
self.failUnless(p.startswith(PREFIX), repr(p))
sk2 = ed25519.SigningKey(p, prefix=PREFIX)
self.failUnlessEqual(sk1, sk2)
self.failUnlessEqual(repr(sk1.to_bytes()), repr(sk2.to_bytes()))
self.failUnlessRaises(ed25519.BadPrefixError,
ed25519.SigningKey, p, prefix="WRONG-")
# SigningKey.to_seed() can do a prefix too
p = sk1.to_seed(PREFIX)
self.failUnless(p.startswith(PREFIX), repr(p))
sk3 = ed25519.SigningKey(p, prefix=PREFIX)
self.failUnlessEqual(sk1, sk3)
self.failUnlessEqual(repr(sk1.to_bytes()), repr(sk3.to_bytes()))
self.failUnlessRaises(ed25519.BadPrefixError,
ed25519.SigningKey, p, prefix="WRONG-")
# verifying keys can do this too
PREFIX = "public0-"
p = vk1.to_bytes(PREFIX)
self.failUnless(p.startswith(PREFIX), repr(p))
vk2 = ed25519.VerifyingKey(p, prefix=PREFIX)
self.failUnlessEqual(vk1, vk2)
self.failUnlessEqual(repr(vk1.to_bytes()), repr(vk2.to_bytes()))
self.failUnlessRaises(ed25519.BadPrefixError,
ed25519.VerifyingKey, p, prefix="WRONG-")
# and signatures
PREFIX = "sig0-"
p = sk1.sign("msg", PREFIX)
self.failUnless(p.startswith(PREFIX), repr(p))
vk1.verify(p, "msg", PREFIX)
self.failUnlessRaises(ed25519.BadPrefixError,
vk1.verify, p, "msg", prefix="WRONG-")
def _new_key(self):
sk, vk = ed25519.create_keypair()
return sk
import ed25519
import base64
private_key, public_key = ed25519.create_keypair()
message = b"Ok to open that door."
print(base64.b64encode(private_key.to_seed()).decode('ASCII'))
print(base64.b64encode(public_key.to_bytes()).decode('ASCII'))
print(base64.b64encode(private_key.sign(message)).decode('ASCII'))
def _create_key(self):
sk, vk = ed25519.create_keypair()
self._store_key(sk)
'meta_service': 'http://meta.openmedialibrary.com/api/',
'release_url': 'http://downloads.openmedialibrary.com/release.json',
}
for key in server_defaults:
if key not in server:
server[key] = server_defaults[key]
release = pdict(os.path.join(config_path, 'release.json'))
if os.path.exists(key_path):
with open(key_path, 'rb') as fd:
sk = ed25519.SigningKey(fd.read())
vk = sk.get_verifying_key()
else:
sk, vk = ed25519.create_keypair()
with open(key_path, 'wb') as fd:
os.chmod(key_path, 0o600)
fd.write(sk.to_bytes())
os.chmod(key_path, 0o400)
USER_ID = get_user_id(ssl_key_path, ssl_cert_path)
OLD_USER_ID = vk.to_ascii(encoding='base64').decode()
OML_UPDATE_KEY='K55EZpPYbP3X+3mA66cztlw1sSaUMqGwfTDKQyP2qOU'
if 'modules' in release and 'openmedialibrary' in release['modules']:
MINOR_VERSION = release['modules']['openmedialibrary']['version']
else:
MINOR_VERSION = 'git'
def manage_certificate(self):
if self.certificate is None and (time.time() - self.last_certificate_request_time) > 5.0:
self.last_certificate_request_time = time.time()
self.last_certificate_request_nonce = os.urandom(32)
self.last_certificate_request_public_key, self.last_certificate_request_private_key = ed25519.create_keypair(ed25519.create_seed())
message = self.last_certificate_request_nonce
message += struct.pack("32p", self.username)
message += self.last_certificate_request_public_key
self.socket.sendto(CERT_REQUEST_INIT + message, self.ca_address)
