def load_key(self, filename):
"""
Load signing key (from pem file)
"""
default_sk = SigningKey.from_pem(keys_default_pem)
with open(filename, "r") as sk_file:
sk_pem = sk_file.read()
self.sk = SigningKey.from_pem(sk_pem)
sk_hex = "".join(c.encode('hex') for c in self.sk.to_string())
return default_sk.to_string() == self.sk.to_string()
def doAuthenticate(self, msg):
if len(msg.args) == 1 and msg.args[0] == '+':
log.info('%s: Authenticating using SASL.', self.network)
if self.sasl == 'external':
authstring = '+'
elif self.sasl == 'ecdsa-nist256p-challenge':
authstring = base64.b64encode(
self.sasl_username.encode('utf-8')).decode('utf-8')
elif self.sasl == 'plain':
authstring = base64.b64encode('\0'.join([
self.sasl_username,
self.sasl_username,
self.sasl_password
]).encode('utf-8')).decode('utf-8')
self.queueMsg(ircmsgs.IrcMsg(command='AUTHENTICATE', args=(authstring,)))
elif (len(msg.args) == 1 and msg.args[0] != '+' and
self.sasl == 'ecdsa-nist256p-challenge'):
try:
private_key = SigningKey.from_pem(open(self.sasl_ecdsa_key).
read())
authstring = base64.b64encode(
private_key.sign(base64.b64decode(msg.args[0].encode()))).decode('utf-8')
except (BadDigestError, OSError, ValueError) as e:
authstring = "*"
self.queueMsg(ircmsgs.IrcMsg(command='AUTHENTICATE', args=(authstring,)))
def sign_subscription(signatory, subscription, private_key_string, public_key_string):
"""
sign a subscription (deep hash of criteria, signatory, signature timestamp, public key)
param signatory: Name or identifier of the signing party (the caller)
param subscription: all fields of subscription signed
param private_key_string: private key used for generating signature
param public_key_string: hashed and inserted into signature block for later validation
"""
ecdsa_signing_key = SigningKey.from_pem(private_key_string)
signature_ts = int(time.time())
hashed_items = []
# append criteria for hashing
hashed_items.append(deep_hash(subscription['criteria']))
# append sub create timestamp for hashing
hashed_items.append(subscription['create_ts'])
hashed_items.append(signatory)
hashed_items.append(signature_ts)
hashed_items.append(public_key_string)
verification_hash = final_hash(hashed_items)
signature = ecdsa_signing_key.sign(verification_hash)
digest = signature.encode('base64')
signature_block = assemble_sig_block(subscription, signatory, public_key_string, digest, verification_hash, signature_ts)
return signature_block
def load_private_key(self):
if self.private_key is None:
msg = 'Please, specify the private_key location.'
raise ValueError(msg)
with open(self.private_key, 'rb') as key_file:
return SigningKey.from_pem(key_file.read())
def load(privkeypem):
"""
Load a private key from disk
:param privkeypem:
:return:
"""
with open(privkeypem, "rb") as privfile:
return SigningKey.from_pem(privfile.read())
def test_sign(self):
pem = '-----BEGIN EC PRIVATE KEY-----\nMHQCAQEEICg7E4NN53YkaWuAwpoqjfAofjzKI7Jq1f532dX+0O6QoAcGBSuBBAAK\noUQDQgAEjZcNa6Kdz6GQwXcUD9iJ+t1tJZCx7hpqBuJV2/IrQBfue8jh8H7Q/4vX\nfAArmNMaGotTpjdnymWlMfszzXJhlw==\n-----END EC PRIVATE KEY-----\n'
signed = utils.sign("message", pem)
sk = SigningKey.from_pem(pem)
vk = sk.get_verifying_key()
print(signed)
signed = binascii.unhexlify(signed)
vk.verify(signed, "message".encode(), hashfunc=hashlib.sha256, sigdecode=ecdsaUtil.sigdecode_der)
def __sign_message(cls, key_path, message):
key_data = open(key_path).read()
signing_key = SigningKey.from_pem(key_data)
signature = signing_key.sign(
message,
hashfunc=hashlib.sha256,
sigencode=ecdsa.util.sigencode_der
)
signature = base64.b64encode(signature)
return signature
def __init__(self, **kwargs):
try:
config = kwargs['config']
except KeyError:
client_key = kwargs['client_key']
server_key = kwargs['server_key']
identifier = kwargs['identifier']
try:
url = kwargs['url']
except KeyError:
url = 'https://core.bravecollective.net/api'
else:
client_key = config['CORE_AUTH_PRIVATE_KEY']
server_key = config['CORE_AUTH_PUBLIC_KEY']
identifier = config['CORE_AUTH_IDENTIFIER']
try:
url = config['CORE_AUTH_URL']
except KeyError:
url = 'https://core.bravecollective.net/api'
if isinstance(client_key, SigningKey):
priv = client_key
elif hasattr(client_key, 'read'):
priv_pem = client_key.read()
priv = SigningKey.from_pem(priv_pem)
else:
with open(client_key, 'r') as f:
priv_pem = f.read()
priv = SigningKey.from_pem(priv_pem)
if isinstance(server_key, VerifyingKey):
pub = server_key
elif hasattr(server_key, 'read'):
pub_pem = server_key.read()
pub = VerifyingKey.from_pem(pub_pem)
else:
with open(server_key, 'r') as f:
pub_pem = f.read()
pub = VerifyingKey.from_pem(pub_pem)
self.api = API(url, identifier, priv, pub,
requests_session)
def get_signKey(self, usrID):
"""
Get the user's sign key
Returns:
The sign key
"""
filename = '/opt/stack/swift/swift/common/middleware/sk.key'
with open(filename, 'r') as f:
sign_key = f.read()
return SigningKey.from_pem(sign_key)
def sign_file(args):
from ecdsa import SigningKey
private_key = SigningKey.from_pem(args.signatureKey.read())
message = args.file.read()
name = os.path.basename(args.file.name)
signature = sign(private_key, message)
with open('%s.sig' % name, 'wb') as sign_file:
sign_file.write(signature)
def make_ecc_secure_signature(alg_dir_path, common_head_content, section_content):
first_key_dir = os.path.join(alg_dir_path, r'upg_private_ecc_1.pem')
second_key_dir = os.path.join(alg_dir_path, r'upg_private_ecc_2.pem')
with open(first_key_dir, 'rb') as f:
first_key = SigningKey.from_pem(f.read())
with open(second_key_dir, 'rb') as f:
second_key = SigningKey.from_pem(f.read())
signature_1 = first_key.sign(common_head_content, hashfunc=hashlib.sha256)
signature_2 = second_key.sign(section_content, hashfunc=hashlib.sha256)
signature_1_bin = bytearray(sizeof(upg_ecc_sign))
signature = upg_ecc_sign.from_buffer(signature_1_bin)
signature_1_bin[0:sizeof(signature.r) + sizeof(signature.s)] = signature_1
signature_2_bin = bytearray(sizeof(upg_ecc_sign))
signature = upg_ecc_sign.from_buffer(signature_2_bin)
signature_2_bin[0:sizeof(signature.r) + sizeof(signature.s)] = signature_2
return (signature_1_bin, signature_2_bin)
def load_keys():
'''
Loads the keys from disk or creates a new key pair if that is needed.
'''
if not os.path.isfile(sk_file):
return create_reg_keys()
sk = SigningKey.from_pem(open(sk_file).read())
vk = sk.get_verifying_key()
return sk,vk
def test_sign(self):
pem = '-----BEGIN EC PRIVATE KEY-----\nMHQCAQEEICg7E4NN53YkaWuAwpoqjfAofjzKI7Jq1f532dX+0O6QoAcGBSuBBAAK\noUQDQgAEjZcNa6Kdz6GQwXcUD9iJ+t1tJZCx7hpqBuJV2/IrQBfue8jh8H7Q/4vX\nfAArmNMaGotTpjdnymWlMfszzXJhlw==\n-----END EC PRIVATE KEY-----\n'
signed = utils.sign("message", pem)
sk = SigningKey.from_pem(pem)
vk = sk.get_verifying_key()
print(signed)
signed = binascii.unhexlify(signed)
vk.verify(signed,
"message".encode(),
hashfunc=hashlib.sha256,
sigdecode=ecdsaUtil.sigdecode_der)
def key_import(self, private_keyfile_path, public_keyfile_path):
self.logger.info('key_import(%s, %s)', private_keyfile_path,
public_keyfile_path)
with open(public_keyfile_path, 'r') as f:
self.public_key = VerifyingKey.from_pem(f.read())
with open(private_keyfile_path, 'r') as f:
self.private_key = SigningKey.from_pem(f.read())
self.key_register(self.public_key)
def convert_map_to_token_files(mapfile, keyfile, outfile, method='sign'):
token_map = read_token_map(mapfile)
if method == 'sign':
with open(keyfile) as fh:
signing_key = SigningKey.from_pem(fh.read())
else:
with open(keyfile, 'rb') as fh:
signing_key = fh.read()
with open(outfile, 'wb') as wfh:
convert_map_to_token(token_map, signing_key, wfh, method)
def load_keystore(file_path: str = None, password: str = None):
if file_path and password:
try:
with open(file_path, 'rb') as f:
enc = f.read()
cipher = AESCipher(password.encode())
pem = cipher.decrypt(enc).decode()
private_key = SigningKey.from_pem(pem)
return private_key.to_string()
except Exception as e:
print('Wrong Password')
def importarChavePrivada(self, chave):
try:
if isinstance(chave, io.IOBase):
_arq = open(chave, "rb")
chavePrivada = SigningKey.from_pem(_arq.read())
elif isinstance(chave, str):
chavePrivada = SigningKey.from_string(bytearray.fromhex(chave))
return chavePrivada
except IOError:
print("Arquivo inexistente")
finally:
_arq.close()
def load_keys(self):
# load keys and address from existed files
if os.path.exists('database/pri_key.pem') is not True \
or os.path.exists('database/pub_key.pem') is not True \
or os.path.exists('database/address.pkl') is not True:
self.generate_keys()
else:
self.pri_key = SigningKey.from_pem(open('database/pri_key.pem').read())
self.pub_key = VerifyingKey.from_pem(open('database/pub_key.pem').read())
with open('database/address.pkl', 'rb') as file:
self.address = pickle.load(file)
print ('Current wallet address: %s'%self.address)
def _gen_sig_dct(self, sdkappid, pri_key, identifier, expire=None):
sig_dct = self._create_dct(sdkappid, pri_key, identifier, expire)
fix_str = self._encode_to_fix_str(sig_dct)
pk_loaded = SigningKey.from_pem(pri_key)
sig_field = pk_loaded.sign(fix_str,
hashfunc=hashlib.sha256,
sigencode=util.sigencode_der)
sig_field_base64 = base64.b64encode(sig_field)
sig_dct['TLS.sig'] = sig_field_base64
return sig_dct
def pem_to_privkey(pem):
""" Get private key from given PEM encoded private key format.
Args:
pem (bytes): Private key in base64 encoded PEM format.
Return:
str: Hex encoded 32Byte secret exponent
"""
sk = SigningKey.from_pem(pem)
assert (sk.curve.openssl_name == 'secp256k1')
return b2h(sk.to_string())
def ComputeSignature(file):
sk = SigningKey.from_pem(open(args.privateKey).read())
vk = sk.get_verifying_key()
open("public.pem","w").write(vk.to_pem())
sig = sk.sign(data=ReadMessageForSign(file),hashfunc=hashlib.sha256)
signerHash = hashlib.sha256()
for c in vk.to_string():
signerHash.update(c.encode('hex'))
L = list(signerHash.hexdigest())
signerInfo =""
for x in range(48,64):
signerInfo+=L[x]
return [signerInfo,sig]
def read_sign1_key(keyfile):
try:
key = SigningKey.from_pem(open(keyfile, 'rb').read())
except Exception as e:
signing_key_error = str(e)
try:
key = VerifyingKey.from_pem(open(keyfile, 'rb').read())
except Exception as e:
verifying_key_error = str(e)
msg = 'Bad key file "{}":\n\tpubkey error: {}\n\tprikey error: {}'
raise ValueError(msg.format(keyfile, verifying_key_error, signing_key_error))
def load(path):
with open(path, 'rb') as f:
pem = f.read()
try:
key = RSA.importKey(pem)
if key.n.bit_length() != 2048:
raise Exception("Unsupported RSA bit length, only 2048 supported")
return RSA2048(key)
except ValueError:
key = SigningKey.from_pem(pem)
if key.curve.name != 'NIST256p':
raise Exception("Unsupported ECDSA curve")
return ECDSA256P1(key)
def test_pem():
privkeyfile = "bin/0x2de5c210370daef452eb610af76c3a293ae1661f.pem.save"
with open(privkeyfile) as f:
p = f.read()
print("pem file:", p)
key = SigningKey.from_pem(p)
print("privkey : ", encode_hex(key.to_string()))
ac2 = Account.from_key(encode_hex(key.to_string()))
print("pubkey: ", ac2.publickey)
print("address: ", ac2.address)
toPem = SigningKey.to_pem(key)
print("pem from key", toPem)
def __generate_signature(self):
if os.path.isfile('my_sign_tx'):
with open("my_sign_tx", "r") as f:
self.signature = f.read()
return
line = self.public_key.encode()
sk = SigningKey.from_pem(self.private_key)
self.signature = sk.sign(line).hex()
with open("my_sign_tx", "w+") as f:
f.write(self.signature)
def main():
i = random.randint(1, USER_NO)
# sk_filename = sys.argv[1]
sk_filename = "p" + str(i) + ".pem"
sk = SigningKey.from_pem(open(sk_filename).read())
j = i
while j == i:
j = random.randint(1, USER_NO)
receiver_filename = "p" + str(j) + ".pem"
rec = SigningKey.from_pem(open(receiver_filename).read())
amount = random.randint(1, 20)
vk = sk.get_verifying_key()
sender = base64.b64encode(vk.to_string())
receiver_key = rec.get_verifying_key()
receiver = base64.b64encode(receiver_key.to_string())
txid = uuid.uuid4().hex
timestamp = time.time()
transaction = {
"txid": txid,
"sender": str(sender, encoding="utf-8"),
"receiver": str(receiver, encoding="utf-8"),
"timestamp": timestamp,
"amount": amount
}
print(transaction)
signature = sk.sign(json.dumps(transaction).encode('utf-8'))
data = {
"transaction": transaction,
"signature": str(base64.b64encode(signature), encoding="utf-8")
}
# try:
assert vk.verify(signature, json.dumps(transaction).encode('utf-8'))
db.execute(
"INSERT INTO transactions (data, txid, timestamp) VALUES (%s, %s, %s)",
json.dumps(data), txid, int(timestamp))
def key_import(self, private_keyfile_path, public_keyfile_path):
self.logger.info(
'key_import(%s, %s)',
private_keyfile_path,
public_keyfile_path)
with open(public_keyfile_path, 'r') as f:
self.public_key = VerifyingKey.from_pem(f.read())
with open(private_keyfile_path, 'r') as f:
self.private_key = SigningKey.from_pem(f.read())
self.key_register(self.public_key)
def check_ecc(cert,key_str):
detail = re.findall("\-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-[\w|\W]+?(?:\-\-\-\-\-END CERTIFICATE\-\-\-\-\-)",cert)
u_str = str(uuid.uuid1())
cert_path = "{}.pem".format(u_str)
file_path = "/Application/bermuda/conf/rsa/"+cert_path
with open(file_path,'w') as f_cert:
f_cert.write(detail[0])
pu_key = run_openssl("x509 -outform PEM -in {} -pubkey -noout".format(file_path))
# os.remove(file_path)
sk2 = SigningKey.from_pem(key_str)
vk = VerifyingKey.from_pem(pu_key)
signature = sk2.sign(b"message")
return vk.verify(signature, b"message")
def get_signing_key():
if not os.path.exists(private):
print('Creating private key %r' % private)
sk0 = SigningKey.generate(curve=curve)
with open(private, 'w') as f:
f.write(sk0.to_pem())
vk = sk0.get_verifying_key()
with open(public, 'w') as f:
f.write(vk.to_pem())
pem = open(private).read()
sk = SigningKey.from_pem(pem)
return sk
def init_carte(name, surname):
global compteurparticipant, logger
name = name + " "
surname = surname + " "
namehex = name.encode("UTF-8").hex()
while len(namehex) < 24:
namehex = "0" + namehex
surnamehex = surname.encode("UTF-8").hex()
while len(surnamehex) < 24:
surnamehex = "0" + surnamehex
compteur_participant_hex = "{:x}".format(compteurparticipant)
while len(compteur_participant_hex) < 10:
compteur_participant_hex = "0" + compteur_participant_hex
pin = generatepin()
print("Voici le PIN du Client: " + str(pin))
pinhex = "{:x}".format((int)(pin[:2])) + "{:x}".format((int)(pin[2:]))
while len(str(pinhex)) < 4:
pinhex = "0" + pinhex
# Génération de la pair de clés ECDSA pour signer la carte
# clesecrete = ecdsa.SigningKey.generate(
# curve=ecdsa.NIST256p) # Géneration clé secrete carte
# clesecrete_string = (clesecrete.to_string()).hex()
# clepublic = clesecrete.get_verifying_key() # Génération clé publique carte
# clepubcarte_string = (clepublic.to_string()).hex()
# message = namehex+surnamehex+str(compteurparticipant) # données a signer
# signdata = clesecrete.sign(message.encode("utf-8")) # Exemple signature message
# print("Secret:" + str(signdata))
# file_ = open("secretpubliccarte", 'w')
# file_.write(clepubcarte_string + "\n")
# file_.close()
skcarte = SigningKey.from_pem(open("client/privatecarte.pem").read())
message = namehex + surnamehex + compteur_participant_hex # données a signer
signdata = skcarte.sign(
message.encode("utf-8")) # Exemple signature message
# sktpe = SigningKey.generate() #generation clef privée
# vktpe = sk.get_verifying_key() #génération clef publique
# open("privatetpe.pem","w").write(sk.to_pem())
# open("publictpe.pem","w").write(vk.to_pem())
hex_sign = signdata.hex()
#print(len(pinhex+surnamehex+namehex+compteur_participant_hex+hex_sign))
# reponse = subprocess.check_output(['java', '-jar', '/home/grs/JavaCard/GlobalPlatformPro/gp.jar', '-install',
# '../Festival221.cap', '--param', pinhex+surnamehex+namehex+compteur_participant_hex+hex_sign])
#print(hex_sign)
#print(message)
command = 'java -jar /home/grs/JavaCard/GlobalPlatformPro/gp.jar --install ../Javacard_MSI_P8/Festival221.cap --param ' + pinhex + surnamehex + namehex + compteur_participant_hex + hex_sign
os.system(command)
def sign_firmware_for_version(sk_name,
hex_file,
APPLICATION_END_PAGE,
PAGES=128):
# Maybe this is not the optimal module...
import base64
import binascii
from hashlib import sha256
from ecdsa import SigningKey
from intelhex import IntelHex
sk = SigningKey.from_pem(open(sk_name).read())
fw = open(hex_file, "r").read()
fw = base64.b64encode(fw.encode())
fw = helpers.to_websafe(fw.decode())
ih = IntelHex()
ih.fromfile(hex_file, format="hex")
# start of firmware and the size of the flash region allocated for it.
# TODO put this somewhere else.
START = ih.segments()[0][0]
# keep in sync with targets/stm32l432/src/memory_layout.h
PAGE_SIZE = 2048
END = (0x08000000 + ((PAGES - APPLICATION_END_PAGE) * PAGE_SIZE)) - 8
ih = IntelHex(hex_file)
# segs = ih.segments()
arr = ih.tobinarray(start=START, size=END - START)
im_size = END - START
print("im_size: ", im_size)
print("firmware_size: ", len(arr))
byts = (arr).tobytes() if hasattr(arr, "tobytes") else (arr).tostring()
h = sha256()
h.update(byts)
sig = binascii.unhexlify(h.hexdigest())
print("hash", binascii.hexlify(sig))
sig = sk.sign_digest(sig)
print("sig", binascii.hexlify(sig))
sig = base64.b64encode(sig)
sig = helpers.to_websafe(sig.decode())
# msg = {'data': read()}
msg = {"firmware": fw, "signature": sig}
return msg
def get_key():
# 파일로부터 개인키, 공개키 읽어서 리턴
if (not os.path.exists(PRI_KEY_PATH)):
print("Generate keys...")
generate_key()
if (os.path.exists(PRI_KEY_PATH)):
pri_key = SigningKey.from_pem(
open(PRI_KEY_PATH, encoding='utf-8').read())
pub_key = pri_key.get_verifying_key()
return pri_key, pub_key
return '', ''
def load_keys(btc_addr):
""" Loads an elliptic curve key pair in PEM format from disk. Keys are stored in their proper objects from the ecdsa
python library (SigningKey and VerifyingKey respectively)
:param btc_addr: Bitcoin address associated to the public key of the key pair.
:type btc_addr: str
:return: ecdsa key pair as a tuple.
:rtype: SigningKey, VerifyingKey
"""
sk_pem = open(btc_addr + '/sk.pem', "r").read()
pk_pem = open(btc_addr + '/pk.pem', "r").read()
return SigningKey.from_pem(sk_pem), VerifyingKey.from_pem(pk_pem)
def load(path):
with open(path, 'rb') as f:
pem = f.read()
if len(pem) == 16:
if "AES_CBC" in path:
return AES_CBC(pem)
else:
return AES_GCM(pem)
else:
key = SigningKey.from_pem(pem)
if key.curve.name == 'NIST256p':
return ECDSA256P1(key)
else:
raise Exception("Unsupported")
def get_key_pair():
"""
若保存密钥对的文件存在则从文件中读取秘钥,否则重新生成
:return:
"""
if os.path.exists(Const.PVT_KEY_LOC) and os.path.exists(
Const.PUB_KEY_LOC):
pvt_key = SigningKey.from_pem(open(Const.PVT_KEY_LOC).read())
pub_key = VerifyingKey.from_pem(open(Const.PUB_KEY_LOC).read())
else:
pvt_key, pub_key = Signature.gen_key_pair()
return pvt_key, pub_key
def get_signing_key() -> SigningKey:
if not os.path.exists(private):
print("Creating private key %r" % private)
sk0 = SigningKey.generate(curve=curve)
with open(private, "w") as f:
f.write(sk0.to_pem())
vk = sk0.get_verifying_key()
with open(public, "w") as f:
f.write(vk.to_pem())
with open(private) as f:
pem = f.read()
sk = SigningKey.from_pem(pem)
return cast(SigningKey, sk)
def __post_init__(self):
"""Initialize, Serialize and Sign"""
if isinstance(self._key, bytes):
self._sk = SigningKey.from_pem(self._key)
elif isinstance(self._key, str):
with open(self._key, "rb") as fp:
self._sk = SigningKey.from_pem(fp.read())
else:
raise ValueError(
"_key must be a str with the path or a bytes object with the raw key"
)
self._qs = self.serialize()
self._sig = self.sign()
del self._sk
self._key = None
self.teamId = None
self.keyId = None
self.url = f"{self.BASE_URL}{self._sig}"
del self._sig
def generate_key_pair(self):
separator = "="
key_dir = None
with open("/opt/BarbiE/env.properties") as f:
for line in f:
if separator in line:
name, value = line.split(separator)
if name.strip() == "KEY_PAIR_DIR":
key_dir = value.strip()
pub_key_path = os.path.join(key_dir, "public_key.pem")
priv_key_path = os.path.join(key_dir, "private_key.pem")
if not os.path.exists(pub_key_path):
priv_key = SigningKey.generate(curve=NIST256p)
pub_key = priv_key.get_verifying_key()
open(priv_key_path,"w").write(priv_key.to_pem())
open(pub_key_path,"w").write(pub_key.to_pem())
else:
priv_key = SigningKey.from_pem(open(priv_key_path).read())
pub_key = VerifyingKey.from_pem(open(pub_key_path).read())
pk64 = pub_key.to_string()
pk_x, pk_y = pk64[:len(pk64)/2], pk64[len(pk64)/2:]
hex_priv_key = priv_key.to_string()
hex_sk = hex_priv_key.encode('hex')
pk_x = pk_x.encode('hex')
pk_y = pk_y.encode('hex')
hex_priv_key_out = [hex_sk[i:i + 2]for i in range(0, len(hex_sk), 2)]
pk_x_out = [pk_x[i:i + 2] for i in range(0,len(pk_x), 2)]
pk_y_out = [pk_y[i:i + 2] for i in range(0,len(pk_y), 2)]
pk_x_out.reverse()
pk_y_out.reverse()
pub_key = ""
for i in range(len(pk_x_out)):
pub_key = pub_key + pk_x_out[i]
for i in range(len(pk_y_out)):
pub_key = pub_key + pk_y_out[i]
hex_priv_key_out.reverse()
priv_key = ""
for i in range(len(hex_priv_key_out)):
priv_key = priv_key + hex_priv_key_out[i]
pub_key = base64.b64encode(pub_key + '\0')
priv_key = base64.b64encode(priv_key + '\0')
return pub_key , priv_key
def get_hashes(private_signing_key_file, public_key_files):
hashes = list()
with open(private_signing_key_file, 'r') as fn:
hashes.append(
sha256(
SigningKey.from_pem(
fn.read()).get_verifying_key().to_string()).digest()[:16])
verbose_print("hash: " + hashes[-1].hex())
for fn in public_key_files:
verbose_print("Getting hash of %s" % fn)
with open(fn, 'rb') as f:
hashes.append(
sha256(VerifyingKey.from_pem(
f.read()).to_string()).digest()[:16])
verbose_print("hash: " + hashes[-1].hex())
return hashes
def extract_iat_from_cose(keyfile, tokenfile, keep_going=False):
if keyfile:
try:
sk = SigningKey.from_pem(open(keyfile, 'rb').read())
except Exception as e:
msg = 'Bad key file "{}": {}'
raise ValueError(msg.format(keyfile, e))
else: # no keyfile
sk = None
try:
with open(tokenfile, 'rb') as wfh:
return get_cose_payload(wfh.read(), sk)
except Exception as e:
msg = 'Bad COSE file "{}": {}'
raise ValueError(msg.format(tokenfile, e))
def calculate_signatute(data):
print()
print('--- CALCULATE SIGNATURE ---')
DIR = os.path.dirname(sys.argv[0])
PRIVATE = join(DIR, 'certs', 'ecprivkey.pem')
PUBLIC = join(DIR, 'certs', 'ecpubkey.pem')
sk = SigningKey.from_pem(open(PRIVATE).read(), hashfunc=hashlib.sha256)
vk = VerifyingKey.from_pem(open(PUBLIC).read())
signature = sk.sign(data, hashfunc=hashlib.sha256)
try:
vk.verify(signature, data, hashfunc=hashlib.sha256)
print(" signature ok")
except BadSignatureError:
print("[ERROR] BAD SIGNATURE")
exit(1)
return signature
def send_message(args):
from ecdsa import SigningKey
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import padding
backend = default_backend()
key_size = 2048
message = args.message.read()
public_key = serialization.load_pem_public_key(
args.publicKey.read(),
backend=backend
)
key = generate_key()
key_enc = public_key.encrypt(
key,
padding.OAEP(
mgf=padding.MGF1(algorithm=hashes.SHA1()),
algorithm=hashes.SHA1(),
label=None
)
)
signatureKey = SigningKey.from_pem(args.signatureKey.read())
signature = sign(signatureKey, message)
iv, encrypted = encrypt(key, message + signature)
name = os.path.basename(args.message.name)
with open('%s.enc' % name, 'wb') as output:
output.write(key_enc + iv + encrypted)
def __init__(self):
self.sk = {}
# Loading signature keys to memory
for keyid, private_key in settings.CUP_PEM_KEYS.iteritems():
self.sk[keyid] = SigningKey.from_pem(open(private_key).read())
def sign_verification_record(signatory,
prior_block_hash,
lower_hash,
public_key_string,
private_key_string,
block_id,
phase,
origin_id,
verification_ts,
public_transmission,
verification_info):
"""
Sign a (block) verification record
:param signatory: Name or identifier of the signing party (the caller)
:param prior_block_hash: Hash of the prior block (verification record with the same origin_id, phase, and signatory)
:param lower_hash: Hash of the lower phase verification record
:param public_key_string: hashed and inserted into signature block for later validation
:param private_key_string: private key used for generating signature
:param block_id: Verification record block ID
:param phase: Verification record phase
:param origin_id: ID of the origin node (phase 1 node)
:param verification_ts:
:param public_transmission:
:param verification_info: Phase specific information to be included in the signature
- phase_1: list of approved transactions (dictionaries)
- phase_2: valid_tx ID list, invalid_tx ID list, business ID, deploy_location
- phase_3: phase_2 count, business_diversity list, deploy_loc_diversity list
- phase_4: Nothing (notary function only)
- phase_5: One of:
- transaction
- verification_record
- hash
- arbitrary string
:return: verification record with assembled signature field
"""
ecdsa_signing_key = SigningKey.from_pem(private_key_string)
block_info = {}
signature_ts = int(time.time())
hashed_items = []
# append prior_block_hash and lower_hash
hashed_items.append(prior_block_hash)
hashed_items.append(lower_hash)
# append my signing info for hashing
hashed_items.append(signatory)
hashed_items.append(signature_ts)
hashed_items.append(public_key_string)
# append given info for hashing
hashed_items.append(block_id)
hashed_items.append(phase)
hashed_items.append(origin_id)
hashed_items.append(verification_ts)
# append verification_info hash for hashing
hashed_items.append(deep_hash(verification_info))
verification_hash = final_hash(hashed_items)
signature = ecdsa_signing_key.sign(verification_hash)
digest = signature.encode('base64')
verification_record = {
"verification_ts": int(time.time()),
"block_id": block_id,
"origin_id": origin_id,
"phase": int(phase),
"prior_hash": prior_block_hash,
"lower_hash": lower_hash,
"public_transmission": public_transmission,
"verification_info": verification_info # special phase info
}
assemble_sig_block(verification_record, signatory, public_key_string, digest, verification_hash, signature_ts)
block_info['block_id'] = block_id
block_info['phase'] = int(phase)
block_info['verification_record'] = verification_record
return block_info
def certificateRevocation():
print art
print "\nCertificate Revocation Script - Block SSL\n"
print "In which of your addresses do you still have access? default: [1]\n"
print "\t1. All of the addresses. (Generation, Certificate, Revocation)\n"
print "\t2. Only Certificate address.\n"
print "\t3. Only Revocation address.\n"
print "\t4. Revocation and Generation addresses.\n"
ans = raw_input()
if ans == "1" or ans == "" or ans == " " or ans == "2":
address = open("Cert_Address.txt", "r").read()
address = address.strip()
if address[1] == "x":
address = address.split("0x")[1]
url = "https://api.blockcypher.com/v1/eth/main/addrs/" + address + "/balance"
try:
r = requests.get(url)
balance = r.json()
balance = str(balance)
x = 1
i = 1
final_balance = ""
balance = balance.split("\'final_balance\':")[1]
while x == 1:
if balance[i] == "L" or balance[i] == ",":
x += 1
else:
final_balance = final_balance + balance[i]
i += 1
print "\nYour Certificate address balance is: " + final_balance
final_balance = int(final_balance)
#Opening Generation private key from pem file
if os.path.isfile('./Certificate_Private.pem'):
print "\nCertificate Private Key file exists."
sk = SigningKey.from_pem(open("Certificate_Private.pem").read())
sk_string = sk.to_string()
sk = str(sk_string)
sk = sk.encode("hex")
elif os.path.isfile('./Certificate_Private.pem.enc'):
print "\nCertificate Private Key encoded file exists."
decrypt_file(key, "Certificate_Private.pem.enc")
print "\nDecrypting Certificate Private Key..."
print "Saving to Certificate_Private.pem..."
sk = SigningKey.from_pem(open("Certificate_Private.pem").read())
sk_string = sk.to_string()
sk = str(sk_string)
sk = sk.encode("hex")
else:
print "\nCertificate Private Key does not exist."
print "\nPlease place the .pem file in the script directory.\n"
sys.exit()
except ValueError, e:
raise Exception('Invalid response from Blockcypher.')
if ans == "1" or ans == "" or ans == " ":
recepient_address = open("Gen_Address.txt", "rb").read()
ans3 = raw_input("Which is your revocation reason?\n")
data = "R1: " + ans3
else:
recepient_address = raw_input("Give the address that you want to sent the certificate balance, for revocation purposes:\n")
data = "R2: No access to Generation address"
#todo - check if the address is correct
try:
nonce = 100
gas_price = 10000000000
gas_limit = 22000
value = final_balance
token = "48193195898942febdc67d60316ad204"
recipient_address = recipient_address.strip('\n')
unencoded_tx = rlp.encode(transactions.Transaction(nonce, gas_price, gas_limit, recipient_address, value, data).sign(sk))
signedtx = '0x' + codecs.encode(unencoded_tx, 'hex').decode('utf-8')
os.system("curl -sd \'{\"tx\":\"" + signedtx + "\"}\' https://api.blockcypher.com/v1/eth/main/txs/push?token=" + token)
except Exception:
print "\nNo balance in your Certificate address.\n"
print "If the Certificate address has 0 balance, it has been already been revoced.\n"
def sign_transaction(signatory,
private_key_string,
public_key_string,
transaction,
log=logging.getLogger(__name__)):
"""
Sign a transaction
:param signatory: Name or identifier of the signing party (the caller)
:param private_key_string:
:param public_key_string:
:param transaction: Transaction to sign
:param log:
:return: Transaction with assembled signature field
"""
hashed_items = []
child_signature = None
if "signature" in transaction:
child_signature = transaction["signature"]
log.info("Saving the child signature: %s" % str(child_signature))
# add old signature digest to hash list if there was one
if 'digest' in child_signature:
log.info("Adding signature digest to hash list")
hashed_items.append(child_signature["digest"])
signature_ts = int(time.time())
log.info("Loading private key from string")
ecdsa_signing_key = SigningKey.from_pem(private_key_string)
# add transaction header info to hashed_items
transaction_header = transaction["header"]
for header_key in transaction_header:
if header_key not in non_included_txn_items:
hashed_items.append(transaction_header[header_key])
# append my signing info for hashing
hashed_items.append(signatory)
hashed_items.append(signature_ts)
hashed_items.append(public_key_string)
log.info("Creating stripped hash")
stripped_hash = final_hash(hashed_items)
log.debug("stripped_transaction_hash=%s" % stripped_hash)
# put hashed transaction payload back and append to hashed_items
if transaction["payload"]:
log.info("Hashing payload")
hashed_items.append(deep_hash(transaction["payload"]))
# generate hash with with hashed payload included
log.info("Generating hash")
hash = final_hash(hashed_items)
else:
hash = stripped_hash
# merge stripped_hash and hash to send for signing
log.info("Merging stripped and full hash")
merged_hash = merge_hashes(stripped_hash, hash)
# sign merged hash
log.info("Signing merged hash")
signature = ecdsa_signing_key.sign(str(merged_hash))
log.info("Base64 encoding the signature")
digest = signature.encode('base64')
assemble_sig_block(transaction, signatory, public_key_string, digest, hash, signature_ts, stripped_hash,
child_signature)
return transaction
def certificateUpdate():
print art
print "\nCertificate Update Script - Block SSL\n"
# create a key pair or use the old one
ans = raw_input("Do you have your old keys.key file with your key pair? [Y]es [N]o, default: [Y]\n")
if ans == "n" or ans == "N":
k = crypto.PKey()
k.generate_key(crypto.TYPE_RSA, 4096)
print "Creating a new key pair:"
print "Warning: This is a pseudo-random generation.\n"
else:
print "Place your keys.key file in the scripts directory.\n"
k = crypto.PKey()
with open("keys.key", "r") as k:
k = crypto.load_privatekey(crypto.FILETYPE_PEM, k.read())
# create a self-signed cert
cert = crypto.X509()
createCert(k, cert)
open("certificate.crt", "wt").write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
print "\nCertificate created in file: certificate.crt"
if ans == "n" or ans == "N":
open("keys.key", "wt").write(crypto.dump_privatekey(crypto.FILETYPE_PEM, k))
print "\nKeys saved in file: keys.key\n"
ans2 = raw_input("Do you want to send your certificate to the blockchain? [Y]es [N]o, default: [Y]")
if ans2 == "Y" or ans2 == "y" or ans2 == "" or ans2 == " ":
i = 2
mode = "UC: "
#Hashing of the certificate
f = open("certificate.crt", "rb") #read file in binary mode
fr = f.read()
cert_hash = hashlib.sha256() #use the SHA256 hashing algorithm
cert_hash.update(fr)
data = cert_hash.hexdigest()
nonce = 100
gas_price = 10000000000
gas_limit = 22000
value = 1000000000000000000
token = "48193195898942febdc67d60316ad204"
print "\nYour Certificate hash is: ", data
data = mode + data
print "\nAdding to OP_RETURN..."
#Opening Generation private key from pem file
if os.path.isfile('./Certificate_Private.pem'):
print "\nCertificate Private Key file exists."
sk = SigningKey.from_pem(open("Certificate_Private.pem").read())
sk_string = sk.to_string()
sk = str(sk_string)
sk = sk.encode("hex")
elif os.path.isfile('./Certificate_Private.pem.enc'):
print "\nCertificate Private Key encoded file exists."
decrypt_file(key, "Certificate_Private.pem.enc")
print "\nDecrypting Certificate Private Key..."
print "Saving to Certificate_Private.pem..."
sk = SigningKey.from_pem(open("Certificate_Private.pem").read())
sk_string = sk.to_string()
sk = str(sk_string)
sk = sk.encode("hex")
else:
print "\nCertificate Private Key does not exist."
print "\nPlease place the file in the script directory or run -i option for a new key pair.\n"
sys.exit()
try:
recipient_address = open("Cert_Address.txt", "rb").read()
recipient_address = recipient_address.strip('\n')
unencoded_tx = rlp.encode(transactions.Transaction(nonce, gas_price, gas_limit, recipient_address, value, data).sign(sk))
signedtx = '0x' + codecs.encode(unencoded_tx, 'hex').decode('utf-8')
os.system("curl -sd \'{\"tx\":\"" + signedtx + "\"}\' https://api.blockcypher.com/v1/eth/main/txs/push?token=" + token)
except Exception:
print "\nNo balance in your Certificate address.\n"
print "Please first run the -cc or the -u script.\n"
sys.exit()
nonce = 100
gas_price = 10000000000
gas_limit = 22000
value = final_balance
token = "48193195898942febdc67d60316ad204"
recipient_address = recipient_address.strip('\n')
unencoded_tx = rlp.encode(transactions.Transaction(nonce, gas_price, gas_limit, recipient_address, value, data).sign(sk))
signedtx = '0x' + codecs.encode(unencoded_tx, 'hex').decode('utf-8')
os.system("curl -sd \'{\"tx\":\"" + signedtx + "\"}\' https://api.blockcypher.com/v1/eth/main/txs/push?token=" + token)
except Exception:
print "\nNo balance in your Certificate address.\n"
print "If the Certificate address has 0 balance, it has been already been revoced.\n"
elif ans == "3" or ans == "4":
if os.path.isfile('./Revocation_Private.pem'):
print "\nRevocation Private Key file exists."
sk = SigningKey.from_pem(open("Revocation_Private.pem").read())
sk_string = sk.to_string()
sk = str(sk_string)
sk = sk.encode("hex")
elif os.path.isfile('./Revocation_Private.pem.enc'):
print "\nRevocation Private Key encoded file exists."
decrypt_file(key, "Revocation_Private.pem.enc")
print "\nDecrypting Revocation Private Key..."
print "Saving to Revocation_Private.pem..."
sk = SigningKey.from_pem(open("Revocation_Private.pem").read())
sk_string = sk.to_string()
sk = str(sk_string)
sk = sk.encode("hex")
else:
print "\nRevocation Private Key does not exist."
print "\nPlease place the .pem file in the script directory.\n"
def get_compressed_public_key_from_pem(pem):
vks = SigningKey.from_pem(pem).get_verifying_key().to_string()
bts = binascii.hexlify(vks)
compressed = compress_key(bts)
return compressed
def sign(message, pem):
message = message.encode()
sk = SigningKey.from_pem(pem)
signed = sk.sign(message, hashfunc=hashlib.sha256, sigencode=ecdsaUtil.sigencode_der)
return binascii.hexlify(signed).decode()
