def _write_public_key_file(key_filename, current_time, public_key):
banner = _cert_public_banner.format(current_time)
_create_file_with_mode(key_filename, 0o644)
_write_key_file(key_filename,
banner,
public_key,
secret_key=None,
metadata=None,
encoding='utf-8')
def _write_public_key_file(key_filename, current_time, public_key):
banner = _cert_public_banner.format(current_time)
_create_file_with_mode(key_filename, 0o644)
_write_key_file(key_filename,
banner,
public_key,
secret_key=None,
metadata=None,
encoding='utf-8')
def _write_secret_key_file(key_filename, current_time, public_key, secret_key,
metadata):
banner = _cert_secret_banner.format(current_time)
_create_file_with_mode(key_filename, 0o600)
_write_key_file(key_filename,
banner,
public_key,
secret_key=secret_key,
metadata=metadata,
encoding='utf-8')
def _write_secret_key_file(key_filename, current_time,
public_key, secret_key, metadata):
banner = _cert_secret_banner.format(current_time)
_create_file_with_mode(key_filename, 0o600)
_write_key_file(key_filename,
banner,
public_key,
secret_key=secret_key,
metadata=metadata,
encoding='utf-8')
def add_verifying_key(self, vk: str):
# Convert to bytes if hex string
bvk = bytes.fromhex(vk)
try:
pk = crypto_sign_ed25519_pk_to_curve25519(bvk)
# Error is thrown if the VK is not within the possibility space of the ED25519 algorithm
except RuntimeError:
self.log.error('ED25519 Cryptographic error. The key provided is not within the cryptographic key space.')
return
zvk = z85.encode(pk).decode('utf-8')
_write_key_file(self.cert_dir / f'{vk}.key', banner=_cert_public_banner, public_key=zvk)
def add_verifying_key(self, vk: bytes):
# Convert to bytes if hex string
if isinstance(vk, str):
vk = bytes.fromhex(vk)
try:
pk = crypto_sign_ed25519_pk_to_curve25519(vk)
# Error is thrown if the VK is not within the possibility space of the ED25519 algorithm
except RuntimeError:
print('no go')
return
zvk = z85.encode(pk).decode('utf-8')
_write_key_file(self.cert_dir / f'{vk.hex()}.key',
banner=_cert_public_banner,
public_key=zvk)
def createCertsFromKeys(key_dir,
name,
public_key,
secret_key=None,
metadata=None,
pSuffix='key',
sSuffix='key_secret'):
base_filename = os.path.join(key_dir, name)
secret_key_file = "{}.{}".format(base_filename, sSuffix)
public_key_file = "{}.{}".format(base_filename, pSuffix)
now = datetime.datetime.now()
# print('{} writing {} {} in {}'.format(name, public_key, secret_key, key_dir))
_write_key_file(public_key_file, _cert_public_banner.format(now),
public_key)
_write_key_file(secret_key_file,
_cert_secret_banner.format(now),
public_key,
secret_key=secret_key,
metadata=metadata)
return public_key_file, secret_key_file
def write_key(directory, public_key, secret_key=None):
certs._write_key_file(os.path.join(directory, f'{time.time()}.key'), '',
public_key, secret_key)