def get_signer_keys ():
alices_private_key = keys.UmbralPrivateKey.gen_key()
alices_public_key = alices_private_key.get_pubkey()
alices_signing_key = keys.UmbralPrivateKey.gen_key()
alices_verifying_key = alices_signing_key.get_pubkey()
alices_signer = signing.Signer(private_key=alices_signing_key)
newkeys = {"privateSigningKey": alices_signing_key, "publicSigningKey": alices_verifying_key, "signer": alices_signer}
# print (newkeys)
with open("python/proxy/23.jpg", "rb") as imageFile:
f = imageFile.read()
plaintext = bytes(f)
# print("imgStart")
# print(b)
# print("imgEnd")
# plaintext = b'Proxy Re-encryption is cool!'
# print("@@@@")
# print(plaintext)
ciphertext, capsule = pre.encrypt(alices_public_key, plaintext)
# print(ciphertext)
print(capsule)
bob_capsule = capsule
bobs_private_key = keys.UmbralPrivateKey.gen_key()
bobs_public_key = bobs_private_key.get_pubkey()
kfrags = pre.generate_kfrags(delegating_privkey=alices_private_key,
signer=alices_signer,
receiving_pubkey=bobs_public_key,
threshold=10,
N=20)
print(kfrags)
bob_capsule.set_correctness_keys(delegating=alices_public_key,
receiving=bobs_public_key,
verifying=alices_verifying_key)
def generate_kfrags(self,
bob_pubkey_enc,
signer,
label: bytes,
m: int,
n: int
) -> Tuple[UmbralPublicKey, List]:
"""
Generates re-encryption key frags ("KFrags") and returns them.
These KFrags can be used by Ursula to re-encrypt a Capsule for Bob so
that he can activate the Capsule.
:param bob_pubkey_enc: Bob's public key
:param m: Minimum number of KFrags needed to rebuild ciphertext
:param n: Total number of KFrags to generate
"""
__private_key = self._get_privkey_from_label(label)
kfrags = pre.generate_kfrags(delegating_privkey=__private_key,
receiving_pubkey=bob_pubkey_enc,
threshold=m,
N=n,
signer=signer,
sign_delegating_key=False,
sign_receiving_key=False,
)
return __private_key.get_pubkey(), kfrags
def grant_access():
if request.method == 'POST':
# Get the data from the request payload and convert them to bytes
bobPubKey = string_to_bytes(request.form["bobPubKey"])
bobPubKey = keys.UmbralPublicKey.from_bytes(bobPubKey)
alicePrivKey = string_to_bytes(request.form["alicePrivKey"])
alicePrivKey = keys.UmbralPrivateKey.from_bytes(alicePrivKey)
alicePubKey = alicePrivKey.get_pubkey()
#generate the signing key
alices_signing_key = keys.UmbralPrivateKey.gen_key()
alices_verifying_key = alices_signing_key.get_pubkey()
alices_signer = signing.Signer(private_key=alices_signing_key)
# Generating kfrags
global kfrags
kfrags = pre.generate_kfrags(delegating_privkey=alicePrivKey,
signer=alices_signer,
receiving_pubkey=bobPubKey,
threshold=10,
N=20)
# Storing the kfrags on the bob's side
dataToBeStoredBob = {
"alice_verifying_key":
bytes_to_string(alices_verifying_key.to_bytes()),
"alicePubKey": bytes_to_string(alicePubKey.to_bytes())
}
with open('hospital.json', 'w') as outfile:
json.dump(dataToBeStoredBob, outfile, cls=SetEncoder)
return render_template('grant.html')
def test_kfrags_signed_without_correctness_keys(alices_keys, bobs_keys,
capsule):
delegating_privkey, signing_privkey = alices_keys
delegating_pubkey = delegating_privkey.get_pubkey()
verifying_key = signing_privkey.get_pubkey()
receiving_privkey, receiving_pubkey = bobs_keys
kfrags = pre.generate_kfrags(delegating_privkey=delegating_privkey,
signer=Signer(signing_privkey),
receiving_pubkey=receiving_pubkey,
threshold=6,
N=10,
sign_delegating_key=False,
sign_receiving_key=False)
for kfrag in kfrags:
# You can verify the KFrag specifying only the verifying key
assert kfrag.verify(signing_pubkey=verifying_key)
# ... or if it is set in the capsule, using the capsule
capsule.set_correctness_keys(verifying=verifying_key)
assert kfrag.verify_for_capsule(capsule)
# It should even work when other keys are set in the capsule
assert kfrag.verify(signing_pubkey=verifying_key,
delegating_pubkey=delegating_pubkey,
receiving_pubkey=receiving_pubkey)
def gen_rencryption_key():
if request.content_type.lower() != "application/json":
abort(415)
data = request.get_json()
if "delegatorPrivateKey" in data and "delegatorSigningKey" in data and "receiverPublicKey" in data:
try:
start = time.perf_counter()
delegatorPrivKey = keys.UmbralPrivateKey.from_bytes(
bytes.fromhex(data["delegatorPrivateKey"]))
delegatorSignKey = keys.UmbralPrivateKey.from_bytes(
bytes.fromhex(data["delegatorSigningKey"]))
receiverPublicKey = keys.UmbralPublicKey.from_hex(
data["receiverPublicKey"])
signer = signing.Signer(private_key=delegatorSignKey)
[kfrag] = pre.generate_kfrags(delegating_privkey=delegatorPrivKey,
signer=signer,
receiving_pubkey=receiverPublicKey,
threshold=1,
N=1)
end = time.perf_counter()
time_stats_endpoints["gen_renc_key"].append(end - start)
return {"status": "ok", "reencKey": kfrag.to_bytes().hex()}
except Exception as e:
return {"status": "error", "error": str(e)}
abort(400)
def generate_secret_key():
alices_private_key = keys.UmbralPrivateKey.gen_key()
alices_public_key = alices_private_key.get_pubkey()
alices_signing_key = keys.UmbralPrivateKey.gen_key()
alices_verifying_key = alices_signing_key.get_pubkey()
alices_signer = signing.Signer(private_key=alices_signing_key)
# Generate Umbral keys for Bob.
bobs_private_key = keys.UmbralPrivateKey.gen_key()
bobs_public_key = bobs_private_key.get_pubkey()
plaintext = b'Proxy Re-Encryption is cool!'
ciphertext, capsule = pre.encrypt(alices_public_key, plaintext)
# Decrypt data with Alice's private key.
cleartext = pre.decrypt(ciphertext=ciphertext,
capsule=capsule,
decrypting_key=alices_private_key)
kfrags = pre.generate_kfrags(delegating_privkey=alices_private_key,
signer=alices_signer,
receiving_pubkey=bobs_public_key,
threshold=10,
N=20)
return jsonify(
{
"encrypted_result": f'{kfrags}'
}
)
def grant():
json_data = json.loads(request.data.decode('utf-8'))
capsule_id, alice_pubkey, alice_privkey, bob_pubkey = json_data['capsule_id'], json_data[
'alice_pubkey'], json_data['alice_privkey'], json_data['bob_pubkey']
alice_pubkey = string_to_bytes(alice_pubkey)
alice_pubkey = keys.UmbralPublicKey.from_bytes(alice_pubkey)
alice_privkey = string_to_bytes(alice_privkey)
alice_privkey = keys.UmbralPrivateKey.from_bytes(alice_privkey)
bob_pubkey = string_to_bytes(bob_pubkey)
bob_pubkey = keys.UmbralPublicKey.from_bytes(bob_pubkey)
alice_signing_privkey = keys.UmbralPrivateKey.gen_key()
alice_signing_pubkey = alice_signing_privkey.get_pubkey()
alice_signer = Signer(alice_signing_privkey)
# Perform split-rekey and grant re-encryption policy
alice_kfrags = pre.generate_kfrags(
alice_privkey, bob_pubkey, 10, 20, alice_signer)
policy_id = mock_kms.grant(alice_kfrags)
alice_pubkey.from_bytes
response = {
"policy_id": policy_id,
"capsule_id": capsule_id,
"alice_pubkey": bytes_to_string(alice_pubkey.to_bytes()),
"alice_signing_pubkey": bytes_to_string(alice_signing_pubkey.to_bytes())
}
return jsonify(response)
def setup(alices_private_key, bobs_private_key, n, m):
#################
# Generate Umbral keys for Alice.
################# []
# alices_private_key = keys.UmbralPrivateKey.gen_key()
alices_public_key = alices_private_key.get_pubkey()
print("alices_private_key", alices_private_key)
alices_signing_key = keys.UmbralPrivateKey.gen_key()
alices_verifying_key = alices_signing_key.get_pubkey()
# assert alices_public_key == alices_verifying_key # it souldn't
alices_signer = signing.Signer(private_key=alices_signing_key)
# Generate Umbral keys for Bob.
################# []
# bobs_private_key = keys.UmbralPrivateKey.gen_key()
bobs_public_key = bobs_private_key.get_pubkey()
print("bobs_public_key", bobs_public_key)
# Alice generates "M of N" re-encryption key fragments (or "KFrags") for Bob.
# In this example, 10 out of 20.
kfrags = pre.generate_kfrags(delegating_privkey=alices_private_key,
signer=alices_signer,
receiving_pubkey=bobs_public_key,
threshold=m,
N=n)
return alices_public_key, alices_signing_key, alices_verifying_key, bobs_public_key, kfrags
def __setup():
delegating_privkey, signer, receiving_pubkey, ciphertext, capsule = __standard_encryption_api(
)
kfrags = pre.generate_kfrags(delegating_privkey, receiving_pubkey, m,
n, signer)
one_kfrag, *remaining_kfrags = kfrags
args, kwargs = tuple(), {"kfrag": one_kfrag, "capsule": capsule},
return args, kwargs
def genfrags(self, receiver, threshold=10, N=20):
kfrags = pre.generate_kfrags(
delegating_privkey=self.alices_private_key,
signer=self.alices_signer,
receiving_pubkey=receiver.bobs_public_key,
threshold=threshold,
N=N)
import random
return random.sample(kfrags, threshold)
def test_single_frag_reencryption_performance(benchmark, m: int, n: int) -> None:
delegating_privkey, signer, receiving_pubkey, ciphertext, capsule = __standard_encryption_api()
kfrags = pre.generate_kfrags(delegating_privkey, receiving_pubkey, m, n, signer)
one_kfrag, *remaining_kfrags = kfrags
args, kwargs = tuple(), {"kfrag": one_kfrag, "capsule": capsule},
print("\nBenchmarking {} with the same fragment({M} of {N}) repeatedly...".format("pre.reencrypt", M=m, N=n))
benchmark.pedantic(pre.reencrypt, args=args, kwargs=kwargs, iterations=20, rounds=100)
assert True # ensure function finishes and succeeds.
def kfrags(alices_keys, bobs_keys):
delegating_privkey, signing_privkey = alices_keys
signer_alice = Signer(signing_privkey)
receiving_privkey, receiving_pubkey = bobs_keys
yield pre.generate_kfrags(delegating_privkey=delegating_privkey,
signer=signer_alice,
receiving_pubkey=receiving_pubkey,
threshold=6, N=10)
def test_wrong_N_M_in_split_rekey(N, M, alices_keys, bobs_keys):
delegating_privkey, signing_privkey = alices_keys
signer = Signer(signing_privkey)
_receiving_privkey, receiving_pubkey = bobs_keys
with pytest.raises(ValueError):
_kfrags = pre.generate_kfrags(delegating_privkey=delegating_privkey,
signer=signer,
receiving_pubkey=receiving_pubkey,
threshold=M,
N=N)
def approve(self, owner_private_key, owner_signer, asker_public_key):
approve_start_time = time.time()
kfrags = pre.generate_kfrags(delegating_privkey=owner_private_key,
signer=owner_signer,
receiving_pubkey=asker_public_key,
threshold=1,
N=1)
approve_end_time = time.time()
timeUsed = type_convert.double_process(approve_end_time -
approve_start_time)
return kfrags, timeUsed
def generate_k_flags(
cls, sk: keys.UmbralPrivateKey,
escrow_pk: keys.UmbralPublicKey) -> (List[pre.KFrag], str):
proxy_signing_key = keys.UmbralPrivateKey.gen_key()
proxy_public_key = proxy_signing_key.get_pubkey()
signer = signing.Signer(private_key=proxy_signing_key)
k_frags = pre.generate_kfrags(delegating_privkey=sk,
signer=signer,
receiving_pubkey=escrow_pk,
threshold=10,
N=20)
k_frags = random.sample(k_frags, 10)
return k_frags, proxy_public_key.to_bytes()
def share(self, keyName, path, publicKeyFileName):
key = self.contract.call().keys(keyName)
keyExist = key[4]
if keyExist:
try:
with open(path + '/' + publicKeyFileName + '.k', 'rb') as publicKeyFile:
publicKeyBytes = publicKeyFile.read()
except Exception as e:
print(e)
else:
try:
publicKey = keys.UmbralPublicKey.from_bytes(publicKeyBytes)
signingPrivateKey = keys.UmbralPrivateKey.gen_key()
signer = signing.Signer(private_key = signingPrivateKey)
kfrags = pre.generate_kfrags(
delegating_privkey = self.privateKey,
signer = signer,
receiving_pubkey = publicKey,
threshold = 1,
N = 1
)
directory = path + '/' + publicKeyFileName + '/'
if not os.path.exists(directory):
os.makedirs(directory)
curveVar = umbral.config.default_curve()
paramsVar = params.UmbralParameters(curveVar)
capsule = pre.Capsule.from_bytes(key[1], paramsVar)
signingPublicKey = signingPrivateKey.get_pubkey()
capsule.set_correctness_keys(
delegating = self.publicKey,
receiving = publicKey,
verifying = signingPublicKey
)
for kfrag in kfrags:
cfrag = pre.reencrypt(
kfrag = kfrag,
capsule = capsule
)
cfrag = cfrag.to_bytes()
keyName = keyName.decode('utf-8')
with open(directory + keyName + '.f', 'wb') as cfragFile:
cfragFile.write(cfrag)
signingPublicKeyBytes = signingPublicKey.to_bytes()
with open(directory + keyName + '.s', 'wb') as signatureFile:
signatureFile.write(signingPublicKeyBytes)
except Exception as e:
print(e)
else:
print('Done')
else:
print('Key is not exist')
def run_test():
alices_private_key_bytes = keys.UmbralPrivateKey.gen_key().to_bytes()
alices_private_key = keys.UmbralPrivateKey.from_bytes(
alices_private_key_bytes)
alices_public_key = alices_private_key.get_pubkey()
# print("Alices private key:", alices_private_key.to_bytes())
# print("Alices public key:", alices_public_key.to_bytes())
alices_signing_key = keys.UmbralPrivateKey.gen_key()
alices_verifying_key = alices_signing_key.get_pubkey()
alices_signer = signing.Signer(private_key=alices_signing_key)
bobs_private_key = keys.UmbralPrivateKey.gen_key()
bobs_public_key = bobs_private_key.get_pubkey()
plaintext = b'Proxy Re-encryption is cool!'
ciphertext, capsule = pre.encrypt(alices_public_key, plaintext)
cleartext = pre.decrypt(ciphertext=ciphertext,
capsule=capsule,
decrypting_key=alices_private_key)
# Requires:
kfrags = pre.generate_kfrags(delegating_privkey=alices_private_key,
signer=alices_signer,
receiving_pubkey=bobs_public_key,
threshold=10,
N=20)
capsule.set_correctness_keys(delegating=alices_public_key,
receiving=bobs_public_key,
verifying=alices_verifying_key)
cfrags = list()
for kfrag in kfrags[:10]:
cfrag = pre.reencrypt(kfrag=kfrag, capsule=capsule)
cfrags.append(cfrag)
for cfrag in cfrags:
capsule.attach_cfrag(cfrag)
bob_cleartext = pre.decrypt(ciphertext=ciphertext,
capsule=capsule,
decrypting_key=bobs_private_key)
print("Plain text: ", plaintext)
print("bob_cleartext: ", bob_cleartext)
assert bob_cleartext == plaintext
def _generate_re_enc_key_admin_to_voter(self) -> List[KFrag]:
"""generate re-encrypt key from admin to (admin)voter
Returns:
List[Dict[int, KFrag]] -- index to re-encrypt
"""
re_enc_keys = []
for i, voter in enumerate(self.voters):
re_enc_key = generate_kfrags(
delegating_privkey=self.private_key,
signer=self.signer,
receiving_pubkey=voter.short_public_key,
threshold=1,
N=1)
re_enc_keys.append(re_enc_key)
return re_enc_keys
def fragments(metadata):
delegating_privkey = UmbralPrivateKey.gen_key()
_symmetric_key, capsule = pre._encapsulate(delegating_privkey.get_pubkey())
signing_privkey = UmbralPrivateKey.gen_key()
signer = Signer(signing_privkey)
priv_key_bob = UmbralPrivateKey.gen_key()
pub_key_bob = priv_key_bob.get_pubkey()
kfrags = pre.generate_kfrags(delegating_privkey=delegating_privkey,
signer=signer,
receiving_pubkey=pub_key_bob,
threshold=2,
N=4,
sign_delegating_key=False,
sign_receiving_key=False)
capsule.set_correctness_keys(delegating_privkey.get_pubkey(), pub_key_bob, signing_privkey.get_pubkey())
cfrag = pre.reencrypt(kfrags[0], capsule, metadata=metadata)
return capsule, cfrag
def get_reencryption_key(alice_priv_key_hex, alice_priv_signing_key_hex,
bob_pub_key_hex):
alice_priv_key = keys.UmbralPrivateKey.from_bytes(
bytes.fromhex(alice_priv_key_hex))
alice_priv_signing_key = keys.UmbralPrivateKey.from_bytes(
bytes.fromhex(alice_priv_signing_key_hex))
bob_pub_key = keys.UmbralPublicKey.from_bytes(
bytes.fromhex(bob_pub_key_hex))
alices_signer = signing.Signer(private_key=alice_priv_signing_key)
kfrags = pre.generate_kfrags(delegating_privkey=alice_priv_key,
signer=alices_signer,
receiving_pubkey=bob_pub_key,
threshold=1,
N=1)
kfrag = kfrags[0]
return kfrag.to_bytes().hex()
def _mock_ursula_reencrypts(ursula, corrupt_cfrag: bool = False):
delegating_privkey = UmbralPrivateKey.gen_key()
_symmetric_key, capsule = pre._encapsulate(delegating_privkey.get_pubkey())
signing_privkey = UmbralPrivateKey.gen_key()
signing_pubkey = signing_privkey.get_pubkey()
signer = Signer(signing_privkey)
priv_key_bob = UmbralPrivateKey.gen_key()
pub_key_bob = priv_key_bob.get_pubkey()
kfrags = pre.generate_kfrags(delegating_privkey=delegating_privkey,
signer=signer,
receiving_pubkey=pub_key_bob,
threshold=2,
N=4,
sign_delegating_key=False,
sign_receiving_key=False)
capsule.set_correctness_keys(delegating_privkey.get_pubkey(), pub_key_bob,
signing_pubkey)
ursula_pubkey = ursula.stamp.as_umbral_pubkey()
alice_address = canonical_address_from_umbral_key(signing_pubkey)
blockhash = bytes(32)
specification = b''.join((bytes(capsule), bytes(ursula_pubkey),
bytes(ursula.decentralized_identity_evidence),
alice_address, blockhash))
bobs_signer = Signer(priv_key_bob)
task_signature = bytes(bobs_signer(specification))
metadata = bytes(ursula.stamp(task_signature))
cfrag = pre.reencrypt(kfrags[0], capsule, metadata=metadata)
if corrupt_cfrag:
cfrag.proof.bn_sig = CurveBN.gen_rand(capsule.params.curve)
cfrag_signature = bytes(ursula.stamp(bytes(cfrag)))
bob = Bob.from_public_keys(verifying_key=pub_key_bob)
task = WorkOrder.Task(capsule, task_signature, cfrag, cfrag_signature)
work_order = WorkOrder(bob, None, alice_address, [task], None, ursula,
blockhash)
evidence = IndisputableEvidence(task, work_order)
return evidence
def generateKfrags(account: str, access_pub_key):
with open(account + '_privacy', 'rb') as f:
user_info_bytes = pickle.load(f)
f.close()
owner_pri_key = keys.UmbralPrivateKey.from_bytes(user_info_bytes['private_key'])
owner_signing_key = keys.UmbralPrivateKey.from_bytes(user_info_bytes['signing_key'])
signer = signing.Signer(private_key=owner_signing_key)
kfrags = pre.generate_kfrags(delegating_privkey=owner_pri_key,
signer=signer,
receiving_pubkey=access_pub_key,
threshold=1,
N=2)
res = {}
bytes_kfrags = list()
for v in kfrags:
bytes_kfrags.append(v.to_bytes().decode('iso-8859-15'))
res['kfrags'] = bytes_kfrags
return res.__str__()
def create_keyfrag():
if (not request.json or not 't' in request.json
or not 'delegating_secret' in request.json
or not 'receiving' in request.json
or not 'signer_secret' in request.json):
abort(400)
threshold = request.json['t']
show_debug(request.json['delegating_secret'])
sk_a = UmbralPrivateKey.from_bytes(binascii.unhexlify(
request.json['delegating_secret'].encode()),
params=params)
pk_b = UmbralPublicKey.from_bytes(
binascii.unhexlify(request.json['receiving'].encode()), params)
sign_a = UmbralPrivateKey.from_bytes(binascii.unhexlify(
request.json['signer_secret'].encode()),
params=params)
signer_a = signing.Signer(private_key=sign_a)
show_debug("Generating kfrags")
now = time.time() * 1000
kfrags = pre.generate_kfrags(delegating_privkey=sk_a,
signer=signer_a,
receiving_pubkey=pk_b,
threshold=threshold,
N=nodes_num)
end = time.time() * 1000
gen_tot = end - now
show_debug("Generated key fragment in: " + str(gen_tot))
show_debug("Distributing kfrags")
k_id = request.json['id']
payload = {
'capsule': request.json['capsule'],
'delegating': request.json['pk'],
'receiving': request.json['receiving'],
'verifying': binascii.hexlify(sign_a.get_pubkey().to_bytes()).decode()
}
ree_tot = distribute_key_fragments(k_id, kfrags, payload, threshold)
show_debug("Distributed key fragments")
return jsonify({'gen_time': gen_tot, 'ree_time': ree_tot}), 201
def _client(self, client, custom_user_id):
# for offer in self._get_offers_by_user(custom_user_id):
# TODO (offer_cid, kfrags)
# prepare data
# self._send_message_to_client(client, data)
#
M, N = 10, 20
kfrags = pre.generate_kfrags(
delegating_privkey=self.alices_private_key,
receiving_pubkey=client.pub_key,
signer=self.alices_signer,
threshold=M,
N=N)
#while True:
b_kfrags = []
for kf in kfrags:
b_kfrags.append(kf.to_bytes())
self._send_message_to_client(client, b_kfrags)
def simple():
# SETUP
(pk_a, sk_a, signer_a, verify_a, pk_b, sk_b) = setup()
threshold = threshold_init
plaintext = b'Proxy Re-Encryption'
# Alice #####################################################
# ENCRYPTION
show_debug('Encrypting...')
ciphertext, capsule = pre.encrypt(pk_a, plaintext)
# KEY FRAGMENTS GENERATION
kfrags = pre.generate_kfrags(delegating_privkey=sk_a,
signer=signer_a,
receiving_pubkey=pk_b,
threshold=threshold,
N=nodes_num)
# DISTRIBUTION
k_id = int(time.time() * 1000)
payload = {
'capsule': binascii.hexlify(capsule.to_bytes()).decode(),
'delegating': binascii.hexlify(pk_a.to_bytes()).decode(),
'receiving': binascii.hexlify(pk_b.to_bytes()).decode(),
'verifying': binascii.hexlify(verify_a.to_bytes()).decode()
}
distribute_key_fragments(k_id, kfrags, payload, threshold)
# Bob #######################################################
# CAPSULE FRAGMENTS GATHERING
capsule.set_correctness_keys(delegating=pk_a,
receiving=pk_b,
verifying=verify_a)
cfrags = gather_capsule_fragments(k_id, capsule, threshold)
# DECRYPT
plaintext_b = decrypt(cfrags, capsule, ciphertext, sk_b, threshold)
# FINISH
assert (plaintext_b == plaintext)
show_debug(plaintext_b)
def createPolicy():
json_data = json.loads(request.data.decode('utf-8'))
alices_private_key = json_data['alices_private_key']
alices_signing_key = json_data['alices_signing_key']
bobs_public_key = json_data['bobs_public_key']
alices_private_key = keys.UmbralPrivateKey.from_bytes(
string_to_bytes(alices_private_key))
bobs_public_key = keys.UmbralPublicKey.from_bytes(
string_to_bytes(bobs_public_key))
alices_signing_key = keys.UmbralPrivateKey.from_bytes(
string_to_bytes(alices_signing_key))
alices_signer = signing.Signer(private_key=alices_signing_key)
kfrags = pre.generate_kfrags(delegating_privkey=alices_private_key,
signer=alices_signer,
receiving_pubkey=bobs_public_key,
threshold=3,
N=5)
kfrags_array.append(kfrags)
print(kfrags_array)
return jsonify(len(kfrags_array) - 1)
def grant_access_policy(delegating_privkey, signer, recipient_pubkey, m, n):
kfrags_file = KFRAGS_FILE_FORMAT.format(recipient_pubkey.to_bytes().hex())
if os.path.exists(kfrags_file):
os.remove(kfrags_file)
kfrags = pre.generate_kfrags(delegating_privkey=delegating_privkey,
signer=signer,
receiving_pubkey=recipient_pubkey,
threshold=m,
N=n)
kfrags = random.sample(kfrags, m)
kfrag_hex_list = list()
for kfrag in kfrags:
kfrag_hex_list.append(kfrag.to_bytes().hex())
with open(kfrags_file, 'w') as f:
json.dump(kfrag_hex_list, f)
print("Access Granted!")
def __produce_kfrags_and_capsule(m: int, n: int) -> Tuple[List[KFrag], Capsule]:
delegating_privkey = keys.UmbralPrivateKey.gen_key(params=PARAMS)
delegating_pubkey = delegating_privkey.get_pubkey()
signing_privkey = keys.UmbralPrivateKey.gen_key(params=PARAMS)
signer = Signer(signing_privkey)
receiving_privkey = keys.UmbralPrivateKey.gen_key(params=PARAMS)
receiving_pubkey = receiving_privkey.get_pubkey()
plain_data = os.urandom(32)
ciphertext, capsule = pre.encrypt(delegating_pubkey, plain_data)
kfrags = pre.generate_kfrags(delegating_privkey, receiving_pubkey, m, n, signer)
capsule.set_correctness_keys(delegating=delegating_pubkey,
receiving=receiving_pubkey,
verifying=signing_privkey.get_pubkey())
return kfrags, capsule
def getData(owner, reader, ciphertext, capsule_bytes) -> str:
with open(owner + '_privacy', 'rb') as f:
owner_info_bytes = pickle.load(f)
f.close()
owner_pri_key = keys.UmbralPrivateKey.from_bytes(owner_info_bytes['private_key'])
owner_pub_key = owner_pri_key.get_pubkey()
owner_signing_key = keys.UmbralPrivateKey.from_bytes(owner_info_bytes['signing_key'])
owner_ver_key = owner_signing_key.get_pubkey()
with open(reader + '_privacy', 'rb') as f:
reader_info_bytes = pickle.load(f)
f.close()
reader_pri_key = keys.UmbralPrivateKey.from_bytes(reader_info_bytes['private_key'])
reader_pub_key = reader_pri_key.get_pubkey()
reader_ver_key = keys.UmbralPrivateKey.from_bytes(reader_info_bytes['signing_key']).get_pubkey()
signer = signing.Signer(private_key=owner_signing_key)
kfrags = pre.generate_kfrags(delegating_privkey=owner_pri_key,
signer=signer,
receiving_pubkey=reader_pub_key,
threshold=1,
N=2)
capsule = pre.Capsule.from_bytes(capsule_bytes, owner_pub_key.params)
capsule.set_correctness_keys(delegating=owner_pub_key,
receiving=reader_pub_key,
verifying=owner_ver_key)
cfrags = list()
for kfrag in kfrags:
cfrag = pre.reencrypt(kfrag=kfrag, capsule=capsule)
cfrags.append(cfrag)
for cfrag in cfrags:
capsule.attach_cfrag(cfrag)
img_bytes = pre.decrypt(ciphertext=ciphertext,
capsule=capsule,
decrypting_key=reader_pri_key)
img = base64.b64decode(img_bytes)
with open('return_example.jpeg', 'wb') as f:
f.write(img)
f.close()
path = os.path.abspath(__file__) + '/return_example.jpeg'
return path
def fragments():
delegating_privkey = keys.UmbralPrivateKey.gen_key()
delegating_pubkey = delegating_privkey.get_pubkey()
signing_privkey = keys.UmbralPrivateKey.gen_key()
signer = Signer(signing_privkey)
priv_key_bob = keys.UmbralPrivateKey.gen_key()
pub_key_bob = priv_key_bob.get_pubkey()
kfrags = pre.generate_kfrags(delegating_privkey=delegating_privkey,
signer=signer,
receiving_pubkey=pub_key_bob,
threshold=2,
N=4,
sign_delegating_key=False,
sign_receiving_key=False)
# TODO: Use nucypher re-encryption metadata
metadata = b"This is an example of metadata for re-encryption request"
_symmetric_key, capsule = pre._encapsulate(delegating_pubkey)
capsule.set_correctness_keys(delegating=delegating_pubkey,
receiving=pub_key_bob,
verifying=signing_privkey.get_pubkey())
cfrag = pre.reencrypt(kfrags[0], capsule, metadata=metadata)
return capsule, cfrag
