# which are the individual ciphertexts. data = msgpack.load(open("heart_data.msgpack", "rb"), raw=False) message_kits = (UmbralMessageKit.from_bytes(k) for k in data['kits']) # The doctor also needs to create a view of the Data Source from its public keys data_source = DataSource.from_public_keys( policy_public_key=policy_pubkey, datasource_public_key=data['data_source'], label=label) # Now he can ask the NuCypher network to get a re-encrypted version of each MessageKit. for message_kit in message_kits: try: start = timer() retrieved_plaintexts = doctor.retrieve( message_kit=message_kit, data_source=data_source, alice_verifying_key=alices_sig_pubkey) end = timer() plaintext = msgpack.loads(retrieved_plaintexts[0], raw=False) # Now we can get the heart rate and the associated timestamp, # generated by the heart rate monitor. heart_rate = plaintext['heart_rate'] timestamp = maya.MayaDT(plaintext['timestamp']) # This code block simply pretty prints the heart rate info terminal_size = shutil.get_terminal_size().columns max_width = min(terminal_size, 120) columns = max_width - 12 - 27 scale = columns / 40
class KMS: def __init__(self, ursula_url, dir_name, passphrase, ipfs_addr='', arweave_wallet_file_path='', federated_only=True, signer_uri='', checksum_address=None, client_password=None, provider_uri='', domain=TEMPORARY_DOMAIN): """ Args: ursula_url (str): ursula url e.g. localhost:11500 dir_name (str): dir_name where account files will be stored in tmp directory passphrase (str): passphrase for account ipfs_addr (str): ipfs addr (required only if you want to store data in ipfs) arweave_wallet_file_path (str): arweave wallet file path (required only if you want to store data in arweave) federated_only (bool): Whether federated mode should be used signer_uri (str): signer uri for ethereum transaction https://docs.nucypher.com/en/latest/guides/ethereum_node.html#external-transaction-signing checksum_address (str): Ethereum address client_password (str): Password for ethereum keystore. Required only if signer_uri is keystore://{path} provider_uri (str): geth or infura https uri domain (str): nucypher network name e.g. lynx for nucypher testnet and mainnet for nucypher mainnet """ self.__client_password = client_password self.federated_only = federated_only self.ursula_url = ursula_url self.ursula = Ursula.from_seed_and_stake_info( seed_uri=self.ursula_url, federated_only=self.federated_only, minimum_stake=0) self.arweave_wallet = None if arweave_wallet_file_path: self.arweave_wallet = arweave.Wallet(arweave_wallet_file_path) self.ipfs = None if ipfs_addr: self.ipfs = ipfshttpclient.connect(ipfs_addr) self.temp_dir = os.path.join('/', 'tmp', dir_name) self.alice_config = AliceConfiguration( provider_uri=provider_uri, checksum_address=checksum_address, signer_uri=signer_uri, config_root=os.path.join(self.temp_dir), domain=domain, known_nodes={self.ursula}, start_learning_now=False, federated_only=self.federated_only, learn_on_same_thread=True) try: if os.path.exists(os.path.join(self.temp_dir, "alice.json")): raise ExistingKeyringError() self.alice_config.initialize(password=passphrase) except ExistingKeyringError: self.alice_config = AliceConfiguration.from_configuration_file( filepath=os.path.join(self.temp_dir, "alice.json"), known_nodes={self.ursula}, start_learning_now=False) self.alice_config.attach_keyring() self.alice_config.keyring.unlock(password=passphrase) signer = Signer.from_signer_uri(signer_uri) if signer_uri else None if signer: signer.unlock_account(account=checksum_address, password=client_password) self.alice = self.alice_config.produce(signer=signer) try: self.alice_config_file = self.alice_config.to_configuration_file() except FileExistsError: pass self.alice.start_learning_loop(now=True) self.privkeys, self.pubkeys = fetch_keys(path=self.temp_dir) bob_enc_keypair = DecryptingKeypair(private_key=self.privkeys["enc"]) bob_sig_keypair = SigningKeypair(private_key=self.privkeys["sig"]) enc_power = DecryptingPower(keypair=bob_enc_keypair) sig_power = SigningPower(keypair=bob_sig_keypair) power_ups = [enc_power, sig_power] self.bob = Bob(domain=domain, federated_only=self.federated_only, crypto_power_ups=power_ups, start_learning_now=True, abort_on_learning_error=True, known_nodes=[self.ursula], save_metadata=False, network_middleware=RestMiddleware(), provider_uri=provider_uri) def encrypt_data(self, plaintext): """ Encrypt data Args: plaintext (str): plaintext that should be encrypted Returns: label, data_source_public_key, data (bytes, bytes, byes): tuple containing label for the policy, data source public_key & encrypted data """ label = ("policy️-" + os.urandom(8).hex()).encode() policy_pubkey = self.alice.get_policy_encrypting_key_from_label(label) data_source = Enrico(policy_encrypting_key=policy_pubkey) data_source_public_key = bytes(data_source.stamp) message, _signature = data_source.encrypt_message( plaintext.encode("utf-8")) data = message.to_bytes() return label, data_source_public_key, data def decrypt_data(self, data_source_public_key, data, policy_info): """ Decrypt data Args: data_source_public_key (bytes): data_source_public_key data (bytes): encrypted data policy_info (dict): dict containing policy_pubkey, alice_sig_pubkey and label keys Returns: retrieved_plaintexts (list): list of str """ policy_pubkey = UmbralPublicKey.from_bytes( bytes.fromhex(policy_info["policy_pubkey"])) alice_sig_pubkey = UmbralPublicKey.from_bytes( bytes.fromhex(policy_info["alice_sig_pubkey"])) label = policy_info["label"].encode() self.bob.join_policy(label, alice_sig_pubkey) message_kit = UmbralMessageKit.from_bytes(data) data_source = Enrico.from_public_keys( verifying_key=data_source_public_key, policy_encrypting_key=policy_pubkey) retrieved_plaintexts = self.bob.retrieve( message_kit, label=label, enrico=data_source, alice_verifying_key=alice_sig_pubkey) retrieved_plaintexts = [ x.decode('utf-8') for x in retrieved_plaintexts ] return retrieved_plaintexts def share_data_access(self, pubkeys, label, days=5, m=1, n=1, rate=Web3.toWei(50, 'gwei')): """ Share data access based on public keys Args: pubkeys (dict): public keys dict containing sig and enc keys label (bytes): label for the policy days (int): days for which the access should be granted m (int): Minimum number of kfrags needed to activate a Capsule n (int): Total number of kfrags to generate rate (int): rate in wei Returns: policy_info (dict): dict containing policy_pubkey, alice_sig_pubkey and label keys """ bob = Bob.from_public_keys(verifying_key=pubkeys['sig'], encrypting_key=pubkeys['enc'], federated_only=self.federated_only) # Policy expiration date policy_end_datetime = maya.now() + datetime.timedelta(days=days) power_ups = self.alice._crypto_power._CryptoPower__power_ups for key, power_up in power_ups.items(): self.alice._crypto_power.consume_power_up( power_up, password=self.__client_password) policy = self.alice.grant(bob=bob, label=label, m=m, n=n, expiration=policy_end_datetime, rate=rate) policy_info = { "policy_pubkey": policy.public_key.to_bytes().hex(), "alice_sig_pubkey": bytes(self.alice.stamp).hex(), "label": label.decode("utf-8"), } return policy_info def upload_data(self, plaintext, storage): """ Upload data to the selected storage Args: plaintext (str): plaintext storage (str): storage layer e.g. ipfs, arweave, skynet, etc. Returns: label, data_source_public_key, hash_key (bytes, bytes, str): tuple containing policy label, data source public key and hash_key """ label, data_source_public_key, data = self.encrypt_data( plaintext=plaintext) if storage == "ipfs": hash_key = self.ipfs.add_bytes(data) elif storage == "arweave": transaction = arweave.Transaction(self.arweave_wallet, data=data) transaction.sign() transaction.send() hash_key = transaction.id elif storage == "skynet": file_name = '/tmp/{}.txt'.format( random.randint(100000000000, 999999999999)) file = open(file_name, 'wb') file.write(data) file.close() skynet_client = skynet.SkynetClient() hash_key = skynet_client.upload_file(file_name) else: raise ValueError("invalid storage layer") return label, data_source_public_key, hash_key @staticmethod def get_shareable_code(hash_key, data_source_public_key, policy_info, storage): """ Get shareable code to fetch the secret which can be shared easily Args: hash_key (str): storage layer hash key data_source_public_key (bytes): data source public key policy_info (dict): dict containing policy_pubkey, alice_sig_pubkey and label keys storage (str): storage layer e.g. ipfs, arweave, skynet, etc. Returns: shareable_code (str): shareable code """ data = { "hash": hash_key, "data_source_public_key": data_source_public_key.hex(), "policy_info": policy_info, "storage": storage } return base64.b64encode( json.dumps(data, separators=(',', ':')).encode("utf-8")).decode('utf-8') def fetch_data(self, shareable_code, storage): """ Fetch data from the selected storage and decrypt it Args: shareable_code (str): shareable code storage (str): storage layer e.g. ipfs, arweave, skynet, etc. Returns: retrieved_plaintexts (list): list of str """ meta_data = json.loads( base64.b64decode(shareable_code.encode('utf-8')).decode('utf-8')) data_source_public_key = meta_data['data_source_public_key'] hash_key = meta_data['hash'] if storage == "ipfs": data = self.ipfs.cat(hash_key) elif storage == "arweave": transaction = arweave.Transaction(self.arweave_wallet, id=hash_key) transaction.get_data() data = transaction.data if data == b'': raise ValueError( "Transaction not found. Wait for some more time") elif storage == "skynet": file_name = '/tmp/{}.txt'.format( random.randint(100000000000, 999999999999)) skynet_client = skynet.SkynetClient() skynet_client.download_file(file_name, hash_key) file = open(file_name, 'rb') data = file.read() file.close() else: raise ValueError("invalid storage layer") data_source_public_key = bytes.fromhex(data_source_public_key) policy_info = meta_data["policy_info"] return self.decrypt_data(data_source_public_key=data_source_public_key, data=data, policy_info=policy_info)
enrico = Enrico(policy_encrypting_key=policy_pubkey) # In this case, the plaintext is a # single passage from James Joyce's Finnegan's Wake. # The matter of whether encryption makes the passage more or less readable # is left to the reader to determine. single_passage_ciphertext, _signature = enrico.encrypt_message(plaintext) data_source_public_key = bytes(enrico.stamp) del enrico ############### # Back to Bob # ############### enrico_as_understood_by_bob = Enrico.from_public_keys( {SigningPower: data_source_public_key}, policy_encrypting_key=policy_pubkey ) # Now Bob can retrieve the original message. alice_pubkey_restored_from_ancient_scroll = UmbralPublicKey.from_bytes(alices_pubkey_bytes_saved_for_posterity) delivered_cleartexts = BOB.retrieve(message_kit=single_passage_ciphertext, data_source=enrico_as_understood_by_bob, alice_verifying_key=alice_pubkey_restored_from_ancient_scroll) # We show that indeed this is the passage originally encrypted by Enrico. assert plaintext == delivered_cleartexts[0] print("Retrieved: {}".format(delivered_cleartexts[0]))
def test_bob_joins_policy_and_retrieves( federated_alice, federated_ursulas, certificates_tempdir, ): # Let's partition Ursulas in two parts a_couple_of_ursulas = list(federated_ursulas)[:2] rest_of_ursulas = list(federated_ursulas)[2:] # Bob becomes bob = Bob( federated_only=True, start_learning_now=True, network_middleware=MockRestMiddleware(), known_certificates_dir=certificates_tempdir, abort_on_learning_error=True, known_nodes=a_couple_of_ursulas, ) # Bob only knows a couple of Ursulas initially assert len(bob.known_nodes) == 2 # Alice creates a policy granting access to Bob # Just for fun, let's assume she distributes KFrags among Ursulas unknown to Bob n = DEFAULT_NUMBER_OF_URSULAS_IN_DEVELOPMENT_NETWORK - 2 label = b'label://' + os.urandom(32) contract_end_datetime = maya.now() + datetime.timedelta(days=5) policy = federated_alice.grant( bob=bob, label=label, m=3, n=n, expiration=contract_end_datetime, handpicked_ursulas=set(rest_of_ursulas), ) assert bob == policy.bob assert label == policy.label # Now, Bob joins the policy bob.join_policy( label=label, alice_pubkey_sig=federated_alice.stamp, ) # In the end, Bob should know all the Ursulas assert len(bob.known_nodes) == len(federated_ursulas) # DataSource becomes data_source = DataSource(policy_pubkey_enc=policy.public_key, signing_keypair=SigningKeypair(), label=label) plaintext = b"What's your approach? Mississippis or what?" message_kit, _signature = data_source.encapsulate_single_message(plaintext) alices_verifying_key = federated_alice.stamp.as_umbral_pubkey() # Bob takes the message_kit and retrieves the message within delivered_cleartexts = bob.retrieve( message_kit=message_kit, data_source=data_source, alice_verifying_key=alices_verifying_key) assert plaintext == delivered_cleartexts[0]
def test_bob_joins_policy_and_retrieves( federated_alice, federated_ursulas, certificates_tempdir, ): # Let's partition Ursulas in two parts a_couple_of_ursulas = list(federated_ursulas)[:2] rest_of_ursulas = list(federated_ursulas)[2:] # Bob becomes bob = Bob( federated_only=True, domain=TEMPORARY_DOMAIN, start_learning_now=True, network_middleware=MockRestMiddleware(), abort_on_learning_error=True, known_nodes=a_couple_of_ursulas, ) # Bob has only connected to - at most - 2 nodes. assert sum(node.verified_node for node in bob.known_nodes) <= 2 # Alice creates a policy granting access to Bob # Just for fun, let's assume she distributes KFrags among Ursulas unknown to Bob n = NUMBER_OF_URSULAS_IN_DEVELOPMENT_NETWORK - 2 label = b'label://' + os.urandom(32) contract_end_datetime = maya.now() + datetime.timedelta(days=5) policy = federated_alice.grant( bob=bob, label=label, m=3, n=n, expiration=contract_end_datetime, handpicked_ursulas=set(rest_of_ursulas), ) assert label == policy.label try: # Now, Bob joins the policy bob.join_policy(label=label, alice_verifying_key=federated_alice.stamp, block=True) except policy.treasure_map.NowhereToBeFound: maps = [] for ursula in federated_ursulas: for map in ursula.treasure_maps.values(): maps.append(map) if policy.treasure_map in maps: # This is a nice place to put a breakpoint to examine Bob's failure to join a policy. bob.join_policy(label=label, alice_verifying_key=federated_alice.stamp, block=True) pytest.fail( f"Bob didn't find map {policy.treasure_map} even though it was available. Come on, Bob." ) else: pytest.fail( f"It seems that Alice didn't publish {policy.treasure_map}. Come on, Alice." ) # In the end, Bob should know all the Ursulas assert len(bob.known_nodes) == len(federated_ursulas) # Enrico becomes enrico = Enrico(policy_encrypting_key=policy.public_key) plaintext = b"What's your approach? Mississippis or what?" message_kit, _signature = enrico.encrypt_message(plaintext) alices_verifying_key = federated_alice.stamp.as_umbral_pubkey() # Bob takes the message_kit and retrieves the message within delivered_cleartexts = bob.retrieve( message_kit, enrico=enrico, alice_verifying_key=alices_verifying_key, label=policy.label, retain_cfrags=True) assert plaintext == delivered_cleartexts[0] # Bob tries to retrieve again, but without using the cached CFrags, it fails. with pytest.raises(TypeError): delivered_cleartexts = bob.retrieve( message_kit, enrico=enrico, alice_verifying_key=alices_verifying_key, label=policy.label) cleartexts_delivered_a_second_time = bob.retrieve( message_kit, enrico=enrico, alice_verifying_key=alices_verifying_key, label=policy.label, use_attached_cfrags=True) # Indeed, they're the same cleartexts. assert delivered_cleartexts == cleartexts_delivered_a_second_time # Let's try retrieve again, but Alice revoked the policy. failed_revocations = federated_alice.revoke(policy) assert len(failed_revocations) == 0 # One thing to note here is that Bob *can* still retrieve with the cached CFrags, even though this Policy has been revoked. #892 _cleartexts = bob.retrieve( message_kit, enrico=enrico, alice_verifying_key=alices_verifying_key, label=policy.label, use_precedent_work_orders=True, ) assert _cleartexts == delivered_cleartexts # TODO: 892 # OK, but we imagine that the message_kit is fresh here. message_kit.clear_cfrags() with pytest.raises(Ursula.NotEnoughUrsulas): _cleartexts = bob.retrieve( message_kit, enrico=enrico, alice_verifying_key=alices_verifying_key, label=policy.label, ) bob.disenchant()
def test_bob_joins_policy_and_retrieves( federated_alice, federated_ursulas, certificates_tempdir, ): # Let's partition Ursulas in two parts a_couple_of_ursulas = list(federated_ursulas)[:2] rest_of_ursulas = list(federated_ursulas)[2:] # Bob becomes bob = Bob( federated_only=True, domains={TEMPORARY_DOMAIN}, start_learning_now=True, network_middleware=MockRestMiddleware(), abort_on_learning_error=True, known_nodes=a_couple_of_ursulas, ) # Bob only knows a couple of Ursulas initially assert len(bob.known_nodes) == 2 # Alice creates a policy granting access to Bob # Just for fun, let's assume she distributes KFrags among Ursulas unknown to Bob n = NUMBER_OF_URSULAS_IN_DEVELOPMENT_NETWORK - 2 label = b'label://' + os.urandom(32) contract_end_datetime = maya.now() + datetime.timedelta(days=5) policy = federated_alice.grant( bob=bob, label=label, m=3, n=n, expiration=contract_end_datetime, handpicked_ursulas=set(rest_of_ursulas), ) assert bob == policy.bob assert label == policy.label # Now, Bob joins the policy bob.join_policy(label=label, alice_verifying_key=federated_alice.stamp, block=True) # In the end, Bob should know all the Ursulas assert len(bob.known_nodes) == len(federated_ursulas) # Enrico becomes enrico = Enrico(policy_encrypting_key=policy.public_key) plaintext = b"What's your approach? Mississippis or what?" message_kit, _signature = enrico.encrypt_message(plaintext) alices_verifying_key = federated_alice.stamp.as_umbral_pubkey() # Bob takes the message_kit and retrieves the message within delivered_cleartexts = bob.retrieve( message_kit, enrico=enrico, alice_verifying_key=alices_verifying_key, label=policy.label, retain_cfrags=True) assert plaintext == delivered_cleartexts[0] # Bob tries to retrieve again, but without using the cached CFrags, it fails. with pytest.raises(TypeError): delivered_cleartexts = bob.retrieve( message_kit, enrico=enrico, alice_verifying_key=alices_verifying_key, label=policy.label) cleartexts_delivered_a_second_time = bob.retrieve( message_kit, enrico=enrico, alice_verifying_key=alices_verifying_key, label=policy.label, use_attached_cfrags=True) # Indeed, they're the same cleartexts. assert delivered_cleartexts == cleartexts_delivered_a_second_time # Let's try retrieve again, but Alice revoked the policy. failed_revocations = federated_alice.revoke(policy) assert len(failed_revocations) == 0 # One thing to note here is that Bob *can* still retrieve with the cached CFrags, even though this Policy has been revoked. #892 _cleartexts = bob.retrieve( message_kit, enrico=enrico, alice_verifying_key=alices_verifying_key, label=policy.label, use_precedent_work_orders=True, ) assert _cleartexts == delivered_cleartexts # TODO: 892 # OK, but we imagine that the message_kit is fresh here. message_kit.capsule.clear_cfrags() with pytest.raises(Ursula.NotEnoughUrsulas): _cleartexts = bob.retrieve( message_kit, enrico=enrico, alice_verifying_key=alices_verifying_key, label=policy.label, )
######################### # Enrico, the Encryptor # ######################### enrico = Enrico(policy_encrypting_key=policy_public_key) # In this case, the plaintext is a # single passage from James Joyce's Finnegan's Wake. # The matter of whether encryption makes the passage more or less readable # is left to the reader to determine. single_passage_ciphertext, _signature = enrico.encrypt_message(plaintext) data_source_public_key = bytes(enrico.stamp) del enrico ############### # Back to Bob # ############### # Now Bob can retrieve the original message. delivered_cleartexts = bob.retrieve( single_passage_ciphertext, policy_encrypting_key=policy_public_key, alice_verifying_key=alice_verifying_key, label=label) # We show that indeed this is the passage originally encrypted by Enrico. assert plaintext == delivered_cleartexts[0] print("Retrieved: {}".format(delivered_cleartexts[0])) bob.disenchant()
class service(object): def __init__(self, network_provider): self.provider_uri = network_provider self.user_path = "users/" self.public_key_path = "/recipent.public.json" self.private_key_path = "/recipent.private.json" def connect(self, networkURL, second_provider, third_provider, ipfs_provider): BlockchainInterfaceFactory.initialize_interface(provider_uri=self.provider_uri) self.ipfs_gateway_api = ipfshttpclient.connect(ipfs_provider) self.ursula = Ursula.from_seed_and_stake_info( seed_uri=networkURL, federated_only=True, minimum_stake=0 ) self.ursula2 = Ursula.from_teacher_uri( teacher_uri=networkURL, federated_only=True, min_stake=0 ) self.ursula3 = Ursula.from_teacher_uri( teacher_uri=networkURL, federated_only=True, min_stake=0 ) return True def generate_keys(self): enc_privkey = UmbralPrivateKey.gen_key() sig_privkey = UmbralPrivateKey.gen_key() recipient_privkeys = { 'enc': enc_privkey.to_bytes().hex(), 'sig': sig_privkey.to_bytes().hex(), } enc_pubkey = enc_privkey.get_pubkey() sig_pubkey = sig_privkey.get_pubkey() recipient_pubkeys = { 'enc': enc_pubkey.to_bytes().hex(), 'sig': sig_pubkey.to_bytes().hex() } return recipient_privkeys, recipient_pubkeys def configure_alice(self, path): return AliceConfiguration( config_root=os.path.join(path), known_nodes=[self.ursula, self.ursula2, self.ursula3], start_learning_now=False, federated_only=True, learn_on_same_thread=True, network_middleware=RestMiddleware(), ) def create_alice(self, username, password): path = self.user_path + username alice_config = self.configure_alice(path) alice_config.initialize(password=password) alice_config.keyring.unlock(password=password) self.Alice = alice_config.produce() alice_config_file = alice_config.to_configuration_file() self.Alice.start_learning_loop(now=True) private_keys, public_keys = self.generate_keys() with open(path + self.private_key_path, 'w') as file: json.dump(private_keys, file) with open(path + self.public_key_path, 'w') as f: json.dump(public_keys, f) config_path = path + '/alice.json' with open(config_path) as config_file: data = json.load(config_file) address = data["checksum_address"] return address def generate_policy(self, username, label): policy_end_datetime = maya.now() + datetime.timedelta(365) path = self.user_path + username self.configure_alice(path) policy_pubkey = self.Alice.get_policy_pubkey_from_label(label) return policy_pubkey def reveal_public_keys(self, username, serialized=False): public_keys = self.user_path + username + self.public_key_path with open(public_keys) as data_file: data = json.load(data_file) enc_pubkey = UmbralPublicKey.from_bytes(bytes.fromhex(data["enc"])) sig_pubkey = UmbralPublicKey.from_bytes(bytes.fromhex(data["sig"])) print(sig_pubkey.to_bytes()) if serialized: return ( base58.b58encode(bytes.fromhex(data["enc"])).decode("utf-8"), base58.b58encode(bytes.fromhex(data["sig"])).decode("utf-8") ) return (enc_pubkey, sig_pubkey) def calculate_powers(self, username): enc_pubkey, sig_pubkey = self.reveal_public_keys(username) powers_and_material = { DecryptingPower: enc_pubkey, SigningPower: sig_pubkey } return powers_and_material def reveal_private_keys(self, username): private_keys = self.user_path + username + self.private_key_path with open(private_keys) as data_file: data = json.load(data_file) enc_privkey = UmbralPrivateKey.from_bytes(bytes.fromhex(data["enc"])) sig_privkey = UmbralPrivateKey.from_bytes(bytes.fromhex(data["sig"])) return enc_privkey, sig_privkey def uploadData(self, label, file): policy_pubkey = self.Alice.get_policy_encrypting_key_from_label(label.encode("utf-8")) data_source = Enrico(policy_encrypting_key=policy_pubkey) data_source_public_key = bytes(data_source.stamp) now = time.time() kits = list() now += 5 data_representation = { 'data': file, 'timestamp': now, } plaintext = msgpack.dumps(data_representation, use_bin_type=True) message_kit, _signature = data_source.encrypt_message(plaintext) kit_bytes = message_kit.to_bytes() kits.append(kit_bytes) data = { 'data_source': data_source_public_key, 'kits': kits, } d = msgpack.dumps(data, use_bin_type=True) ipfs_hash = self.ipfs_gateway_api.add_bytes(d) receipt = { "data_source_public_key" : data_source_public_key.hex(), "hash_key" : ipfs_hash } return receipt def alice_from_configutation(self, username, password, account): path = self.user_path + username + '/' keyring_path = path + "keyring" full_path = path + 'alice.json' alice_config = self.configure_alice(path) configuration = alice_config.from_configuration_file( config_root=os.path.join(path), filepath=full_path, keyring=NucypherKeyring( account=account, keyring_root=os.path.join(keyring_path), ), ) configuration.keyring.unlock(password) self.Alice = configuration.produce() return self.Alice def grant(self, username, password, account, bob_username, label): self.Alice = self.alice_from_configutation(username, password, account) powers_and_material = self.calculate_powers(bob_username) bob = Bob.from_public_keys(powers_and_material=powers_and_material, federated_only=True) policy_end_datetime = maya.now() + datetime.timedelta(days=365) encoded_label = label.encode("utf-8") self.Alice.start_learning_loop(now=True) policy = self.Alice.grant(bob, encoded_label, m=1, n=1, expiration=policy_end_datetime) alices_pubkey = bytes(self.Alice.stamp) policy_info = { "policy_pubkey" : policy.public_key.to_bytes().hex(), "alice_sig_pubkey": base58.b58encode(alices_pubkey).decode("utf-8"), "label" : encoded_label.decode("utf-8") } return policy_info def add_data_and_grant_self_access(self, username, password, account, label, file): policy_info = self.grant(username, password, account, username, label) receipt = self.uploadData(label, file) return policy_info, receipt def downloadFile(self, username, receipt, policy_info): hash = receipt['hash_key'] input = self.ipfs_gateway_api.cat(hash) enc_privkey, sig_privkey = self.reveal_private_keys(username) bob_enc_key = DecryptingKeypair(private_key=enc_privkey) bob_sig_keyp = SigningKeypair(private_key=sig_privkey) enc_power = DecryptingPower(keypair=bob_enc_key) sig_power = SigningPower(keypair=bob_sig_keyp) power_ups = [enc_power, sig_power] self.Bob = Bob( federated_only=True, crypto_power_ups=power_ups, start_learning_now=True, abort_on_learning_error=True, known_nodes=[self.ursula], save_metadata=False, network_middleware=RestMiddleware(), ) policy_pubkey = UmbralPublicKey.from_bytes(bytes.fromhex(policy_info["policy_pubkey"])) enrico = Enrico.from_public_keys( {SigningPower: UmbralPublicKey.from_bytes(bytes.fromhex(receipt['data_source_public_key']))}, policy_encrypting_key=policy_pubkey ) alice_pubkey_restored = UmbralPublicKey.from_bytes(base58.b58decode(policy_info['alice_sig_pubkey'])) self.Bob.join_policy(policy_info['label'].encode(), alice_pubkey_restored) data = msgpack.loads(input, raw=False) message_kits = (UmbralMessageKit.from_bytes(k) for k in data['kits']) message_kit = next(message_kits) retrieved_plaintexts = self.Bob.retrieve( message_kit, enrico=enrico, alice_verifying_key=alice_pubkey_restored, label=policy_info['label'].encode(), ) plaintext = msgpack.loads(retrieved_plaintexts[0], raw=False) print(plaintext) decrypted_data = plaintext['data'] return decrypted_data
# Let's read the file produced by the heart monitor and unpack the MessageKits, # which are the individual ciphertexts. data = msgpack.load(open("heart_data.msgpack", "rb"), raw=False) message_kits = (UmbralMessageKit.from_bytes(k) for k in data['kits']) # The doctor also needs to create a view of the Data Source from its public keys data_source = Enrico.from_public_keys(verifying_key=data['data_source'], policy_encrypting_key=policy_pubkey) # Now he can ask the NuCypher network to get a re-encrypted version of each MessageKit. for message_kit in message_kits: try: start = timer() retrieved_plaintexts = doctor.retrieve( label=label, message_kit=message_kit, enrico=data_source, alice_verifying_key=alices_sig_pubkey) end = timer() plaintext = msgpack.loads(retrieved_plaintexts[0], raw=False) # Now we can get the heart rate and the associated timestamp, # generated by the heart rate monitor. heart_rate = plaintext['heart_rate'] timestamp = maya.MayaDT(plaintext['timestamp']) # This code block simply pretty prints the heart rate info terminal_size = shutil.get_terminal_size().columns max_width = min(terminal_size, 120) columns = max_width - 12 - 27
def downloadFile(self, downloadFilename, recipient_privkeys, receipt, policy_info): hash = receipt['hash_key'] input = self.ipfs.cat(hash) ursula = Ursula.from_seed_and_stake_info( seed_uri=self.URSULA_SEEDNODE_URI, federated_only=True, minimum_stake=0) bob_enc_keypair = DecryptingKeypair( private_key=UmbralPrivateKey.from_bytes( bytes.fromhex(recipient_privkeys["enc"]))) bob_sig_keypair = SigningKeypair( private_key=UmbralPrivateKey.from_bytes( bytes.fromhex(recipient_privkeys["sig"]))) enc_power = DecryptingPower(keypair=bob_enc_keypair) sig_power = SigningPower(keypair=bob_sig_keypair) power_ups = [enc_power, sig_power] authorizedRecipient = Bob( is_me=True, federated_only=True, crypto_power_ups=power_ups, start_learning_now=True, abort_on_learning_error=True, known_nodes=[ursula], save_metadata=False, network_middleware=RestMiddleware(), ) policy_pubkey = UmbralPublicKey.from_bytes( bytes.fromhex(policy_info["policy_pubkey"])) enrico_as_understood = Enrico.from_public_keys( { SigningPower: UmbralPublicKey.from_bytes( bytes.fromhex(receipt['data_source_public_key'])) }, #{SigningPower: data_source_public_key}, policy_encrypting_key=policy_pubkey) alice_pubkey_restored = UmbralPublicKey.from_bytes( (policy_info['alice_sig_pubkey'])) authorizedRecipient.join_policy(policy_info['label'].encode(), alice_pubkey_restored) kit = UmbralMessageKit.from_bytes(input) delivered_cleartexts = authorizedRecipient.retrieve( message_kit=kit, data_source=enrico_as_understood, alice_verifying_key=alice_pubkey_restored, label=(policy_info['label'].encode())) #delivered_cleartexts = authorizedRecipient.retrieve(message_kit=kit,data_source=data_source,alice_verifying_key=alice_pubkey_restored, label=(policy_info['label'].encode()) ) data = base64.b64decode(delivered_cleartexts[0]) output = open('./' + downloadFilename, 'wb') output.write(data) output.close()