def decrypt(cls, token: bytes, key: bytes) -> dict: parts = token.split(b'.') footer = b'' if len(parts) == 4: encoded_footer = parts[-1] footer = b64decode(encoded_footer) header_len = len(cls.local_header) header = token[:header_len] token_version = token[:2] if not secrets.compare_digest(token_version, cls.version): raise InvalidVersionException('not a v2 token') if not secrets.compare_digest(header, cls.local_header): raise InvalidPurposeException('not a v2.local token') decoded = b64decode(parts[2]) nonce = decoded[:pysodium.crypto_aead_xchacha20poly1305_ietf_NPUBBYTES] ciphertext = decoded[pysodium.crypto_aead_xchacha20poly1305_ietf_NPUBBYTES:] plaintext = pysodium.crypto_aead_xchacha20poly1305_ietf_decrypt( ciphertext=ciphertext, ad=pre_auth_encode(header, nonce, footer), nonce=nonce, key=key ) return { 'message': plaintext, 'footer': footer if footer else None }
def test_aead_xchacha20poly1305_ietf(self): if not pysodium.sodium_version_check(1, 0, 12): return key = binascii.unhexlify(b"4290bcb154173531f314af57f3be3b5006da371ece272afa1b5dbdd1100a1007") input_ = binascii.unhexlify(b"86d09974840bded2a5ca") nonce = binascii.unhexlify(b"cd7cf67be39c794acd7cf67bcd7cf67be39c794acd7cf67b") for ad in [binascii.unhexlify(b"87e229d4500845a079c0"), None]: output = pysodium.crypto_aead_xchacha20poly1305_ietf_encrypt(input_, ad, nonce, key) output = pysodium.crypto_aead_xchacha20poly1305_ietf_decrypt(output, ad, nonce, key) self.assertEqual(output, input_)
def decrypt(ciphertext: bytes, key: bytes): if not secrets.compare_digest(ciphertext[:5], MAGIC_HEADER): raise Exception('Invalid ciphertext header') decoded = base64.urlsafe_b64decode(ciphertext[5:]) if len(decoded) < NONCE_SIZE + 16: raise Exception('Message is too short') nonce = decoded[0:NONCE_SIZE] encrypted = decoded[NONCE_SIZE:] decrypted = pysodium.crypto_aead_xchacha20poly1305_ietf_decrypt( ciphertext=encrypted, ad=nonce, nonce=nonce, key=key, ) return decrypted
def get_pdf(modeladmin, request, queryset): documents = [] response = HttpResponse(content_type="application/pdf") for wallet in queryset.all(): encryption_key = bytes.fromhex(settings.ENCRYPTION_KEY) nonce = pysodium.randombytes(pysodium.crypto_secretbox_NONCEBYTES) pk = pysodium.crypto_aead_xchacha20poly1305_ietf_encrypt( wallet.private_key.encode('UTF-8'), None, nonce, encryption_key) decrypted_pk = pysodium.crypto_aead_xchacha20poly1305_ietf_decrypt( pk, None, nonce, encryption_key) payload = { 'nonce': nonce.hex(), 'id': wallet.wallet_id, 'pk': pk.hex() } qr_code = pyqrcode.create(json.dumps(payload), error='M') template = get_template('wallet/paper_wallet_pdf.html') html = template.render( { 'image': qr_code.png_as_base64_str(scale=5), 'logo': settings.STATIC_ROOT + '/wallet/ecoo_logo_bw.png', 'wetzikon_bw': settings.STATIC_ROOT + '/wallet/wetzikon_bw.png' }, request) # .encode(encoding="UTF-8") documents.append( weasyprint.HTML( string=html, base_url=request.build_absolute_uri()).write_pdf( target=response, presentational_hints=True, stylesheets=[ CSS(settings.STATIC_ROOT + '/wallet/print.css') ])) return response