def test_ed25519_unsupported(backend): with raises_unsupported_algorithm( _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM ): Ed25519PublicKey.from_public_bytes(b"0" * 32) with raises_unsupported_algorithm( _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM ): Ed25519PrivateKey.from_private_bytes(b"0" * 32) with raises_unsupported_algorithm( _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM ): Ed25519PrivateKey.generate()
def __init__(self): self.private_handshake_key = X25519PrivateKey.generate() self.public_handshake_key = self.private_handshake_key.public_key() self.private_key = Ed25519PrivateKey.generate() self.public_key = self.private_key.public_key() self.data = "data".encode('utf8')
def private_key_bytes(private_key: Ed25519PrivateKey) -> bytes: """convert cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PrivateKey into raw bytes""" return private_key.private_bytes( encoding=serialization.Encoding.Raw, format=serialization.PrivateFormat.Raw, encryption_algorithm=serialization.NoEncryption(), )
def create_signing_keypair(): """ Creates a new ed25519 keypair. :returns: 2-tuple of (private_key, public_key) """ private_key = Ed25519PrivateKey.generate() return private_key, private_key.public_key()
def generate_test_keys(): private_key = Ed25519PrivateKey.generate() public_key = private_key.public_key() public_key_bytes = public_key.public_bytes( encoding=serialization.Encoding.Raw, format=serialization.PublicFormat.Raw) public_address = remove_0x_prefix(to_hex(public_key_bytes)) return private_key, public_address
def test_buffer_protocol(self, backend): private_bytes = os.urandom(32) key = Ed25519PrivateKey.from_private_bytes(bytearray(private_bytes)) assert key.private_bytes( serialization.Encoding.Raw, serialization.PrivateFormat.Raw, serialization.NoEncryption() ) == private_bytes
def test_invalid_signature(self, backend): key = Ed25519PrivateKey.generate() signature = key.sign(b"test data") with pytest.raises(InvalidSignature): key.public_key().verify(signature, b"wrong data") with pytest.raises(InvalidSignature): key.public_key().verify(b"0" * 64, b"test data")
def _get_key_pair_from_sk( sk: ed25519.Ed25519PrivateKey) -> typing.Tuple[bytes, bytes]: """Returns key pair from a signing key. """ pk = sk.public_key() return \ sk.private_bytes( encoding=serialization.Encoding.Raw, format=serialization.PrivateFormat.Raw, encryption_algorithm=serialization.NoEncryption() ), \ pk.public_bytes( encoding=serialization.Encoding.Raw, format=serialization.PublicFormat.Raw )
def test_invalid_signature(self, backend): key = Ed25519PrivateKey.generate() signature = key.sign(b"test data") with pytest.raises(InvalidSignature): key.public_key().verify(signature, b"wrong data") with pytest.raises(InvalidSignature): key.public_key().verify(b"0" * 64, b"test data")
def test_buffer_protocol(self, backend): private_bytes = os.urandom(32) key = Ed25519PrivateKey.from_private_bytes(bytearray(private_bytes)) assert (key.private_bytes( serialization.Encoding.Raw, serialization.PrivateFormat.Raw, serialization.NoEncryption(), ) == private_bytes)
def sign(cls, key: 'OKP', data: bytes) -> bytes: if key.crv.fullname == 'ED25519': sk = Ed25519PrivateKey.from_private_bytes(key.d) elif key.crv.fullname == 'ED448': sk = Ed448PrivateKey.from_private_bytes(key.d) else: raise CoseException(f"Illegal curve for OKP singing: {key.crv}") return sk.sign(data)
def _generate_keys(self): privkey = Ed25519PrivateKey.generate() pubkey = privkey.public_key() self.event.settings.ticket_secrets_pretix_sig1_privkey = base64.b64encode( privkey.private_bytes(Encoding.PEM, PrivateFormat.PKCS8, NoEncryption())).decode() self.event.settings.ticket_secrets_pretix_sig1_pubkey = base64.b64encode( pubkey.public_bytes(Encoding.PEM, PublicFormat.SubjectPublicKeyInfo)).decode()
def test_load_public_bytes(self, backend): public_key = Ed25519PrivateKey.generate().public_key() public_bytes = public_key.public_bytes( serialization.Encoding.Raw, serialization.PublicFormat.Raw ) public_key2 = Ed25519PublicKey.from_public_bytes(public_bytes) assert public_bytes == public_key2.public_bytes( serialization.Encoding.Raw, serialization.PublicFormat.Raw )
def loadKey(self, data): self.private_key = Ed25519PrivateKey.from_private_bytes( bytes.fromhex(data['private_key'])) self.public_key_bytes = bytes.fromhex(data['public_key']) self.public_key = Ed25519PublicKey.from_public_bytes( self.public_key_bytes) self.nid = bytes.fromhex(data['myNID']) self.rsa_private_key = rsa.generate_private_key(public_exponent=65537, key_size=2048)
def init_compliance_keys(self) -> jsonrpc.Transaction: self.compliance_key = Ed25519PrivateKey.generate() txn = self.create_transaction( self._parent_vasp, stdlib.encode_rotate_dual_attestation_info_script( new_url=b"http://helloworld.org", new_key=utils.public_key_bytes(self.compliance_key.public_key()) ), testnet.TEST_CURRENCY_CODE, ) return self.submit_and_wait(self._parent_vasp.sign(txn))
def create_private_key(private_key_filename='key.pem', passphrase=None): """ Create a new private key and store it in private_key_filename (defaults to 'key.pem', may be None for no file). Return public key """ private_key = PrivateKey.generate() if private_key_filename: write_private_key(private_key, private_key_filename, passphrase) return private_key
def sign_bytes(private_key: Ed25519PrivateKey, digest: bytes) -> bytes: """ Signs bytest with passed Ed25519PrivateKey. Args: private_key (Ed25519PrivateKey): Signing Key. digest (bytes): Bytes to sign. Returns: bytes: Signature. """ return private_key.sign(digest)
def public_key_from_private( private_key: Ed25519PrivateKey) -> Ed25519PublicKey: """ Returns the corresponding Ed25519PublicKey for a Ed25519PrivateKey Args: private_key (Ed25519PrivateKey): Private key. Returns: Ed25519PublicKey: Public key. """ return private_key.public_key()
def get_test_account(): private_key = Ed25519PrivateKey.from_private_bytes( to_bytes(PRIVATE_TEST_KEY)) public_key = private_key.public_key() public_key_bytes = public_key.public_bytes( encoding=serialization.Encoding.Raw, format=serialization.PublicFormat.Raw) public_address = remove_0x_prefix(to_hex(public_key_bytes)) assert (public_address == PUBLIC_ADDRESS) return private_key, public_address
def __init__(self, private_key: Ed25519PrivateKey, domain: str = CORD_DOMAIN): self.private_key: Ed25519PrivateKey = private_key self.public_key: Ed25519PublicKey = private_key.public_key() self._public_key_hex: str = self.public_key.public_bytes( Encoding.Raw, PublicFormat.Raw).hex() self.domain = domain endpoint = domain + CORD_PUBLIC_USER_PATH super().__init__(endpoint)
def test_sign_verify_input(self, vector, backend): sk = binascii.unhexlify(vector["secret_key"]) pk = binascii.unhexlify(vector["public_key"]) message = binascii.unhexlify(vector["message"]) signature = binascii.unhexlify(vector["signature"]) private_key = Ed25519PrivateKey.from_private_bytes(sk) computed_sig = private_key.sign(message) assert computed_sig == signature public_key = private_key.public_key() assert (public_key.public_bytes(serialization.Encoding.Raw, serialization.PublicFormat.Raw) == pk) public_key.verify(signature, message)
def main(): if len(sys.argv) != 2: print("usage: gen_key.py <secret filename>") sys.exit(1) pk = Ed25519PrivateKey.generate() pem = pk.private_bytes(encoding=Encoding.PEM, format=PrivateFormat.PKCS8, encryption_algorithm=NoEncryption()) with open(sys.argv[1], "wb") as f: f.write(pem)
def __init__(self, shop_id=None, priv_key=None): self._priv_key = priv_key if priv_key else Ed25519PrivateKey.generate() self._cup_signature = None self._signing_shop = Shop(shop_id) cup_id_digest = hashes.Hash(hashes.SHAKE128(16), backend=default_backend()) cup_id_digest.update( self.pub_key.public_bytes(Encoding.PEM, PublicFormat.SubjectPublicKeyInfo)) self._cup_id: bytes = cup_id_digest.finalize()
def loadKey(data): private_bytes = data['private'] private_key = Ed25519PrivateKey.from_private_bytes( bytes.fromhex(data['private'])) public_bytes = data['public'] public_key = Ed25519PublicKey.from_public_bytes( bytes.fromhex(data['public'])) nid = data['nid'] print('私钥', private_bytes) print('公钥', public_bytes) print('nid ', nid) return private_key, public_key, nid
def test_sign_verify_input(self, vector, backend): sk = binascii.unhexlify(vector["secret_key"]) pk = binascii.unhexlify(vector["public_key"]) message = binascii.unhexlify(vector["message"]) signature = binascii.unhexlify(vector["signature"]) private_key = Ed25519PrivateKey.from_private_bytes(sk) computed_sig = private_key.sign(message) assert computed_sig == signature public_key = private_key.public_key() assert public_key.public_bytes( serialization.Encoding.Raw, serialization.PublicFormat.Raw ) == pk public_key.verify(signature, message)
def test_invalid_public_bytes(self, backend): key = Ed25519PrivateKey.generate().public_key() with pytest.raises(ValueError): key.public_bytes(serialization.Encoding.Raw, serialization.PublicFormat.SubjectPublicKeyInfo) with pytest.raises(ValueError): key.public_bytes(serialization.Encoding.PEM, serialization.PublicFormat.PKCS1) with pytest.raises(ValueError): key.public_bytes(serialization.Encoding.PEM, serialization.PublicFormat.Raw)
def load_v3_master_key(self, master_key_path): if master_key_path: # load key from file return self._load_v3_master_key_from_file(master_key_path) else: # generate new v3 key master_private_key = Ed25519PrivateKey.generate() master_public_key = master_private_key.public_key() master_pub_key_bytes = master_public_key.public_bytes(encoding=serialization.Encoding.Raw, format=serialization.PublicFormat.Raw) master_onion_address = HiddenServiceDescriptorV3.address_from_identity_key(master_pub_key_bytes) # cut out the onion since that's what the rest of the code expects master_onion_address = master_onion_address.replace(".onion", "") return master_private_key, master_onion_address
def main(): # generate private key private_key = Ed25519PrivateKey.generate() # generate auth key auth_key = AuthKey.from_public_key(private_key.public_key()) print( f"Generated address: {utils.account_address_hex(auth_key.account_address())}" ) print(f"Auth Key (HEX): {auth_key.hex()}") print( f"Public key (HEX): {utils.public_key_bytes(private_key.public_key()).hex()}" )
def signing_keypair_from_string(private_key_bytes): """ Load a signing keypair from a string of bytes (which includes the PRIVATE_KEY_PREFIX) :returns: a 2-tuple of (private_key, public_key) """ if not isinstance(private_key_bytes, six.binary_type): raise ValueError('private_key_bytes must be bytes') private_key = Ed25519PrivateKey.from_private_bytes( a2b(remove_prefix(private_key_bytes, PRIVATE_KEY_PREFIX))) return private_key, private_key.public_key()
def test_invalid_private_bytes(self, backend): key = Ed25519PrivateKey.generate() with pytest.raises(ValueError): key.private_bytes(serialization.Encoding.Raw, serialization.PrivateFormat.Raw, None) with pytest.raises(ValueError): key.private_bytes(serialization.Encoding.Raw, serialization.PrivateFormat.PKCS8, None) with pytest.raises(ValueError): key.private_bytes(serialization.Encoding.PEM, serialization.PrivateFormat.Raw, serialization.NoEncryption())
def new_child_vasp( self, initial_balance: int, currency: str ) -> Tuple["LocalAccount", diem_types.TransactionPayload]: """Creates a new ChildVASP local account and script function""" child_vasp = replace(self, private_key=Ed25519PrivateKey.generate()) payload = stdlib.encode_create_child_vasp_account_script_function( coin_type=utils.currency_code(currency), child_address=child_vasp.account_address, auth_key_prefix=child_vasp.auth_key.prefix(), add_all_currencies=False, child_initial_balance=initial_balance, ) return (child_vasp, payload)
def ed25519_private_key_from_string(string): """Create an ed25519 private key from ``string``, which is a seed. Args: string (str): the string to use as a seed. Returns: Ed25519PrivateKey: the private key """ try: return Ed25519PrivateKey.from_private_bytes(base64.b64decode(string)) except (UnsupportedAlgorithm, Base64Error) as exc: raise ScriptWorkerEd25519Error("Can't create Ed25519PrivateKey: {}!".format(str(exc)))
def from_dict(dic: Dict[str, str]) -> "LocalAccount": """from a dict that is created by LocalAccount#to_dict The private_key and compliance_key values are hex-encoded bytes; they will be loaded by `Ed25519PrivateKey.from_private_bytes`. """ dic = copy(dic) for name in ["private_key", "compliance_key"]: if name not in dic: continue key = dic[name] dic[name] = Ed25519PrivateKey.from_private_bytes(bytes.fromhex(key)) return LocalAccount(**dic) # pyre-ignore
def _get_key_pair(pvk: ed25519.Ed25519PrivateKey, encoding: KeyEncoding) -> typing.Tuple[str, str]: """Maps private key to an encoded key pair. """ pbk = pvk.public_key() # PEM. if encoding == KeyEncoding.PEM: return \ pvk.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.PKCS8, encryption_algorithm=serialization.NoEncryption() ), \ pbk.public_bytes( encoding=serialization.Encoding.PEM, format=serialization.PublicFormat.SubjectPublicKeyInfo ) # Encode -> bytes. pvk = pvk.private_bytes( encoding=serialization.Encoding.Raw, format=serialization.PrivateFormat.Raw, encryption_algorithm=serialization.NoEncryption() ) pbk = pbk.public_bytes( encoding=serialization.Encoding.Raw, format=serialization.PublicFormat.Raw ) # HEX. if encoding == KeyEncoding.HEX: return pvk.hex(), pbk.hex() # BYTES. return pvk, pbk
def ed25519_private_key_from_string(string): """Create an ed25519 private key from ``string``, which is a seed. Args: string (str): the string to use as a seed. Returns: Ed25519PrivateKey: the private key """ try: return Ed25519PrivateKey.from_private_bytes( base64.b64decode(string) ) except (UnsupportedAlgorithm, Base64Error) as exc: raise ScriptWorkerEd25519Error("Can't create Ed25519PrivateKey: {}!".format(str(exc)))
def test_invalid_public_bytes(self, backend): key = Ed25519PrivateKey.generate().public_key() with pytest.raises(ValueError): key.public_bytes( serialization.Encoding.Raw, serialization.PublicFormat.SubjectPublicKeyInfo ) with pytest.raises(ValueError): key.public_bytes( serialization.Encoding.PEM, serialization.PublicFormat.PKCS1 ) with pytest.raises(ValueError): key.public_bytes( serialization.Encoding.PEM, serialization.PublicFormat.Raw )
def test_invalid_private_bytes(self, backend): key = Ed25519PrivateKey.generate() with pytest.raises(ValueError): key.private_bytes( serialization.Encoding.Raw, serialization.PrivateFormat.Raw, None ) with pytest.raises(ValueError): key.private_bytes( serialization.Encoding.Raw, serialization.PrivateFormat.PKCS8, None ) with pytest.raises(ValueError): key.private_bytes( serialization.Encoding.PEM, serialization.PrivateFormat.Raw, serialization.NoEncryption() )
def private_key_from_string(key_str): """Create an Ed25519PrivateKey from a base64-encoded string.""" return Ed25519PrivateKey.from_private_bytes( base64.b64decode(key_str) )
)).decode('utf-8') def b64_from_public_key(key): """Get the base64 string from an Ed25519PublicKey.""" return base64.b64encode(key.public_bytes( encoding=serialization.Encoding.Raw, format=serialization.PublicFormat.Raw, )).decode('utf-8') prefix = "" if len(sys.argv) > 1: prefix = "{}_".format(sys.argv[1]) privkey = Ed25519PrivateKey.generate() pubkey = privkey.public_key() privkey_str = b64_from_private_key(privkey) pubkey_str = b64_from_public_key(pubkey) # test privkey2 = private_key_from_string(privkey_str) pubkey2 = public_key_from_string(pubkey_str) assert b64_from_private_key(privkey2) == privkey_str assert b64_from_public_key(pubkey2) == pubkey_str with open("{}private_key".format(prefix), "w") as fh: fh.write(privkey_str) with open("{}public_key".format(prefix), "w") as fh: fh.write(pubkey_str)
def test_generate(self, backend): key = Ed25519PrivateKey.generate() assert key assert key.public_key()
def test_invalid_type_private_bytes(self, backend): with pytest.raises(TypeError): Ed25519PrivateKey.from_private_bytes(object())
def test_invalid_length_from_private_bytes(self, backend): with pytest.raises(ValueError): Ed25519PrivateKey.from_private_bytes(b"a" * 31) with pytest.raises(ValueError): Ed25519PrivateKey.from_private_bytes(b"a" * 33)
def test_round_trip_private_serialization(self, encoding, fmt, encryption, passwd, load_func, backend): key = Ed25519PrivateKey.generate() serialized = key.private_bytes(encoding, fmt, encryption) loaded_key = load_func(serialized, passwd, backend) assert isinstance(loaded_key, Ed25519PrivateKey)