p = key.p q = key.q n = key.n binPrivKey = key.exportKey('DER') binPubKey = key.publickey().exportKey('DER') print 'Done' print print 'RSA p value =', repr(p) print 'RSA q value =', repr(q) print 'RSA n value =', repr(n) print print 'Initialize OnlyKey client...' ok = OnlyKey() print 'Done' print time.sleep(2) ok.read_string(timeout_ms=100) empty = 'a' while not empty: empty = ok.read_string(timeout_ms=100) print 'You should see your OnlyKey blink 3 times' print print 'Setting RSA private...'
bob_private_key = bob.get_privkey() alice_public_key = alice.get_pubkey() bob_public_key = bob.get_pubkey() alice_private_key = alice.get_privkey() print("Bob's private key: ", hexlify(bob_private_key)) print("Bob's public key: ", hexlify(bob_public_key)) print() print("Alices's private key: ", hexlify(alice_private_key)) print("Alices's public key: ", hexlify(alice_public_key)) print() print() print('Initialize OnlyKey client...') ok = OnlyKey() print('Done') print() time.sleep(2) ok.read_string(timeout_ms=100) empty = 'a' while not empty: empty = ok.read_string(timeout_ms=100) print('You should see your OnlyKey blink 3 times') print() print('Setting ECC private...') ok.set_ecc_key(101, (2 + 32), bob_private_key)
def __init__(self, curve=formats.CURVE_NIST256): """Connect to hardware device.""" self.device_name = 'OnlyKey' self.ok = OnlyKey() self.curve = curve
#from progressbar import ProgressBar, AnimatedMarker, Timer, Bar, Percentage, Widget import pgpy from pgpy import PGPKey from pgpy.constants import PubKeyAlgorithm, KeyFlags, HashAlgorithm, SymmetricKeyAlgorithm, CompressionAlgorithm from pgpy.packet.fields import RSAPub, MPI, RSAPriv from pgpy.packet.packets import PubKeyV4, PrivKeyV4 from datetime import timedelta import binascii from onlykey import OnlyKey, Message ok = OnlyKey() def custRSAPub(n, e): res = RSAPriv() res.n = MPI(n) res.e = MPI(e) return res def custPubKeyV4(custkey): res = PrivKeyV4() res.pkalg = PubKeyAlgorithm.RSAEncryptOrSign res.keymaterial = custkey res.update_hlen() return res
class Client(object): """Client wrapper for SSH authentication device.""" def __init__(self, curve=formats.CURVE_NIST256): """Connect to hardware device.""" self.device_name = 'OnlyKey' self.ok = OnlyKey() self.curve = curve def __enter__(self): """Start a session, and test connection.""" self.ok.read_string(timeout_ms=50) empty = 'a' while not empty: empty = self.ok.read_string(timeout_ms=50) return self def __exit__(self, *args): """Forget PIN, shutdown screen and disconnect.""" log.info('disconnected from %s', self.device_name) self.ok.close() def get_identity(self, label, index=0): """Parse label string into Identity protobuf.""" identity = string_to_identity(label) identity['proto'] = 'ssh' identity['index'] = index print 'identity', identity return identity def get_public_key(self, label): log.info('getting public key from %s...', self.device_name) log.info('Trying to read the public key...') # Compute the challenge pin h = hashlib.sha256() h.update(label) data = h.hexdigest() if self.curve == formats.CURVE_NIST256: data = '02' + data else: data = '01' + data data = data.decode("hex") log.info('Identity hash =%s', repr(data)) self.ok.send_message(msg=Message.OKGETPUBKEY, slot_id=132, payload=data) time.sleep(.5) for _ in xrange(2): ok_pubkey = self.ok.read_bytes(64, to_str=True, timeout_ms=10) if len(ok_pubkey) == 64: break log.info('received= %s', repr(ok_pubkey)) if len(set(ok_pubkey[34:63])) == 1: ok_pubkey = ok_pubkey[0:32] log.info('Received Public Key generated by OnlyKey= %s', repr(ok_pubkey)) vk = ed25519.VerifyingKey(ok_pubkey) return formats.export_public_key(vk=vk, label=label) else: ok_pubkey = ok_pubkey[0:64] log.info('Received Public Key generated by OnlyKey= %s', repr(ok_pubkey)) vk = ecdsa.VerifyingKey.from_string(ok_pubkey, curve=ecdsa.NIST256p) return formats.export_public_key(vk=vk, label=label) def sign_ssh_challenge(self, label, blob): """Sign given blob using a private key, specified by the label.""" msg = _parse_ssh_blob(blob) log.debug('%s: user %r via %r (%r)', msg['conn'], msg['user'], msg['auth'], msg['key_type']) log.debug('nonce: %s', binascii.hexlify(msg['nonce'])) log.debug('fingerprint: %s', msg['public_key']['fingerprint']) log.debug('hidden challenge size: %d bytes', len(blob)) # self.ok.send_large_message(payload=blob, msg=Message.OKSIGNSSHCHALLENGE) log.info('please confirm user "%s" login to "%s" using %s', msg['user'], label, self.device_name) h1 = hashlib.sha256() h1.update(label) data = h1.hexdigest() data = data.decode("hex") test_payload = blob + data # Compute the challenge pin h2 = hashlib.sha256() h2.update(test_payload) d = h2.digest() assert len(d) == 32 def get_button(byte): ibyte = ord(byte) return ibyte % 6 + 1 b1, b2, b3 = get_button(d[0]), get_button(d[15]), get_button(d[31]) log.info('blob to send', repr(test_payload)) # Determine type of key to derive on OnlyKey for signature # 201 = ed25519 # 202 = P256 # 203 = secp256k1 keytype = msg['key_type'] if msg['key_type'].startswith('ssh-ed25519'): this_slot_id = 201 log.info('Key type ed25519') elif msg['key_type'].startswith('ecdsa-sha2-nistp256'): this_slot_id = 202 log.info('Key type P256') else: this_slot_id = 203 log.info('Key type secp256k1') self.ok.send_large_message2(msg=Message.OKSIGNCHALLENGE, payload=test_payload, slot_id=this_slot_id) #TODO ping messages so that we don't need enter key to tell when done. print 'Please confirm user', msg[ 'user'], 'login to', label, 'using', self.device_name print( 'Enter the 3 digit challenge code shown below on OnlyKey to authenticate' ) print '{} {} {}'.format(b1, b2, b3) raw_input() for _ in xrange(10): result = self.ok.read_bytes(64, to_str=True, timeout_ms=200) if len(result) >= 60: log.info('received= %s', repr(result)) while len(result) < 64: result.append(0) log.info('disconnected from %s', self.device_name) self.ok.close() return result raise Exception('failed to sign challenge')
class Backend(Enum): OpenSSL = openssl.backend global ok ok = OnlyKey()
from onlykey import OnlyKey, Message print 'Generating a new ed25519 key pair...' privkey, pubkey = ed25519.create_keypair(entropy=os.urandom) print 'Done' print print 'privkey=', repr(privkey.to_seed()) print 'privkey hex=', ''.join([c.encode('hex') for c in privkey.to_seed()]) print 'pubkey=', repr(pubkey.to_bytes()) print 'pubkey hex=', pubkey.to_ascii(encoding='hex') print print print 'Initialize OnlyKey client...' ok = OnlyKey() print 'Done' print time.sleep(2) ok.read_string(timeout_ms=100) empty = 'a' while not empty: empty = ok.read_string(timeout_ms=100) print 'You should see your OnlyKey blink 3 times' print print 'Setting SSH private...' ok.set_ecc_key(101, (1 + 64), privkey.to_seed())
import hashlib import time import os from Crypto.Cipher import PKCS1_v1_5 from Crypto.PublicKey import RSA from Crypto.Hash import SHA from Crypto.Random import get_random_bytes from Crypto import Random import binascii from onlykey import OnlyKey, Message print('Initialize OnlyKey client...') ok = OnlyKey() print('Done') print() time.sleep(2) ok.read_string(timeout_ms=100) empty = 'a' while not empty: empty = ok.read_string(timeout_ms=100) time.sleep(1) print('You should see your OnlyKey blink 3 times') print() print('Enter RSA slot number to use for decryption (1 - 4)')
to "\xbf\xcd\xce\xa0K\x93\x85}\xf0\x18\xb3\xd3L}\x14\xdb\xce0\x00uE,\x05'\xeeW\x1c\xeb\xcf\x8b\x1f\xcc\xc5\xc1\xe2\x17\xb7\xa3\xb6C\x16\xea?\xcchz\xebF1\xb7\xb1\x86\xb8\n}\x82\xebx\xce\x1b\x13\xdf\xdb\x19" it seems to be want you wanted? it's 64 bytes. """ h = '%x' % n s = ('0' * (len(h) % 2) + h).decode('hex') return s print('Done') print() print('RSA p value =', repr(pack_long(p))) print('RSA q value =', repr(pack_long(q))) print('RSA n value =', repr(pack_long(n))) print() print('Initialize OnlyKey client...') ok = OnlyKey() print('Done') print() time.sleep(2) ok.read_string(timeout_ms=100) empty = 'a' while not empty: empty = ok.read_string(timeout_ms=100) print('You should see your OnlyKey blink 3 times') print() print('Setting SSH private...')