# which are the individual ciphertexts.
data = msgpack.load(open("heart_data.msgpack", "rb"), raw=False)
message_kits = (UmbralMessageKit.from_bytes(k) for k in data['kits'])
# The doctor also needs to create a view of the Data Source from its public keys
data_source = DataSource.from_public_keys(
policy_public_key=policy_pubkey,
datasource_public_key=data['data_source'],
label=label)
# Now he can ask the NuCypher network to get a re-encrypted version of each MessageKit.
for message_kit in message_kits:
try:
start = timer()
retrieved_plaintexts = doctor.retrieve(
message_kit=message_kit,
data_source=data_source,
alice_verifying_key=alices_sig_pubkey)
end = timer()
plaintext = msgpack.loads(retrieved_plaintexts[0], raw=False)
# Now we can get the heart rate and the associated timestamp,
# generated by the heart rate monitor.
heart_rate = plaintext['heart_rate']
timestamp = maya.MayaDT(plaintext['timestamp'])
# This code block simply pretty prints the heart rate info
terminal_size = shutil.get_terminal_size().columns
max_width = min(terminal_size, 120)
columns = max_width - 12 - 27
scale = columns / 40
class KMS:
def __init__(self,
ursula_url,
dir_name,
passphrase,
ipfs_addr='',
arweave_wallet_file_path='',
federated_only=True,
signer_uri='',
checksum_address=None,
client_password=None,
provider_uri='',
domain=TEMPORARY_DOMAIN):
"""
Args:
ursula_url (str): ursula url e.g. localhost:11500
dir_name (str): dir_name where account files will be stored in tmp directory
passphrase (str): passphrase for account
ipfs_addr (str): ipfs addr (required only if you want to store data in ipfs)
arweave_wallet_file_path (str): arweave wallet file path (required only if you want to store
data in arweave)
federated_only (bool): Whether federated mode should be used
signer_uri (str): signer uri for ethereum transaction
https://docs.nucypher.com/en/latest/guides/ethereum_node.html#external-transaction-signing
checksum_address (str): Ethereum address
client_password (str): Password for ethereum keystore. Required only if signer_uri is keystore://{path}
provider_uri (str): geth or infura https uri
domain (str): nucypher network name e.g. lynx for nucypher testnet and mainnet for nucypher mainnet
"""
self.__client_password = client_password
self.federated_only = federated_only
self.ursula_url = ursula_url
self.ursula = Ursula.from_seed_and_stake_info(
seed_uri=self.ursula_url,
federated_only=self.federated_only,
minimum_stake=0)
self.arweave_wallet = None
if arweave_wallet_file_path:
self.arweave_wallet = arweave.Wallet(arweave_wallet_file_path)
self.ipfs = None
if ipfs_addr:
self.ipfs = ipfshttpclient.connect(ipfs_addr)
self.temp_dir = os.path.join('/', 'tmp', dir_name)
self.alice_config = AliceConfiguration(
provider_uri=provider_uri,
checksum_address=checksum_address,
signer_uri=signer_uri,
config_root=os.path.join(self.temp_dir),
domain=domain,
known_nodes={self.ursula},
start_learning_now=False,
federated_only=self.federated_only,
learn_on_same_thread=True)
try:
if os.path.exists(os.path.join(self.temp_dir, "alice.json")):
raise ExistingKeyringError()
self.alice_config.initialize(password=passphrase)
except ExistingKeyringError:
self.alice_config = AliceConfiguration.from_configuration_file(
filepath=os.path.join(self.temp_dir, "alice.json"),
known_nodes={self.ursula},
start_learning_now=False)
self.alice_config.attach_keyring()
self.alice_config.keyring.unlock(password=passphrase)
signer = Signer.from_signer_uri(signer_uri) if signer_uri else None
if signer:
signer.unlock_account(account=checksum_address,
password=client_password)
self.alice = self.alice_config.produce(signer=signer)
try:
self.alice_config_file = self.alice_config.to_configuration_file()
except FileExistsError:
pass
self.alice.start_learning_loop(now=True)
self.privkeys, self.pubkeys = fetch_keys(path=self.temp_dir)
bob_enc_keypair = DecryptingKeypair(private_key=self.privkeys["enc"])
bob_sig_keypair = SigningKeypair(private_key=self.privkeys["sig"])
enc_power = DecryptingPower(keypair=bob_enc_keypair)
sig_power = SigningPower(keypair=bob_sig_keypair)
power_ups = [enc_power, sig_power]
self.bob = Bob(domain=domain,
federated_only=self.federated_only,
crypto_power_ups=power_ups,
start_learning_now=True,
abort_on_learning_error=True,
known_nodes=[self.ursula],
save_metadata=False,
network_middleware=RestMiddleware(),
provider_uri=provider_uri)
def encrypt_data(self, plaintext):
"""
Encrypt data
Args:
plaintext (str): plaintext that should be encrypted
Returns:
label, data_source_public_key, data (bytes, bytes, byes): tuple containing label for the policy,
data source public_key & encrypted data
"""
label = ("policy️-" + os.urandom(8).hex()).encode()
policy_pubkey = self.alice.get_policy_encrypting_key_from_label(label)
data_source = Enrico(policy_encrypting_key=policy_pubkey)
data_source_public_key = bytes(data_source.stamp)
message, _signature = data_source.encrypt_message(
plaintext.encode("utf-8"))
data = message.to_bytes()
return label, data_source_public_key, data
def decrypt_data(self, data_source_public_key, data, policy_info):
"""
Decrypt data
Args:
data_source_public_key (bytes): data_source_public_key
data (bytes): encrypted data
policy_info (dict): dict containing policy_pubkey, alice_sig_pubkey and label keys
Returns:
retrieved_plaintexts (list): list of str
"""
policy_pubkey = UmbralPublicKey.from_bytes(
bytes.fromhex(policy_info["policy_pubkey"]))
alice_sig_pubkey = UmbralPublicKey.from_bytes(
bytes.fromhex(policy_info["alice_sig_pubkey"]))
label = policy_info["label"].encode()
self.bob.join_policy(label, alice_sig_pubkey)
message_kit = UmbralMessageKit.from_bytes(data)
data_source = Enrico.from_public_keys(
verifying_key=data_source_public_key,
policy_encrypting_key=policy_pubkey)
retrieved_plaintexts = self.bob.retrieve(
message_kit,
label=label,
enrico=data_source,
alice_verifying_key=alice_sig_pubkey)
retrieved_plaintexts = [
x.decode('utf-8') for x in retrieved_plaintexts
]
return retrieved_plaintexts
def share_data_access(self,
pubkeys,
label,
days=5,
m=1,
n=1,
rate=Web3.toWei(50, 'gwei')):
"""
Share data access based on public keys
Args:
pubkeys (dict): public keys dict containing sig and enc keys
label (bytes): label for the policy
days (int): days for which the access should be granted
m (int): Minimum number of kfrags needed to activate a Capsule
n (int): Total number of kfrags to generate
rate (int): rate in wei
Returns:
policy_info (dict): dict containing policy_pubkey, alice_sig_pubkey and label keys
"""
bob = Bob.from_public_keys(verifying_key=pubkeys['sig'],
encrypting_key=pubkeys['enc'],
federated_only=self.federated_only)
# Policy expiration date
policy_end_datetime = maya.now() + datetime.timedelta(days=days)
power_ups = self.alice._crypto_power._CryptoPower__power_ups
for key, power_up in power_ups.items():
self.alice._crypto_power.consume_power_up(
power_up, password=self.__client_password)
policy = self.alice.grant(bob=bob,
label=label,
m=m,
n=n,
expiration=policy_end_datetime,
rate=rate)
policy_info = {
"policy_pubkey": policy.public_key.to_bytes().hex(),
"alice_sig_pubkey": bytes(self.alice.stamp).hex(),
"label": label.decode("utf-8"),
}
return policy_info
def upload_data(self, plaintext, storage):
"""
Upload data to the selected storage
Args:
plaintext (str): plaintext
storage (str): storage layer e.g. ipfs, arweave, skynet, etc.
Returns:
label, data_source_public_key, hash_key (bytes, bytes, str): tuple containing policy label,
data source public key and hash_key
"""
label, data_source_public_key, data = self.encrypt_data(
plaintext=plaintext)
if storage == "ipfs":
hash_key = self.ipfs.add_bytes(data)
elif storage == "arweave":
transaction = arweave.Transaction(self.arweave_wallet, data=data)
transaction.sign()
transaction.send()
hash_key = transaction.id
elif storage == "skynet":
file_name = '/tmp/{}.txt'.format(
random.randint(100000000000, 999999999999))
file = open(file_name, 'wb')
file.write(data)
file.close()
skynet_client = skynet.SkynetClient()
hash_key = skynet_client.upload_file(file_name)
else:
raise ValueError("invalid storage layer")
return label, data_source_public_key, hash_key
@staticmethod
def get_shareable_code(hash_key, data_source_public_key, policy_info,
storage):
"""
Get shareable code to fetch the secret which can be shared easily
Args:
hash_key (str): storage layer hash key
data_source_public_key (bytes): data source public key
policy_info (dict): dict containing policy_pubkey, alice_sig_pubkey and label keys
storage (str): storage layer e.g. ipfs, arweave, skynet, etc.
Returns:
shareable_code (str): shareable code
"""
data = {
"hash": hash_key,
"data_source_public_key": data_source_public_key.hex(),
"policy_info": policy_info,
"storage": storage
}
return base64.b64encode(
json.dumps(data,
separators=(',', ':')).encode("utf-8")).decode('utf-8')
def fetch_data(self, shareable_code, storage):
"""
Fetch data from the selected storage and decrypt it
Args:
shareable_code (str): shareable code
storage (str): storage layer e.g. ipfs, arweave, skynet, etc.
Returns:
retrieved_plaintexts (list): list of str
"""
meta_data = json.loads(
base64.b64decode(shareable_code.encode('utf-8')).decode('utf-8'))
data_source_public_key = meta_data['data_source_public_key']
hash_key = meta_data['hash']
if storage == "ipfs":
data = self.ipfs.cat(hash_key)
elif storage == "arweave":
transaction = arweave.Transaction(self.arweave_wallet, id=hash_key)
transaction.get_data()
data = transaction.data
if data == b'':
raise ValueError(
"Transaction not found. Wait for some more time")
elif storage == "skynet":
file_name = '/tmp/{}.txt'.format(
random.randint(100000000000, 999999999999))
skynet_client = skynet.SkynetClient()
skynet_client.download_file(file_name, hash_key)
file = open(file_name, 'rb')
data = file.read()
file.close()
else:
raise ValueError("invalid storage layer")
data_source_public_key = bytes.fromhex(data_source_public_key)
policy_info = meta_data["policy_info"]
return self.decrypt_data(data_source_public_key=data_source_public_key,
data=data,
policy_info=policy_info)
enrico = Enrico(policy_encrypting_key=policy_pubkey)
# In this case, the plaintext is a
# single passage from James Joyce's Finnegan's Wake.
# The matter of whether encryption makes the passage more or less readable
# is left to the reader to determine.
single_passage_ciphertext, _signature = enrico.encrypt_message(plaintext)
data_source_public_key = bytes(enrico.stamp)
del enrico
###############
# Back to Bob #
###############
enrico_as_understood_by_bob = Enrico.from_public_keys(
{SigningPower: data_source_public_key},
policy_encrypting_key=policy_pubkey
)
# Now Bob can retrieve the original message.
alice_pubkey_restored_from_ancient_scroll = UmbralPublicKey.from_bytes(alices_pubkey_bytes_saved_for_posterity)
delivered_cleartexts = BOB.retrieve(message_kit=single_passage_ciphertext,
data_source=enrico_as_understood_by_bob,
alice_verifying_key=alice_pubkey_restored_from_ancient_scroll)
# We show that indeed this is the passage originally encrypted by Enrico.
assert plaintext == delivered_cleartexts[0]
print("Retrieved: {}".format(delivered_cleartexts[0]))
def test_bob_joins_policy_and_retrieves(
federated_alice,
federated_ursulas,
certificates_tempdir,
):
# Let's partition Ursulas in two parts
a_couple_of_ursulas = list(federated_ursulas)[:2]
rest_of_ursulas = list(federated_ursulas)[2:]
# Bob becomes
bob = Bob(
federated_only=True,
start_learning_now=True,
network_middleware=MockRestMiddleware(),
known_certificates_dir=certificates_tempdir,
abort_on_learning_error=True,
known_nodes=a_couple_of_ursulas,
)
# Bob only knows a couple of Ursulas initially
assert len(bob.known_nodes) == 2
# Alice creates a policy granting access to Bob
# Just for fun, let's assume she distributes KFrags among Ursulas unknown to Bob
n = DEFAULT_NUMBER_OF_URSULAS_IN_DEVELOPMENT_NETWORK - 2
label = b'label://' + os.urandom(32)
contract_end_datetime = maya.now() + datetime.timedelta(days=5)
policy = federated_alice.grant(
bob=bob,
label=label,
m=3,
n=n,
expiration=contract_end_datetime,
handpicked_ursulas=set(rest_of_ursulas),
)
assert bob == policy.bob
assert label == policy.label
# Now, Bob joins the policy
bob.join_policy(
label=label,
alice_pubkey_sig=federated_alice.stamp,
)
# In the end, Bob should know all the Ursulas
assert len(bob.known_nodes) == len(federated_ursulas)
# DataSource becomes
data_source = DataSource(policy_pubkey_enc=policy.public_key,
signing_keypair=SigningKeypair(),
label=label)
plaintext = b"What's your approach? Mississippis or what?"
message_kit, _signature = data_source.encapsulate_single_message(plaintext)
alices_verifying_key = federated_alice.stamp.as_umbral_pubkey()
# Bob takes the message_kit and retrieves the message within
delivered_cleartexts = bob.retrieve(
message_kit=message_kit,
data_source=data_source,
alice_verifying_key=alices_verifying_key)
assert plaintext == delivered_cleartexts[0]
def test_bob_joins_policy_and_retrieves(
federated_alice,
federated_ursulas,
certificates_tempdir,
):
# Let's partition Ursulas in two parts
a_couple_of_ursulas = list(federated_ursulas)[:2]
rest_of_ursulas = list(federated_ursulas)[2:]
# Bob becomes
bob = Bob(
federated_only=True,
domain=TEMPORARY_DOMAIN,
start_learning_now=True,
network_middleware=MockRestMiddleware(),
abort_on_learning_error=True,
known_nodes=a_couple_of_ursulas,
)
# Bob has only connected to - at most - 2 nodes.
assert sum(node.verified_node for node in bob.known_nodes) <= 2
# Alice creates a policy granting access to Bob
# Just for fun, let's assume she distributes KFrags among Ursulas unknown to Bob
n = NUMBER_OF_URSULAS_IN_DEVELOPMENT_NETWORK - 2
label = b'label://' + os.urandom(32)
contract_end_datetime = maya.now() + datetime.timedelta(days=5)
policy = federated_alice.grant(
bob=bob,
label=label,
m=3,
n=n,
expiration=contract_end_datetime,
handpicked_ursulas=set(rest_of_ursulas),
)
assert label == policy.label
try:
# Now, Bob joins the policy
bob.join_policy(label=label,
alice_verifying_key=federated_alice.stamp,
block=True)
except policy.treasure_map.NowhereToBeFound:
maps = []
for ursula in federated_ursulas:
for map in ursula.treasure_maps.values():
maps.append(map)
if policy.treasure_map in maps:
# This is a nice place to put a breakpoint to examine Bob's failure to join a policy.
bob.join_policy(label=label,
alice_verifying_key=federated_alice.stamp,
block=True)
pytest.fail(
f"Bob didn't find map {policy.treasure_map} even though it was available. Come on, Bob."
)
else:
pytest.fail(
f"It seems that Alice didn't publish {policy.treasure_map}. Come on, Alice."
)
# In the end, Bob should know all the Ursulas
assert len(bob.known_nodes) == len(federated_ursulas)
# Enrico becomes
enrico = Enrico(policy_encrypting_key=policy.public_key)
plaintext = b"What's your approach? Mississippis or what?"
message_kit, _signature = enrico.encrypt_message(plaintext)
alices_verifying_key = federated_alice.stamp.as_umbral_pubkey()
# Bob takes the message_kit and retrieves the message within
delivered_cleartexts = bob.retrieve(
message_kit,
enrico=enrico,
alice_verifying_key=alices_verifying_key,
label=policy.label,
retain_cfrags=True)
assert plaintext == delivered_cleartexts[0]
# Bob tries to retrieve again, but without using the cached CFrags, it fails.
with pytest.raises(TypeError):
delivered_cleartexts = bob.retrieve(
message_kit,
enrico=enrico,
alice_verifying_key=alices_verifying_key,
label=policy.label)
cleartexts_delivered_a_second_time = bob.retrieve(
message_kit,
enrico=enrico,
alice_verifying_key=alices_verifying_key,
label=policy.label,
use_attached_cfrags=True)
# Indeed, they're the same cleartexts.
assert delivered_cleartexts == cleartexts_delivered_a_second_time
# Let's try retrieve again, but Alice revoked the policy.
failed_revocations = federated_alice.revoke(policy)
assert len(failed_revocations) == 0
# One thing to note here is that Bob *can* still retrieve with the cached CFrags, even though this Policy has been revoked. #892
_cleartexts = bob.retrieve(
message_kit,
enrico=enrico,
alice_verifying_key=alices_verifying_key,
label=policy.label,
use_precedent_work_orders=True,
)
assert _cleartexts == delivered_cleartexts # TODO: 892
# OK, but we imagine that the message_kit is fresh here.
message_kit.clear_cfrags()
with pytest.raises(Ursula.NotEnoughUrsulas):
_cleartexts = bob.retrieve(
message_kit,
enrico=enrico,
alice_verifying_key=alices_verifying_key,
label=policy.label,
)
bob.disenchant()
def test_bob_joins_policy_and_retrieves(
federated_alice,
federated_ursulas,
certificates_tempdir,
):
# Let's partition Ursulas in two parts
a_couple_of_ursulas = list(federated_ursulas)[:2]
rest_of_ursulas = list(federated_ursulas)[2:]
# Bob becomes
bob = Bob(
federated_only=True,
domains={TEMPORARY_DOMAIN},
start_learning_now=True,
network_middleware=MockRestMiddleware(),
abort_on_learning_error=True,
known_nodes=a_couple_of_ursulas,
)
# Bob only knows a couple of Ursulas initially
assert len(bob.known_nodes) == 2
# Alice creates a policy granting access to Bob
# Just for fun, let's assume she distributes KFrags among Ursulas unknown to Bob
n = NUMBER_OF_URSULAS_IN_DEVELOPMENT_NETWORK - 2
label = b'label://' + os.urandom(32)
contract_end_datetime = maya.now() + datetime.timedelta(days=5)
policy = federated_alice.grant(
bob=bob,
label=label,
m=3,
n=n,
expiration=contract_end_datetime,
handpicked_ursulas=set(rest_of_ursulas),
)
assert bob == policy.bob
assert label == policy.label
# Now, Bob joins the policy
bob.join_policy(label=label,
alice_verifying_key=federated_alice.stamp,
block=True)
# In the end, Bob should know all the Ursulas
assert len(bob.known_nodes) == len(federated_ursulas)
# Enrico becomes
enrico = Enrico(policy_encrypting_key=policy.public_key)
plaintext = b"What's your approach? Mississippis or what?"
message_kit, _signature = enrico.encrypt_message(plaintext)
alices_verifying_key = federated_alice.stamp.as_umbral_pubkey()
# Bob takes the message_kit and retrieves the message within
delivered_cleartexts = bob.retrieve(
message_kit,
enrico=enrico,
alice_verifying_key=alices_verifying_key,
label=policy.label,
retain_cfrags=True)
assert plaintext == delivered_cleartexts[0]
# Bob tries to retrieve again, but without using the cached CFrags, it fails.
with pytest.raises(TypeError):
delivered_cleartexts = bob.retrieve(
message_kit,
enrico=enrico,
alice_verifying_key=alices_verifying_key,
label=policy.label)
cleartexts_delivered_a_second_time = bob.retrieve(
message_kit,
enrico=enrico,
alice_verifying_key=alices_verifying_key,
label=policy.label,
use_attached_cfrags=True)
# Indeed, they're the same cleartexts.
assert delivered_cleartexts == cleartexts_delivered_a_second_time
# Let's try retrieve again, but Alice revoked the policy.
failed_revocations = federated_alice.revoke(policy)
assert len(failed_revocations) == 0
# One thing to note here is that Bob *can* still retrieve with the cached CFrags, even though this Policy has been revoked. #892
_cleartexts = bob.retrieve(
message_kit,
enrico=enrico,
alice_verifying_key=alices_verifying_key,
label=policy.label,
use_precedent_work_orders=True,
)
assert _cleartexts == delivered_cleartexts # TODO: 892
# OK, but we imagine that the message_kit is fresh here.
message_kit.capsule.clear_cfrags()
with pytest.raises(Ursula.NotEnoughUrsulas):
_cleartexts = bob.retrieve(
message_kit,
enrico=enrico,
alice_verifying_key=alices_verifying_key,
label=policy.label,
)
#########################
# Enrico, the Encryptor #
#########################
enrico = Enrico(policy_encrypting_key=policy_public_key)
# In this case, the plaintext is a
# single passage from James Joyce's Finnegan's Wake.
# The matter of whether encryption makes the passage more or less readable
# is left to the reader to determine.
single_passage_ciphertext, _signature = enrico.encrypt_message(plaintext)
data_source_public_key = bytes(enrico.stamp)
del enrico
###############
# Back to Bob #
###############
# Now Bob can retrieve the original message.
delivered_cleartexts = bob.retrieve(
single_passage_ciphertext,
policy_encrypting_key=policy_public_key,
alice_verifying_key=alice_verifying_key,
label=label)
# We show that indeed this is the passage originally encrypted by Enrico.
assert plaintext == delivered_cleartexts[0]
print("Retrieved: {}".format(delivered_cleartexts[0]))
bob.disenchant()
class service(object):
def __init__(self, network_provider):
self.provider_uri = network_provider
self.user_path = "users/"
self.public_key_path = "/recipent.public.json"
self.private_key_path = "/recipent.private.json"
def connect(self, networkURL, second_provider, third_provider, ipfs_provider):
BlockchainInterfaceFactory.initialize_interface(provider_uri=self.provider_uri)
self.ipfs_gateway_api = ipfshttpclient.connect(ipfs_provider)
self.ursula = Ursula.from_seed_and_stake_info(
seed_uri=networkURL,
federated_only=True,
minimum_stake=0
)
self.ursula2 = Ursula.from_teacher_uri(
teacher_uri=networkURL,
federated_only=True,
min_stake=0
)
self.ursula3 = Ursula.from_teacher_uri(
teacher_uri=networkURL,
federated_only=True,
min_stake=0
)
return True
def generate_keys(self):
enc_privkey = UmbralPrivateKey.gen_key()
sig_privkey = UmbralPrivateKey.gen_key()
recipient_privkeys = {
'enc': enc_privkey.to_bytes().hex(),
'sig': sig_privkey.to_bytes().hex(),
}
enc_pubkey = enc_privkey.get_pubkey()
sig_pubkey = sig_privkey.get_pubkey()
recipient_pubkeys = {
'enc': enc_pubkey.to_bytes().hex(),
'sig': sig_pubkey.to_bytes().hex()
}
return recipient_privkeys, recipient_pubkeys
def configure_alice(self, path):
return AliceConfiguration(
config_root=os.path.join(path),
known_nodes=[self.ursula, self.ursula2, self.ursula3],
start_learning_now=False,
federated_only=True,
learn_on_same_thread=True,
network_middleware=RestMiddleware(),
)
def create_alice(self, username, password):
path = self.user_path + username
alice_config = self.configure_alice(path)
alice_config.initialize(password=password)
alice_config.keyring.unlock(password=password)
self.Alice = alice_config.produce()
alice_config_file = alice_config.to_configuration_file()
self.Alice.start_learning_loop(now=True)
private_keys, public_keys = self.generate_keys()
with open(path + self.private_key_path, 'w') as file:
json.dump(private_keys, file)
with open(path + self.public_key_path, 'w') as f:
json.dump(public_keys, f)
config_path = path + '/alice.json'
with open(config_path) as config_file:
data = json.load(config_file)
address = data["checksum_address"]
return address
def generate_policy(self, username, label):
policy_end_datetime = maya.now() + datetime.timedelta(365)
path = self.user_path + username
self.configure_alice(path)
policy_pubkey = self.Alice.get_policy_pubkey_from_label(label)
return policy_pubkey
def reveal_public_keys(self, username, serialized=False):
public_keys = self.user_path + username + self.public_key_path
with open(public_keys) as data_file:
data = json.load(data_file)
enc_pubkey = UmbralPublicKey.from_bytes(bytes.fromhex(data["enc"]))
sig_pubkey = UmbralPublicKey.from_bytes(bytes.fromhex(data["sig"]))
print(sig_pubkey.to_bytes())
if serialized:
return (
base58.b58encode(bytes.fromhex(data["enc"])).decode("utf-8"),
base58.b58encode(bytes.fromhex(data["sig"])).decode("utf-8")
)
return (enc_pubkey, sig_pubkey)
def calculate_powers(self, username):
enc_pubkey, sig_pubkey = self.reveal_public_keys(username)
powers_and_material = { DecryptingPower: enc_pubkey, SigningPower: sig_pubkey }
return powers_and_material
def reveal_private_keys(self, username):
private_keys = self.user_path + username + self.private_key_path
with open(private_keys) as data_file:
data = json.load(data_file)
enc_privkey = UmbralPrivateKey.from_bytes(bytes.fromhex(data["enc"]))
sig_privkey = UmbralPrivateKey.from_bytes(bytes.fromhex(data["sig"]))
return enc_privkey, sig_privkey
def uploadData(self, label, file):
policy_pubkey = self.Alice.get_policy_encrypting_key_from_label(label.encode("utf-8"))
data_source = Enrico(policy_encrypting_key=policy_pubkey)
data_source_public_key = bytes(data_source.stamp)
now = time.time()
kits = list()
now += 5
data_representation = { 'data': file, 'timestamp': now, }
plaintext = msgpack.dumps(data_representation, use_bin_type=True)
message_kit, _signature = data_source.encrypt_message(plaintext)
kit_bytes = message_kit.to_bytes()
kits.append(kit_bytes)
data = { 'data_source': data_source_public_key, 'kits': kits, }
d = msgpack.dumps(data, use_bin_type=True)
ipfs_hash = self.ipfs_gateway_api.add_bytes(d)
receipt = {
"data_source_public_key" : data_source_public_key.hex(),
"hash_key" : ipfs_hash
}
return receipt
def alice_from_configutation(self, username, password, account):
path = self.user_path + username + '/'
keyring_path = path + "keyring"
full_path = path + 'alice.json'
alice_config = self.configure_alice(path)
configuration = alice_config.from_configuration_file(
config_root=os.path.join(path),
filepath=full_path,
keyring=NucypherKeyring(
account=account,
keyring_root=os.path.join(keyring_path),
),
)
configuration.keyring.unlock(password)
self.Alice = configuration.produce()
return self.Alice
def grant(self, username, password, account, bob_username, label):
self.Alice = self.alice_from_configutation(username, password, account)
powers_and_material = self.calculate_powers(bob_username)
bob = Bob.from_public_keys(powers_and_material=powers_and_material, federated_only=True)
policy_end_datetime = maya.now() + datetime.timedelta(days=365)
encoded_label = label.encode("utf-8")
self.Alice.start_learning_loop(now=True)
policy = self.Alice.grant(bob, encoded_label, m=1, n=1, expiration=policy_end_datetime)
alices_pubkey = bytes(self.Alice.stamp)
policy_info = {
"policy_pubkey" : policy.public_key.to_bytes().hex(),
"alice_sig_pubkey": base58.b58encode(alices_pubkey).decode("utf-8"),
"label" : encoded_label.decode("utf-8")
}
return policy_info
def add_data_and_grant_self_access(self, username, password, account, label, file):
policy_info = self.grant(username, password, account, username, label)
receipt = self.uploadData(label, file)
return policy_info, receipt
def downloadFile(self, username, receipt, policy_info):
hash = receipt['hash_key']
input = self.ipfs_gateway_api.cat(hash)
enc_privkey, sig_privkey = self.reveal_private_keys(username)
bob_enc_key = DecryptingKeypair(private_key=enc_privkey)
bob_sig_keyp = SigningKeypair(private_key=sig_privkey)
enc_power = DecryptingPower(keypair=bob_enc_key)
sig_power = SigningPower(keypair=bob_sig_keyp)
power_ups = [enc_power, sig_power]
self.Bob = Bob(
federated_only=True,
crypto_power_ups=power_ups,
start_learning_now=True,
abort_on_learning_error=True,
known_nodes=[self.ursula],
save_metadata=False,
network_middleware=RestMiddleware(),
)
policy_pubkey = UmbralPublicKey.from_bytes(bytes.fromhex(policy_info["policy_pubkey"]))
enrico = Enrico.from_public_keys(
{SigningPower: UmbralPublicKey.from_bytes(bytes.fromhex(receipt['data_source_public_key']))},
policy_encrypting_key=policy_pubkey
)
alice_pubkey_restored = UmbralPublicKey.from_bytes(base58.b58decode(policy_info['alice_sig_pubkey']))
self.Bob.join_policy(policy_info['label'].encode(), alice_pubkey_restored)
data = msgpack.loads(input, raw=False)
message_kits = (UmbralMessageKit.from_bytes(k) for k in data['kits'])
message_kit = next(message_kits)
retrieved_plaintexts = self.Bob.retrieve(
message_kit,
enrico=enrico,
alice_verifying_key=alice_pubkey_restored,
label=policy_info['label'].encode(),
)
plaintext = msgpack.loads(retrieved_plaintexts[0], raw=False)
print(plaintext)
decrypted_data = plaintext['data']
return decrypted_data
# Let's read the file produced by the heart monitor and unpack the MessageKits,
# which are the individual ciphertexts.
data = msgpack.load(open("heart_data.msgpack", "rb"), raw=False)
message_kits = (UmbralMessageKit.from_bytes(k) for k in data['kits'])
# The doctor also needs to create a view of the Data Source from its public keys
data_source = Enrico.from_public_keys(verifying_key=data['data_source'],
policy_encrypting_key=policy_pubkey)
# Now he can ask the NuCypher network to get a re-encrypted version of each MessageKit.
for message_kit in message_kits:
try:
start = timer()
retrieved_plaintexts = doctor.retrieve(
label=label,
message_kit=message_kit,
enrico=data_source,
alice_verifying_key=alices_sig_pubkey)
end = timer()
plaintext = msgpack.loads(retrieved_plaintexts[0], raw=False)
# Now we can get the heart rate and the associated timestamp,
# generated by the heart rate monitor.
heart_rate = plaintext['heart_rate']
timestamp = maya.MayaDT(plaintext['timestamp'])
# This code block simply pretty prints the heart rate info
terminal_size = shutil.get_terminal_size().columns
max_width = min(terminal_size, 120)
columns = max_width - 12 - 27
def downloadFile(self, downloadFilename, recipient_privkeys, receipt,
policy_info):
hash = receipt['hash_key']
input = self.ipfs.cat(hash)
ursula = Ursula.from_seed_and_stake_info(
seed_uri=self.URSULA_SEEDNODE_URI,
federated_only=True,
minimum_stake=0)
bob_enc_keypair = DecryptingKeypair(
private_key=UmbralPrivateKey.from_bytes(
bytes.fromhex(recipient_privkeys["enc"])))
bob_sig_keypair = SigningKeypair(
private_key=UmbralPrivateKey.from_bytes(
bytes.fromhex(recipient_privkeys["sig"])))
enc_power = DecryptingPower(keypair=bob_enc_keypair)
sig_power = SigningPower(keypair=bob_sig_keypair)
power_ups = [enc_power, sig_power]
authorizedRecipient = Bob(
is_me=True,
federated_only=True,
crypto_power_ups=power_ups,
start_learning_now=True,
abort_on_learning_error=True,
known_nodes=[ursula],
save_metadata=False,
network_middleware=RestMiddleware(),
)
policy_pubkey = UmbralPublicKey.from_bytes(
bytes.fromhex(policy_info["policy_pubkey"]))
enrico_as_understood = Enrico.from_public_keys(
{
SigningPower:
UmbralPublicKey.from_bytes(
bytes.fromhex(receipt['data_source_public_key']))
},
#{SigningPower: data_source_public_key},
policy_encrypting_key=policy_pubkey)
alice_pubkey_restored = UmbralPublicKey.from_bytes(
(policy_info['alice_sig_pubkey']))
authorizedRecipient.join_policy(policy_info['label'].encode(),
alice_pubkey_restored)
kit = UmbralMessageKit.from_bytes(input)
delivered_cleartexts = authorizedRecipient.retrieve(
message_kit=kit,
data_source=enrico_as_understood,
alice_verifying_key=alice_pubkey_restored,
label=(policy_info['label'].encode()))
#delivered_cleartexts = authorizedRecipient.retrieve(message_kit=kit,data_source=data_source,alice_verifying_key=alice_pubkey_restored, label=(policy_info['label'].encode()) )
data = base64.b64decode(delivered_cleartexts[0])
output = open('./' + downloadFilename, 'wb')
output.write(data)
output.close()
