def decrypt(self, buff):
md = SHA256.new(buff[:-0x100])
verifier = PKCS1_v1_5.new(self._static_pubkey)
if verifier.verify(md, buff[-0x100:]) == False:
raise ValueError('Invalid signature in footer.')
if self._pubkey is not None:
md = SHA256.new(buff[:-0x200])
verifier = PKCS1_v1_5.new(self._pubkey)
if verifier.verify(md, buff[-0x200:-0x100]) == False:
raise ValueError('Invalid signature in footer.')
buff = buff[:-0x200]
nonce = array.array('I', buff[-4:])
nonce.byteswap()
length = len(buff) - 4
buff = array.array('I', buff[:-4] + b'\x00' * (8 - length % 8))
buff.byteswap()
counter = Counter.new(32, prefix=nonce.tostring(), initial_value=0, little_endian=True)
cipher = Blowfish.new(self._key, Blowfish.MODE_CTR, counter=counter)
buff = array.array('I', cipher.decrypt(buff.tostring()))
buff.byteswap()
buff = buff.tostring()[:length]
md = buff[-20:]
buff = buff[:-20]
if md != hashlib.sha1(buff).digest():
raise ValueError('Invalid SHA1 hash in footer.')
return buff
def testSignVerify(self):
rng = Random.new().read
key = RSA.generate(1024, rng)
for hashmod in (MD2, MD5, SHA1, SHA224, SHA256, SHA384, SHA512, RIPEMD160):
hobj = hashmod.new()
hobj.update(b('blah blah blah'))
signer = PKCS.new(key)
signature = signer.sign(hobj)
signer.verify(hobj, signature)
# Blake2b has variable digest size
for digest_bits in (160, 256, 384, 512):
hobj = BLAKE2b.new(digest_bits=digest_bits)
hobj.update(b("BLAKE2b supports several digest sizes"))
signer = PKCS.new(key)
signature = signer.sign(hobj)
signer.verify(hobj, signature)
# Blake2s too
for digest_bits in (128, 160, 224, 256):
hobj = BLAKE2s.new(digest_bits=digest_bits)
hobj.update(b("BLAKE2s supports several digest sizes"))
signer = PKCS.new(key)
signature = signer.sign(hobj)
signer.verify(hobj, signature)
def do(pub_key, priv_key):
d = SHA.new('hello')
priv = pkcs.new(priv_key)
ret_sign = priv.sign(d)
pub = pkcs.new(pub_key)
pub.verify(d, ret_sign)
def test_rsa_verify(key=KEY, time=TIME, data=DATA):
"""
RSA Verify (PKCS #1 v1.5)
"""
time = test_time(time)
mac = HMAC.new(time, data.encode("ascii"), SHA256)
mac = SHA256.new(mac.digest())
key = RSA.importKey(key)
sig = PKCS1_v1_5.new(key).sign(mac)
return b"Yes" if PKCS1_v1_5.new(key).verify(mac, sig) else b"No"
def main():
pub_key, priv_key = load_keys()
d = SHA.new(config.test_data)
priv = pkcs.new(priv_key)
ret_sign = priv.sign(d)
pub = pkcs.new(pub_key)
pub.verify(d, ret_sign)
def __init__(self, public_key_file, private_key_file):
with open(public_key_file,'rb') as pkf:
pubkey_string = pkf.read()
self.public_key = RSA.importKey(pubkey_string)
with open(private_key_file,'rb') as pkf:
privkey_string = pkf.read()
self.private_key = RSA.importKey(privkey_string)
self.public = PKCS1_OAEP.new(self.public_key)
self.private = PKCS1_OAEP.new(self.private_key)
self.signer = PKCS1_v1_5.new(self.private_key)
self.verifier = PKCS1_v1_5.new(self.public_key)
def runTest(self):
key = RSA.importKey(PKCS1_15_NoParams.rsakey)
hashed = SHA1.new(b("Test"))
good_signature = PKCS1_v1_5.new(key).sign(hashed)
verifier = PKCS1_v1_5.new(key.publickey())
self.assertEqual(verifier.verify(hashed, good_signature), True)
# Flip a few bits in the signature
bad_signature = strxor(good_signature, bchr(1) * len(good_signature))
self.assertEqual(verifier.verify(hashed, bad_signature), False)
def main_01():
def do(pub, priv):
d = SHA.new('hello')
ret_sign = priv.sign(d)
pub.verify(d, ret_sign)
pub = pkcs.new(pub_key)
priv = pkcs.new(priv_key)
for _ in range(config.calc_times):
do(pub, priv)
def sign(xml_etree, certificate, der_key, passphrase=None, trusted=None):
"""
Return xmldsig XML string from xml_string of XML.
:param xml_etree: etree of the xml to sign
:param der_key: Private key in DER format
:param certificate: publicKey Public key
:returns: signed XML byte string
"""
# from M2Crypto import RSA as m2cryptoRSA
# from M2Crypto import EVP as m2cryptoEVP
# from Crypto.PublicKey import RSA as cryptoRSA
# path_to_pem="/home/rovskyhp/.virtualenvs/agreement/var/tmp/tmp_60.pem"
# evp = m2cryptoEVP.load_key(str(path_to_pem)).as_der() # Convert Private key (M2Crypto Object) to DER format
# key = cryptoRSA.importKey(evp, passphrase='12345678a')
if hasattr(certificate, 'key'):
key_info_xml = _generate_key_info_xml_rsa(certificate.key.n,
certificate.key.e)
pubkey, hasher = certificate, Hash.SHA1
else:
der_cer = certificate.as_der()
key_info_xml = _generate_key_info_xml_x509(der_cer)
#pubkey, hasher, serialNumber, subject = _x509_certificate(der_cer=certificate, trusted=trusted)
pubkey = RSA.importKey(certificate.get_pubkey().as_der())
signed_info_xml = _generate_signed_info(xml_etree)
text = c14n(signed_info_xml)
key = RSA.importKey(der_key, passphrase)
signer = PKCS1_v1_5.new(key)
signature = signer.sign(Hash.SHA1.new(text))
verifier = PKCS1_v1_5.new(pubkey)
if not verifier.verify(Hash.SHA1.new(text), signature):
raise Exception("Signature verification failure!")
signature_xml = PTN_SIGNATURE_XML % {
'signed_info_xml': signed_info_xml,
'signature_value': binascii.b2a_base64(signature)[:-1],
'key_info_xml': key_info_xml,
}
signature_etree = etree.parse(StringIO(signature_xml))
xml_etree.append(signature_etree.getroot())
return xml_etree
def test_wrong_signature(self):
key = RSA.generate(1024)
msg_hash = SHA1.new(b("Message"))
signer = PKCS.new(key)
s = signer.sign(msg_hash)
verifier = PKCS.new(key.publickey())
# The signature s should be OK
verifier.verify(msg_hash, s)
# Construct an incorrect signature and ensure that the check fails
wrong_s = s[:-1] + bchr(bord(s[-1]) ^ 0xFF)
self.assertRaises(ValueError, verifier.verify, msg_hash, wrong_s)
def _get_signature_bytes(credentials, string_to_sign):
"""Uses crypto attributes of credentials to sign a string/bytes.
:type credentials: :class:`client.SignedJwtAssertionCredentials`,
:class:`service_account._ServiceAccountCredentials`,
:class:`_GAECreds`
:param credentials: The credentials used for signing text (typically
involves the creation of an RSA key).
:type string_to_sign: string
:param string_to_sign: The string to be signed by the credentials.
:rtype: bytes
:returns: Signed bytes produced by the credentials.
"""
if isinstance(credentials, _GAECreds):
_, signed_bytes = app_identity.sign_blob(string_to_sign)
return signed_bytes
else:
pem_key = _get_pem_key(credentials)
# Sign the string with the RSA key.
signer = PKCS1_v1_5.new(pem_key)
if not isinstance(string_to_sign, six.binary_type):
string_to_sign = string_to_sign.encode('utf-8')
signature_hash = SHA256.new(string_to_sign)
return signer.sign(signature_hash)
def get_new_token(self):
"""
Get a new token using the email address and RSA Key.
:return: Dictionary containing token information
:rtype: ``dict``
"""
# The header is always the same
header = {'alg': 'RS256', 'typ': 'JWT'}
header_enc = base64.urlsafe_b64encode(b(json.dumps(header)))
# Construct a claim set
claim_set = {'iss': self.user_id,
'scope': self.scopes,
'aud': 'https://accounts.google.com/o/oauth2/token',
'exp': int(time.time()) + 3600,
'iat': int(time.time())}
claim_set_enc = base64.urlsafe_b64encode(b(json.dumps(claim_set)))
# The message contains both the header and claim set
message = b'.'.join((header_enc, claim_set_enc))
# Then the message is signed using the key supplied
key = RSA.importKey(self.key)
hash_func = SHA256.new(message)
signer = PKCS1_v1_5.new(key)
signature = base64.urlsafe_b64encode(signer.sign(hash_func))
# Finally the message and signature are sent to get a token
jwt = b'.'.join((message, signature))
request = {'grant_type': 'urn:ietf:params:oauth:grant-type:jwt-bearer',
'assertion': jwt}
return self._token_request(request)
def Generate(self):
if not os.path.exists(self.source_dir_):
print("The source directory %s is invalid." % self.source_dir_)
return
try:
zip_file = '%s.tmp' % self.output_file_
self.__Compress(self.source_dir_, zip_file)
signer = PKCS1_v1_5.new(self.RSAkey)
zfile = open(zip_file, 'rb')
sha = SHA.new(zfile.read())
signature = signer.sign(sha)
xpk = open(self.output_file_, 'wb')
zfile.seek(0)
print('Generating XPK package: %s' % self.output_file_)
xpk.write('\x43\x72\x57\x6B')
xpk.write(struct.pack('<I', len(self.pubkey)))
xpk.write(struct.pack('<I', len(signature)))
xpk.write(self.pubkey)
xpk.write(signature)
xpk.write(zfile.read())
zfile.close()
xpk.close()
print('Generated new XPK package %s successfully.'
% self.output_file_)
except IOError:
if os.path.exists(self.output_file_):
os.remove(self.output_file_)
traceback.print_exc()
finally:
if os.path.exists(zip_file):
os.remove(zip_file)
def sign(message, sender_private_key):
h = SHA.new(message)
signer = PKCS1_v1_5.new(sender_private_key)
signature = signer.sign(h)
return signature
def webhooks_verify(path_pubkey, private_sign, req_data):
""" path_pubkey : 公钥文件路径,内容为ping++提供的公钥(账户和设置 - Ping++ 公钥)
private_sign: ping++对应的私钥签名后的字符串
req_data : 请求的json格式字符串,不要get_json(),因为会改变字段的顺序,直接获取原始字符串即可
备注:遇到一个坑,直接从官网上copy公钥时,vim保存文件时会多一个字符,导致验算不通过,推荐notepad++保存
最后一行不要有换行符
"""
import base64
from Crypto.PublicKey import RSA
from Crypto.Signature import PKCS1_v1_5
from Crypto.Hash import SHA256
def decode_base64(data):
missing_padding = 4 - len(data) % 4
if missing_padding:
data += b'='*missing_padding
return base64.decodestring(data)
sig = decode_base64(private_sign)
req_data = req_data.encode('utf-8')
digest = SHA256.new(req_data)
pubkey = RSA.importKey(open(path_pubkey).read())
pkcs = PKCS1_v1_5.new(pubkey)
return pkcs.verify(digest, sig)
def verify(self, msg, sig, key):
h = self.digest.new(msg)
verifier = PKCS1_v1_5.new(key)
if verifier.verify(h, sig):
return True
else:
raise BadSignature()
def sign_rsa_sha1(base_string, rsa_private_key):
"""**RSA-SHA1**
Per `section 3.4.3`_ of the spec.
The "RSA-SHA1" signature method uses the RSASSA-PKCS1-v1_5 signature
algorithm as defined in `RFC3447, Section 8.2`_ (also known as
PKCS#1), using SHA-1 as the hash function for EMSA-PKCS1-v1_5. To
use this method, the client MUST have established client credentials
with the server that included its RSA public key (in a manner that is
beyond the scope of this specification).
NOTE: this method requires the python-rsa library.
.. _`section 3.4.3`: http://tools.ietf.org/html/rfc5849#section-3.4.3
.. _`RFC3447, Section 8.2`: http://tools.ietf.org/html/rfc3447#section-8.2
"""
# TODO: finish RSA documentation
from Crypto.PublicKey import RSA
from Crypto.Signature import PKCS1_v1_5
from Crypto.Hash import SHA
key = RSA.importKey(rsa_private_key)
if isinstance(base_string, unicode_type):
base_string = base_string.encode("utf-8")
h = SHA.new(base_string)
p = PKCS1_v1_5.new(key)
return binascii.b2a_base64(p.sign(h))[:-1].decode("utf-8")
def rsa_sign(para_str):
"""对请求参数做rsa签名"""
para_str = para_str.encode('utf-8')
key = RSA.importKey(settings.ALIPAY_PRIVATE_KEY)
h = SHA.new(para_str)
signer = PKCS1_v1_5.new(key)
return base64.b64encode(signer.sign(h))
def verify_hash(pub_algorithm_type, public_key, hash_, values):
if pub_algorithm_type in (1, 3):
# RSA
s = long_to_bytes(values[0])
return PKCS1_v1_5.new(public_key).verify(hash_, s)
elif pub_algorithm_type == 20:
# ELG
# TODO: Remove dependence on undocumented method
sig_string = PKCS1_v1_5.EMSA_PKCS1_V1_5_ENCODE(
hash_, public_key.size())
return public_key.verify(sig_string, values)
elif pub_algorithm_type == 17:
# DSA
q = public_key.q
qbits = int(math.floor(float(math.log(q, 2)))) + 1
qbytes = int(math.ceil(qbits / 8.0))
digest = hash_.digest()
# Discard empty leading bytes
start = 0
while digest[start] == b'\x00':
start += 1
digest = digest[start:start + qbytes]
return public_key.verify(bytes_to_long(digest), values)
else:
# TODO: complete this
raise ValueError
def sign_hash(pub_algorithm_type, secret_key, hash_, k=None):
if pub_algorithm_type in (1, 3):
# RSA
sig_string = PKCS1_v1_5.new(secret_key).sign(hash_)
return (bytes_to_long(sig_string),)
elif pub_algorithm_type == 20:
# ELG
# TODO: Should only be allowed for test purposes
if k is None:
while 1:
# This can be pretty darn slow
k = random.StrongRandom().randint(1, secret_key.p - 1)
if GCD(k, secret_key.p - 1) == 1:
break
print(k)
# TODO: Remove dependence on undocumented method
sig_string = PKCS1_v1_5.EMSA_PKCS1_V1_5_ENCODE(
hash_, secret_key.size())
return secret_key.sign(sig_string, k)
elif pub_algorithm_type == 17:
q = secret_key.q
qbits = int(math.floor(float(math.log(q, 2)))) + 1
qbytes = int(math.ceil(qbits / 8.0))
if k is None:
k = random.StrongRandom().randint(1, q - 1)
digest = hash_.digest()[:qbytes]
return secret_key.sign(bytes_to_long(digest), k)
else:
# TODO: complete
raise ValueError
def _verify_sign(self, public_key, sign_str, sign):
rsa_key = RSA.importKey(public_key)
signer = PKCS1_v1_5.new(rsa_key)
digest = SHA.new(sign_str)
if signer.verify(digest, base64.decodestring(sign)):
return True
return False
def post_results(self, url, content, sign_with=None):
'''Post the combined results back to the server.'''
endpoint = '%s/v1/results/' % url
headers = {'Content-type': 'application/json'}
data = json.dumps(content)
self.logger.debug('API request content: %s ' % content)
if sign_with:
data_hash = SHA256.new()
data_hash.update(data.encode('utf-8'))
with open(sign_with) as key_pair_file:
try:
key = RSA.importKey(key_pair_file.read())
except (IOError, ValueError) as e:
self.logger.info('Error during upload key pair %s'
'' % key_pair_file)
self.logger.exception(e)
return
signer = PKCS1_v1_5.new(key)
sign = signer.sign(data_hash)
headers['X-Signature'] = binascii.b2a_hex(sign)
headers['X-Public-Key'] = key.publickey().exportKey('OpenSSH')
try:
response = requests.post(endpoint,
data=data,
headers=headers,
verify=not self.args.insecure)
self.logger.info(endpoint + " Response: " + str(response.text))
except Exception as e:
self.logger.info('Failed to post %s - %s ' % (endpoint, e))
self.logger.exception(e)
return
if response.status_code == 201:
resp = response.json()
print 'Test results uploaded!\nURL: %s' % resp.get('url', '')
def check_signature(baseurl, signature, data, publickey=None):
if publickey == None:
if baseurl in publickeys:
publickey = base64.decodestring(publickeys[baseurl])
else:
print >>sys.stderr, "Public key for", baseurl, \
"not found, specify key file with --publickey"
# sys.exit(1)
raise Exception
(hash_alg, signature_alg, unpacked_signature) = decode_signature(signature)
assert hash_alg == 4, \
"hash_alg is %d, expected 4" % (hash_alg,) # sha256
assert (signature_alg == 3 or signature_alg == 1), \
"signature_alg is %d, expected 1 or 3" % (signature_alg,) # ecdsa
if signature_alg == 3:
vk = ecdsa.VerifyingKey.from_der(publickey)
vk.verify(unpacked_signature, data, hashfunc=hashlib.sha256,
sigdecode=ecdsa.util.sigdecode_der)
else:
h = SHA256.new(data)
rsa_key = RSA.importKey(publickey)
verifier = PKCS1_v1_5.new(rsa_key)
assert verifier.verify(h, unpacked_signature), \
"could not verify RSA signature"
def __init__(self, conf, state):
"""
conf -- dictionary with configuration variables
state -- class object with update() function
"""
self.logger = conf['log']
self.maxBal = -1
self.maxVBal = -1 # highest ballot voted in
self.maxVVal = None # value voted for maxVBal
self.avs = [] # msg dict keyed by value
self.seen = {} # 1b messages -> use to check if v is safe at b
self.bmsgs = [] # log of values in 2b messages sent by this instance
self.Q = None
with open(conf['keyfile'], 'r') as fh:
key = RSA.importKey(fh.read())
self.signer = PKCS1_v1_5.new(key)
# initialize localgroup
self.peers = GroupManager(conf)
self.peers.init_local_group()
self.state = state
#self.state.groups['G1'] = self.peers
self.ctx = get_ssl_context(conf['peer_certs'])
self.pending = None
def _sign_request(self, info, return_urls):
"""Create and sign payment request data."""
# Basic fields
fields = [('VK_SERVICE', u'1002'),
('VK_VERSION', u'008'),
('VK_SND_ID', self.user),
('VK_STAMP', '%d' % int(time())),
('VK_AMOUNT', info.amount),
('VK_CURR', u'EUR'),
('VK_REF', info.refnum),
('VK_MSG', info.message)]
# Check whether provider supplies extra fields
if hasattr(self, 'extra_fields'):
fields.extend(self.extra_fields)
## MAC calculation for request 1002
m = self._build_mac(('SERVICE', 'VERSION', 'SND_ID', 'STAMP', \
'AMOUNT', 'CURR', 'REF', 'MSG'), dict(fields))
# Append mac fields
fields.append(('VK_MAC', b64encode( \
PKCS1_v1_5.new(self.keychain.private_key)
.sign(SHA.new(m)))))
# Append return url field(s)
fields.append(('VK_RETURN', return_urls['return']))
return fields
def parse_response(self, form, success=True):
"""Parse and return payment response."""
fields = {
# Successful payment
'1101': ('SERVICE', 'VERSION', 'SND_ID', 'REC_ID', 'STAMP', # 1..5
'T_NO', 'AMOUNT', 'CURR', 'REC_ACC', 'REC_NAME', # 6..10
'SND_ACC', 'SND_NAME', 'REF', 'MSG', 'T_DATE'), # 11..15
# Unsuccessful payment
'1901': ('SERVICE', 'VERSION', 'SND_ID', 'REC_ID', 'STAMP', # 1..5
'REF', 'MSG') # 6..7
}
# See which response we got
resp = form.get('VK_SERVICE', None)
if not resp and resp not in fields:
raise InvalidResponseError
success = resp == '1101'
Random.atfork()
# Parse and validate MAC
m = self._build_mac(fields[resp], form)
f = lambda x: form.get('VK_%s' % x)
if not PKCS1_v1_5.new(self.keychain.public_key) \
.verify(SHA.new(m), b64decode(f('MAC'))):
raise InvalidResponseError
# Save payment data
data = {}
if success:
for item in ('T_NO', 'AMOUNT', 'CURR', 'REC_ACC', 'REC_NAME',
'SND_ACC', 'SND_NAME', 'REF', 'MSG', 'T_DATE'):
data[item] = f(item)
return PaymentResponse(self, data, success)
def sign_data(data, key_path):
with open(key_path, 'r') as f:
key = RSA.importKey(f.read())
signer = PKCS1_v1_5.new(key)
hash = SHA.new(data)
signature = signer.sign(hash)
return base64.b64encode(signature)
def verify_rsa_sha1(request, rsa_public_key):
"""Verify a RSASSA-PKCS #1 v1.5 base64 encoded signature.
Per `section 3.4.3`_ of the spec.
Note this method requires the PyCrypto library.
.. _`section 3.4.3`: http://tools.ietf.org/html/rfc5849#section-3.4.3
To satisfy `RFC2616 section 5.2`_ item 1, the request argument's uri
attribute MUST be an absolute URI whose netloc part identifies the
origin server or gateway on which the resource resides. Any Host
item of the request argument's headers dict attribute will be
ignored.
.. _`RFC2616 section 5.2`: http://tools.ietf.org/html/rfc2616#section-5.2
"""
from Crypto.PublicKey import RSA
from Crypto.Signature import PKCS1_v1_5
from Crypto.Hash import SHA
key = RSA.importKey(rsa_public_key)
norm_params = normalize_parameters(request.params)
uri = normalize_base_string_uri(request.uri)
message = construct_base_string(request.http_method, uri, norm_params)
h = SHA.new(message.encode('utf-8'))
p = PKCS1_v1_5.new(key)
sig = binascii.a2b_base64(request.signature.encode('utf-8'))
return p.verify(h, sig)
def sign(cls, string):
"""Returns the signature of a string.
This signature is generated using the singleton private key, then
base64-encoded. It's of the form expected by Google Cloud Storage query
string authentication. See
https://developers.google.com/storage/docs/accesscontrol#Signed-URLs.
"""
# All Google API keys have "notasecret" as their passphrase
value = cls.get_oauth()
if value is None: raise "Private key has not been set."
if handlers.is_production():
# TODO(nweiz): This currently doesn't work on the development server
# without adding 'AESCipher', 'blockalgo', and '_AES' to the
# __CRYPTO_CIPHER_ALLOWED_MODULES constant in
# google/appengine/tools/dev_appserver_import_hook.py. However, it
# does work in production, so to make it work locally, we just do a
# dumb hash of the private key and the string.
#
# See http://code.google.com/p/googleappengine/issues/detail?id=8188
key = RSA.importKey(value, passphrase='notasecret')
return base64.b64encode(PKCS1_v1_5.new(key).sign(SHA256.new(string)))
else:
m = hashlib.md5()
m.update(value)
m.update(string)
return base64.b64encode(m.digest())
def sign_file(f):
# TODO: For Part 2, you'll use public key crypto here
# The existing scheme just ensures the updates start with the line 'Caesar'
# This is naive -- replace it with something better!
# Generate key pairs
key = RSA.generate(2048)
# Export public key to file
export_pukey = key.publickey().exportKey('PEM')
publickey_file = open(os.path.join("pastebot.net", "publickey"), "wb")
publickey_file.write(export_pukey)
publickey_file.close()
# Create RSA object from public key
publickey_file = open(os.path.join("pastebot.net", "publickey"), "rb").read()
public_key = RSA.importKey(publickey_file)
# Hash message
hashed_m = SHA256.new(f)
# Encrypt message using public key
cipher = PKCS1_cipher.new(public_key)
ciphertext = cipher.encrypt(f+hashed_m.digest())
# Export private key to be prefixed to ciphertext
export_prkey = key.exportKey('PEM')
# Sign message using private key
prkey = RSA.importKey(export_prkey)
signer = PKCS1_v1_5.new(prkey)
signature = signer.sign(hashed_m)
# Return private key and ciphertext, as well as signature separately
return export_prkey + b"\n" + ciphertext, signature
from Crypto.PublicKey import RSA
from Crypto.Signature import PKCS1_v1_5
from Crypto.Hash import SHA
import base64
import sys
MovimientoId = sys.argv[1]
key = RSA.importKey(open("archivorsa" + MovimientoId + ".pem").read())
archivo = open("timbre" + MovimientoId + ".txt", "r")
message = archivo.read()
h = SHA.new(message)
p = PKCS1_v1_5.new(key)
signature = p.sign(h)
archivofirmado = open('timbrefirmado' + MovimientoId + '.txt', 'w')
archivofirmado.write(base64.b64encode(signature))
archivofirmado.close()
print "TIMBRE ELECTRONICO GENERADO"
def cmd_asydns(url, generate, revoke):
dotdir = Path.home() / '.asydns'
dotdir.mkdir(exist_ok=True)
pub_file = dotdir / 'rsa.pub'
key_file = dotdir / 'rsa.key'
if generate or not key_file.is_file():
print('Generating RSA key ...')
random_generator = Random.new().read
key = RSA.generate(2048, random_generator)
pub = key.publickey()
with key_file.open('w') as k:
k.write(key.exportKey('PEM').decode())
with pub_file.open('w') as p:
p.write(pub.exportKey('PEM').decode())
print('Loading RSA key ...')
with key_file.open() as k:
key = RSA.importKey(k.read())
with pub_file.open() as p:
pub = RSA.importKey(p.read())
r = requests.get(url + '/api')
if r.status_code != 200:
print('Error')
print(r.content.decode())
return False
j = r.json()
challenge = base64.b64decode(j['challenge'])
signer = PKCS1_v1_5.new(key)
response = signer.sign(SHA224.new(challenge))
response = base64.b64encode(response).decode()
if revoke:
r = requests.delete(url + '/api', json={'pub': pub.exportKey('PEM').decode(), 'challenge' : j['challenge'], 'response': response})
else:
r = requests.post(url + '/api', json={'pub': pub.exportKey('PEM').decode(), 'challenge' : j['challenge'], 'response': response})
print(r.request.headers)
print(r.request.body)
if r.status_code != 200:
print('Error')
print(r.content.decode())
return False
print(json.dumps(r.json(), indent=4))
return True
def signature(self, cleartext):
h = SHA256.new(cleartext)
signer = sig_pkcs.new(self.key)
signature = signer.sign(h)
return base64.b64encode(signature)
def query(action=None,
command=None,
args=None,
method='GET',
location=None,
data=None):
'''
Make a web call to Joyent
'''
user = config.get_cloud_config_value(
'user', get_configured_provider(), __opts__, search_global=False
)
if not user:
log.error('username is required for Joyent API requests. Please set one in your provider configuration')
password = config.get_cloud_config_value(
'password', get_configured_provider(), __opts__,
search_global=False
)
verify_ssl = config.get_cloud_config_value(
'verify_ssl', get_configured_provider(), __opts__,
search_global=False, default=True
)
ssh_keyfile = config.get_cloud_config_value(
'private_key', get_configured_provider(), __opts__,
search_global=False, default=True
)
if not ssh_keyfile:
log.error('ssh_keyfile is required for Joyent API requests. Please set one in your provider configuration')
ssh_keyname = config.get_cloud_config_value(
'keyname', get_configured_provider(), __opts__,
search_global=False, default=True
)
if not ssh_keyname:
log.error('ssh_keyname is required for Joyent API requests. Please set one in your provider configuration')
if not location:
location = get_location()
api_host_suffix = config.get_cloud_config_value(
'api_host_suffix', get_configured_provider(), __opts__,
search_global=False, default=JOYENT_API_HOST_SUFFIX
)
path = get_location_path(location=location, api_host_suffix=api_host_suffix)
if action:
path += action
if command:
path += '/{0}'.format(command)
log.debug('User: \'%s\' on PATH: %s', user, path)
if (not user) or (not ssh_keyfile) or (not ssh_keyname) or (not location):
return None
timenow = datetime.datetime.utcnow()
timestamp = timenow.strftime('%a, %d %b %Y %H:%M:%S %Z').strip()
rsa_key = salt.crypt.get_rsa_key(ssh_keyfile, None)
if HAS_M2:
md = EVP.MessageDigest('sha256')
md.update(timestamp.encode(__salt_system_encoding__))
digest = md.final()
signed = rsa_key.sign(digest, algo='sha256')
else:
rsa_ = PKCS1_v1_5.new(rsa_key)
hash_ = SHA256.new()
hash_.update(timestamp.encode(__salt_system_encoding__))
signed = rsa_.sign(hash_)
signed = base64.b64encode(signed)
keyid = '/{0}/keys/{1}'.format(user.split('/')[0], ssh_keyname)
headers = {
'Content-Type': 'application/json',
'Accept': 'application/json',
'X-Api-Version': JOYENT_API_VERSION,
'Date': timestamp,
'Authorization': 'Signature keyId="{0}",algorithm="rsa-sha256" {1}'.format(
keyid,
signed.decode(__salt_system_encoding__)
),
}
if not isinstance(args, dict):
args = {}
# post form data
if not data:
data = salt.utils.json.dumps({})
return_content = None
result = salt.utils.http.query(
path,
method,
params=args,
header_dict=headers,
data=data,
decode=False,
text=True,
status=True,
headers=True,
verify_ssl=verify_ssl,
opts=__opts__,
)
log.debug('Joyent Response Status Code: %s', result['status'])
if 'headers' not in result:
return [result['status'], result['error']]
if 'Content-Length' in result['headers']:
content = result['text']
return_content = salt.utils.yaml.safe_load(content)
return [result['status'], return_content]
def process_incoming_message(self, msg_raw, msg_id, owner_str):
'''
Process incoming messages
:param msg_raw: the raw message
:param msg_id: ID of the message
:param owner_str: user name of the user who posted the message
:param user_name: name of the current user
:param print_all: is the message part of the conversation history?
:return: None
'''
global state
user = self.manager.user_name
if user == self.owner and state == STARTED:
print "user STARTED"
#reply with nonce from other participants
cipher_STARTED = PKCS1_OAEP.new(self.private_key)
print msg_raw
print b64decode(msg_raw)
buf_STARTED = cipher_STARTED.decrypt(b64decode(msg_raw))
print "buf_STARTED: " + buf_STARTED
index = buf_STARTED.index('|')
buf_NAMES = buf_STARTED[:index]
nonce_STARTED = buf_STARTED[index + 1:]
if (owner_str + user) == buf_NAMES:
#correct response
#generate keys
session_key = SHA256.new(
self.user_public_key.publickey().exportKey())
session_key = session_key.hexdigest()
print session_key
mac_key = Random.get_random_bytes(32)
iv_GENERATED = Random.new().read(AES.block_size)
self.key_pair = [session_key, mac_key]
state = GENERATED
print "GENERATED"
else:
#print bad message (need to account for multiple participants TODO: use array!) state and nonce
print "Y U DO DIS"
return
#send keys
nonce_GENERATED = Random.new().read(16)
data = user.encode('utf-8') + "|" + b64encode(
nonce_GENERATED) + "|" + b64encode(
self.key_pair[0] + "|" +
self.key_pair[1]) + "|" + b64encode(iv_GENERATED)
#for loop through users state array if they are state == GENERATED then send them this message
user_index = self.list_of_users.index(owner_str)
cipher_GENERATED = PKCS1_OAEP.new(self.users_init[user_index])
encrypted_msg = cipher_GENERATED.encrypt(data.encode('utf-8'))
data2 = nonce_STARTED + encrypted_msg
#create sign
h = SHA256.new(data2)
signer = PKCS1_v1_5.new(self.private_key)
signed_data2 = b64encode(signer.sign(data2))
final_msg_GENERATED = nonce_STARTED + "|" + iv_GENERATED + "|" + encrypted_msg + "|" + signed_data2
print final_msg_GENERATED
self.manager.post_message_to_conversation(final_msg_GENERATED)
print "timer generated start"
#TODO
#start timer
timer_GENERATED = time.time()
#change state? in GENERATED right now
elif state == LISTENING: #not owner listening for initial msg
cipher1 = PKCS1_OAEP.new(self.private_key)
buf = b64decode(msg_raw)
decrypted_message = cipher1.decrypt(buf)
msg_check = self.owner + user
if decrypted_message != msg_check:
print "Invalid message"
return
#throw an exception?
else:
print "Valid message"
#generate Nonce
nonce_user = Random.new().read(16)
#reply_message = user.encode('utf-8') + self.owner.encode('utf-8') + "|".encode('utf-8') + nonce_user.encode('utf-8')
re0 = user.encode('utf-8')
print re0
re = self.owner.encode('utf-8')
print re
re2 = "|".encode('utf-8')
print re2
print b64encode(nonce_user)
re3 = b64encode(nonce_user) #.encode('utf-8')
reply_message = re0 + re + re2 + re3
print reply_message
pubkeystr = self.users_init[len(self.list_of_users) - 1]
print pubkeystr
#pubkey = RSA.importKey(pubkeystr)
cipher2 = PKCS1_OAEP.new(pubkeystr)
self.manager.post_message_to_conversation(
b64encode(cipher2.encrypt(reply_message)))
#self.process_outgoing_message(cipher2.encrypt(reply_message), True)
#TODO
self.timer_LISTENING = time.time()
#start a timer for key freshness
#change state
state = FIRST_NONCE
elif state == FIRST_NONCE:
#TODO
#receiving key message from the creator
# data = user.encode('utf-8') + "|" + b64encode(nonce_GENERATED)
#+ "|" + b64encode(self.key_pair[0] + "|" + self.key_pair[1]) + "|" + b64encode(iv_GENERATED)
timer_FIRST_NONCE = time.time()
if (timer_FIRST_NONCE - self.timer_LISTENING <= 60):
#check incoming nonce against nonce_user and make sure timer hasn't expired
print "FIRST_NONCE: " + msg_raw
msg_raw = b64decode(msg_raw)
nonce_index = msg_raw.index("|")
if (nonce_user == msg_raw[:nonce_index]):
#for i in range(nonce_index+1, len(msg_raw)):
msg = msg_raw[nonce_index + 1:]
index = msg.index("|")
#save the iv
iv_FIRST_NONCE = msg[:index]
msg = msg[index + 1:]
index = msg.index("|")
encrypted_msg = msg[:index]
signed_msg = msg[index + 1:]
#decrypt the third part of the message A |Na|K|IV with self.private_key
cipher_FIRST_NONCE = PKCS1_OAEP.new(self.private_key)
decrypted_FIRST_NONCE = cipher_FIRST_NONCE.decrypt(
encrypted_msg)
#check iv values
index = decrypted_FIRST_NONCE.index("|")
decrypted_user = decrypted_FIRST_NONCE[:index]
msg = decrypted_FIRST_NONCE[index + 1:]
index = msg.index("|")
decrypted_nonce = msg[:index]
msg = decrypted_FIRST_NONCE[index + 1:]
index = msg.index("|")
decrypted_key_pair = msg[:index]
decrypted_iv = msg[index + 1:]
#Check signature of last part of the message against hashed part of third part
#e.g. msg = A |Na|K|IV, h = SHA256.new(msg) == unsigned(signature) / maybe we use verify?
h = SHA256.new(nonce_user + encrypted_msg)
msg_owner = self.list_of_users.index(owner_str)
sign_check = PCKS1_v1_5.new(self.users_init[msg_owner])
if (sign_check.verify(h, b64decode(signed_msg))):
# now we have the new session key, iv and a nonce from the creator
if (iv_FIRST_NONCE == decrypted_iv):
self.iv = decrypted_iv
self.key_pair = decrypted_key_pair
# respond with E(B|NA|K)PuA , E(E(B|NA|K)PuA)PrB
# second part is signed of the first part
#change state to FINAL_CHECK
elif state == GENERATED:
print state
#TODO
# creator waiting for final response from participants
# parse msg = B |Na|K|
# check if Na == nonce_GENERATED for user B
#make sure nonce is received in enough time to be considered valid
# check if K = self.key_pair
#verify signature of second part of message
#state == VERIFIED
if state == KEY_READY: #we can probably make these the same
#TODO fix this not real message sending use key pair not RSA keys
kfile = open("user_" + user + "_privatekey.txt")
keystr = kfile.read()
kfile.close()
private_key = RSA.importKey(keystr)
cipher = PKCS1_OAEP.new(private_key)
plain_text = cipher.decrypt(msg_raw)
# print message and add it to the list of printed messages
self.print_message(msg_raw=decoded_msg, owner_str=owner_str)
from Util import PKCS1_pad as pad
def verify(s, m, n, e):
if pow(s, e, n) == pad(m):
return True
else:
return False
key = RSA.generate(1024)
message = "super important information for admin only"
h = SHA.new(message)
signer = RSAsign.new(key)
signature = signer.sign(h)
s = int(signature.encode("hex"), 16)
print "Welcome to admin's music portal.\nTo verify that you are the owner of this service\nsend the public key which will verify the following signature :\n"
print "Message ->", message
print
print "Signature ->", signature.encode("hex")
print
sys.stdout.flush()
n = long(raw_input("Enter n:"))
e = long(raw_input("Enter e:"))
from Crypto.Hash import MD5
from Crypto import Random
# 伪随机数生成器
random_generator = Random.new().read
# 生成2048比特秘钥对(pk, sk)
rsa = RSA.generate(2048, random_generator)
private_pem = rsa.exportKey()
with open('master-privatekey.pem', 'w') as f:
f.write(private_pem)
public_pem = rsa.publickey().exportKey()
with open('master-publickey.pem', 'w') as f:
f.write(public_pem)
message = '{"date":"Fri Jun 1 04:04:23 EDT 2018", "md5":"2d7aa5d9dbb7bad9774fd8df5e544838", "last":"v1", "sign":""}'
# 对消息进行签名
h = MD5.new(message)
private_key = RSA.importKey(open('master-privatekey.pem').read())
signer = PKCS1_v1_5.new(private_key)
signature = signer.sign(h)
# 对消息进行签名验证
h = MD5.new(message)
public_key = RSA.importKey(open('master-publickey.pem', 'r').read())
verifier = PKCS1_v1_5.new(public_key)
if verifier.verify(h, signature):
print "OK"
else:
print "Invalid Signature"
from BaseHTTPServer import BaseHTTPRequestHandler, HTTPServer
from urlparse import parse_qs
from Crypto.PublicKey import RSA
from Crypto.Signature import PKCS1_v1_5
from Crypto.Hash import SHA256
from base64 import b64encode, b64decode
# Get port number from 1st argument ...
port = int(sys.argv[1])
# ... and private key filename from 2nd
key_location = sys.argv[2]
# Create signer
rsakey = RSA.importKey(open(key_location, "r").read())
signer = PKCS1_v1_5.new(rsakey)
# Sign token
def get_signature(token):
digest = SHA256.new(token)
sign = signer.sign(digest)
return b64encode(sign)
# HTTP-request handler
class Handler(BaseHTTPRequestHandler):
# GET-request
def do_GET(self):
# Veriffy path
if self.path.find('/js/token-signer.js?token=') != 0:
print 'wrong path'
self.send_response(400)
def verify_with_RSA(username, msg, signature):
key = get_pub_key(username)
signer = PKCS1_v1_5.new(key)
return signer.verify(mac_sha256(msg), signature)
def sign_transaction(owner, transaction):
pr = RSA.importKey(
binascii.unhexlify(base58_to_base16(read_keys(owner)['private_key'])))
h = SHA256.new(owner.encode())
signature = PKCS1_v1_5.new(pr).sign(h)
return base16_to_base58(binascii.hexlify(signature).decode('ascii'))
import re
from Crypto.Signature import PKCS1_v1_5
from Crypto.PublicKey import RSA
from Crypto.Hash import SHA256
from flask import g, request
import jwt
from .config import Config
from .errors import PermissionsError
from logs import get_logger
logger = get_logger(__name__)
jwt.verify_methods['SHA256WITHRSA'] = (
lambda msg, key, sig: PKCS1_v1_5.new(key).verify(SHA256.new(msg), sig))
jwt.prepare_key_methods['SHA256WITHRSA'] = jwt.prepare_RS_key
def get_pub_key():
pub_key = Config.get('web', 'apim_public_key')
return RSA.importKey(base64.b64decode(pub_key))
TOKEN_RE = re.compile('Bearer (.+)')
def get_pub_key():
pub_key = Config.get('web', 'apim_public_key')
return RSA.importKey(base64.b64decode(pub_key))
def send(amount_input, recipient_input, keep_input, openfield_input):
try:
key
except:
top5 = Toplevel()
top5.title("Locked")
Label(top5, text="Wallet is locked", width=20).grid(row=0, pady=0)
done = Button(top5, text="Cancel", command=top5.destroy)
done.grid(row=1, column=0, sticky=W + E, padx=15, pady=(5, 5))
app_log.warning("Received tx command")
try:
float(amount_input)
except:
top7 = Toplevel()
top7.title("Invalid amount")
Label(top7, text="Amount must be a number", width=20).grid(row=0, pady=0)
done = Button(top7, text="Cancel", command=top7.destroy)
done.grid(row=1, column=0, sticky=W + E, padx=15, pady=(5, 5))
if encode_var.get() == 1:
openfield_input = str(base64.b64encode(openfield_input))
# alias check
if alias_cb_var.get() == 1:
conn = sqlite3.connect('static/ledger.db')
conn.text_factory = str
c = conn.cursor()
c.execute("SELECT address FROM transactions WHERE openfield = ? ORDER BY block_height ASC, timestamp ASC LIMIT 1;",("alias="+recipient_input,)) #asc for first entry
recipient_input = c.fetchone()[0]
conn.close()
app_log.warning("Fetched the following alias recipient: {}".format(recipient_input))
# alias check
if len(recipient_input) != 56:
top6 = Toplevel()
top6.title("Invalid address")
Label(top6, text="Wrong address length", width=20).grid(row=0, pady=0)
done = Button(top6, text="Cancel", command=top6.destroy)
done.grid(row=1, column=0, sticky=W + E, padx=15, pady=(5, 5))
else:
app_log.warning("Amount: {}".format(amount_input))
app_log.warning("Recipient: {}".format(recipient_input))
app_log.warning("Keep Forever: {}".format(keep_input))
app_log.warning("OpenField Data: {}".format(openfield_input))
timestamp = '%.2f' % time.time()
transaction = (timestamp,address,recipient_input, '%.8f' % float(amount_input),keep_input,openfield_input) #this is signed
#print transaction
h = SHA.new(str(transaction))
signer = PKCS1_v1_5.new(key)
signature = signer.sign(h)
signature_enc = base64.b64encode(signature)
app_log.warning("Client: Encoded Signature: {}".format(signature_enc))
verifier = PKCS1_v1_5.new(key)
if verifier.verify(h, signature) == True:
if float(amount_input) < 0:
app_log.warning("Client: Signature OK, but cannot use negative amounts")
elif (float(amount_input) > float(balance)):
app_log.warning("Mempool: Sending more than owned")
else:
app_log.warning("Client: The signature is valid, proceeding to save transaction, signature, new txhash and the public key to mempool")
mempool = sqlite3.connect('mempool.db')
mempool.text_factory = str
m = mempool.cursor()
m.execute("INSERT INTO transactions VALUES (?,?,?,?,?,?,?,?)",(timestamp, address, recipient_input, '%.8f' % float(amount_input),signature_enc, public_key_hashed, keep_input, openfield_input))
mempool.commit() # Save (commit) the changes
mempool.close()
app_log.warning("Client: Mempool updated with a received transaction")
#refresh() experimentally disabled
else:
app_log.warning("Client: Invalid signature")
#enter transaction end
refresh()
def verify_transaction(transaction):
public_key = RSA.importKey(binascii.unhexlify(transaction.sender))
verifier = signer_alg.new(public_key)
h = SHA256.new((str(transaction.sender) + str(transaction.recipient) + str(transaction.amount)).encode('utf8'))
return verifier.verify(h, binascii.unhexlify(transaction.signature))
def assina(privada, receita):
h = SHA256.new(receita)
rsa = RSA.importKey(privada)
signer = PKCS1_v1_5.new(rsa)
signature = signer.sign(h)
return signature
is_float = 1
except ValueError:
is_float = 0
exit(1)
if len(str(recipient_input)) != 56:
print("Wrong address length")
else:
timestamp = '%.2f' % time.time()
transaction = (str(timestamp), str(address), str(recipient_input),
'%.8f' % float(amount_input), str(operation_input),
str(openfield_input)) # this is signed
# print transaction
h = SHA.new(str(transaction).encode("utf-8"))
signer = PKCS1_v1_5.new(key)
signature = signer.sign(h)
signature_enc = base64.b64encode(signature)
txid = signature_enc[:56]
print("Encoded Signature: %s" % signature_enc.decode("utf-8"))
print("Transaction ID: %s" % txid.decode("utf-8"))
verifier = PKCS1_v1_5.new(key)
if verifier.verify(h, signature):
if float(amount_input) < 0:
print("Signature OK, but cannot use negative amounts")
elif float(amount_input) + float(fee) > float(balance):
print("Mempool: Sending more than owned")
def begin_auth(self):
# Deal with the beginning authentication
try:
self.read += self.recv(2048)
#print("CALL AUTH")
if b'\r\n' in self.read:
authdata = self.read.split(b'\r\n')
#print (authdata)
# print(self.ctl.main_pw)
signature = authdata[0]
# TODO: fix an error in int(signature,16)
try:
signer = PKCS1_v1_5.new(self.ctl.serverpub)
h = SHA256.new(self.ctl.main_pw)
verify = signer.verify(h, signature)
except ValueError:
logging.debug("ValueError captured at server.py line 165")
verify = False
if not verify:
logging.warning(
"Authentication failed, socket closing, case 1")
self.close()
else:
try:
auth_cipher = PKCS_Cipher.new(self.ctl.clientpri)
sentinel = Random.new().read(32)
message = auth_cipher.decrypt(authdata[1], sentinel)
if len(message) != 16:
raise ValueError
self.cipher = AESCipher(
message, self.ctl.main_pw)
oldCipher = AESCipher_old(
message, self.ctl.main_pw)
self.full = False
idchar = authdata[2].decode('utf-8')
self.i = int(idchar)
self.ctl.newconn(self)
logging.debug(
"Authentication succeed, connection established")
self.send(
oldCipher.encrypt(b"2AUTHENTICATED" + authdata[2]))
self.read = None
except IOError:
# TODO: figure out why
logging.warning(
"Authentication failed, socket closing, , case 2")
self.handle_close()
else:
if len(self.read) == 0:
self.no_data_count += 1
except BlockingIOError:
pass
except socket.error:
logging.info("empty recv error")
except Exception as err:
raise err
logging.error(
"Authentication failed, due to error, socket closing")
self.close()
text = response.text
ext = "access_token"
end = " }"
TokName = "Bearer " + text[text.find(ext) + 16:text.find(end) - 13]
#print(TokName) print the bearer token
#Generating Signature
message = sig.encode(
'utf-8') # See separate instruction on how to create this concatenation
digest = SHA256.new()
digest.update(message)
private_key = False
with open("privatekey.pem", "r") as myfile:
private_key = RSA.importKey(myfile.read())
signer = PKCS1_v1_5.new(private_key)
sigBytes = signer.sign(digest)
signBase64 = b64encode(sigBytes)
#print(signBase64) Print the signature
#Sending money
url = "https://uat.jengahq.io/transaction/v2/remittance"
headers = {
'Authorization': TokName,
'content-type': "application/json",
'signature': signBase64
}
payload = {
"source": {
def sign_transaction(self, sender, recipient, amount):
# sign every transaction of current wallet owner
signer = signer_alg.new(RSA.importKey(binascii.unhexlify(self.private_key)))
h = SHA256.new((str(sender) + str(recipient) + str(amount)).encode('utf8'))
signature = signer.sign(h)
return binascii.hexlify(signature).decode('ascii')
def get_verifier(pubkey):
src = crypto.dump_privatekey(crypto.FILETYPE_ASN1, pubkey)
pub_der = DerSequence()
pub_der.decode(src)
key = RSA.construct((long(pub_der._seq[1]), long(pub_der._seq[2])))
return PKCS1_v1_5.new(key)
def sign_transaction(self):
private_key = RSA.importKey(binascii.unhexlify(
self.sender_private_key))
signer = PKCS1_v1_5.new(private_key)
h = SHA.new(str(self.to_dict()).encode('utf8'))
return binascii.hexlify(signer.sign(h)).decode('ascii')
def rsa_verify(s, key, sig, mod=SHA256):
key = RSA.importKey(key)
hash = mod.new(s)
return PKCS1_v1_5_SIG.new(key).verify(hash, sig)
from Crypto.PublicKey import RSA
from Crypto.Hash import SHA256
from Crypto.Signature import PKCS1_v1_5
# Get the data to be signed
with open('message.txt', 'rb') as reader:
message = reader.read()
hashed = SHA256.new(message)
# Reading the private key to sign
private_key = RSA.import_key(open('rsa_private.pem').read())
# Signing and saving
signature = PKCS1_v1_5.new(private_key).sign(hashed)
with open('message.sig', 'wb') as sigfile:
sigfile.write(signature)
# print(signature)
def query(action=None,
command=None,
args=None,
method='GET',
location=None,
data=None):
'''
Make a web call to Joyent
'''
user = config.get_cloud_config_value(
'user', get_configured_provider(), __opts__, search_global=False
)
password = config.get_cloud_config_value(
'password', get_configured_provider(), __opts__,
search_global=False
)
verify_ssl = config.get_cloud_config_value(
'verify_ssl', get_configured_provider(), __opts__,
search_global=False, default=True
)
ssh_keyfile = config.get_cloud_config_value(
'private_key', get_configured_provider(), __opts__,
search_global=False, default=True
)
ssh_keyname = config.get_cloud_config_value(
'keyname', get_configured_provider(), __opts__,
search_global=False, default=True
)
if not location:
location = get_location()
api_host_suffix = config.get_cloud_config_value(
'api_host_suffix', get_configured_provider(), __opts__,
search_global=False, default=JOYENT_API_HOST_SUFFIX
)
path = get_location_path(location=location, api_host_suffix=api_host_suffix)
if action:
path += action
if command:
path += '/{0}'.format(command)
log.debug('User: {0!r} on PATH: {1}'.format(user, path))
timenow = datetime.datetime.utcnow()
timestamp = timenow.strftime('%a, %d %b %Y %H:%M:%S %Z').strip()
with salt.utils.fopen(ssh_keyfile, 'r') as kh_:
rsa_key = RSA.importKey(kh_)
rsa_ = PKCS1_v1_5.new(rsa_key)
hash_ = SHA256.new()
hash_.update(timestamp)
signed = base64.b64encode(rsa_.sign(hash_))
keyid = '/{0}/keys/{1}'.format(user, ssh_keyname)
headers = {
'Content-Type': 'application/json',
'Accept': 'application/json',
'X-Api-Version': JOYENT_API_VERSION,
'Date': timestamp,
'Authorization': 'Signature keyId="{0}",algorithm="rsa-sha256" {1}'.format(
keyid,
signed
),
}
if not isinstance(args, dict):
args = {}
# post form data
if not data:
data = json.dumps({})
return_content = None
result = salt.utils.http.query(
path,
method,
params=args,
header_dict=headers,
data=data,
decode=False,
text=True,
status=True,
headers=True,
verify=verify_ssl,
opts=__opts__,
)
log.debug(
'Joyent Response Status Code: {0}'.format(
result['status']
)
)
if 'Content-Length' in result['headers']:
content = result['text']
return_content = yaml.safe_load(content)
return [result['status'], return_content]
def rsa_sign(s, key, mod=SHA256):
key = RSA.importKey(key)
hash = mod.new(s)
return PKCS1_v1_5_SIG.new(key).sign(hash)
def GetSigner(self):
"""Returns a PKCS1-V1_5 object for signing."""
return PKCS1_v1_5.new(self.GetPrivateKey())
def verificar_tx(transacao):
chave_publica = RSA.importKey(binascii.unhexlify(transacao.pagador))
verificar = PKCS1_v1_5.new(chave_publica)
h = SHA256.new((str(transacao.pagador) + str(transacao.recebedor) +
str(transacao.valor)).encode('utf8'))
return verificar.verify(h, binascii.unhexlify(transacao.assinatura))
def sign(self):
private_key = RSA.importKey(binascii.unhexlify(self._sender_private_key))
signer = PKCS1_v1_5.new(private_key)
hash_from_sign = SHA.new(str(self.to_dict()).encode('utf-8'))
return binascii.hexlify(signer.sign(hash_from_sign)).decode('ascii')
def get_signature(key, data):
return PKCS1_v1_5.new(key).sign(SHA.new(data))
def verify_transaction(owner, signature):
pk = RSA.importKey(
binascii.unhexlify(base58_to_base16(read_keys(owner)['public_key'])))
h = SHA256.new(owner.encode())
verifier = PKCS1_v1_5.new(pk)
return verifier.verify(h, binascii.unhexlify(base58_to_base16(signature)))
from Crypto.PublicKey import RSA
from Crypto.Signature import PKCS1_v1_5
from Crypto.Hash import SHA256
import paintings
from user_agents import USER_AGENTS
OK, CORRUPT, MUMBLE, DOWN, CHECKER_ERROR = 101, 102, 103, 104, 110
PORT = 80
TIMEOUT = 3
SCRIPT_PATH = pathlib.Path(__file__).parent
signer = PKCS1_v1_5.new(RSA.importKey(open("private.pem").read()))
def get_team_num(host):
m = re.search(r"\d+\.\d+\.(\d+)\.\d+", host)
if not m:
return None
return m.group(1)
def parse_jpg_bytes(body):
try:
painting = PIL.Image.open(BytesIO(body))
except Exception as e:
return None
