upgrade natools.py

.install/loveland.sh

@@ -107,6 +107,7 @@ nodename=$(curl -s https://git.p2p.legal/axiom-team/astroport/raw/master/zen/too
 echo $nodename
 
 if [[ ! $isLAN ]]; then
+    ### TODO install Feddless.social 
     oasis --allow-host $nodename 2>&1>/dev/null &
     echo "BE CAREFULL your SSB identity could be publicly controled..."
 else
@@ -130,6 +131,10 @@ echo "$nodename" | figlet -f slant | lolcat
 NODENAME=$nodename
 
 YOU=$(ps auxf --sort=+utime | grep -w ipfs | grep -v -E 'color=auto|grep' | tail -n 1 | cut -d " " -f 1);
+
+## Write nodename to IPFS
+echo "$nodename" > /home/$YOU/.zen/ipfs/.$IPFSNODEID/G1SSB/_nodename
+
 PHPVERSION=$(ps auxf | grep php-fpm | grep -v -E 'color=auto|grep' | head -n 1 |  grep -oP '(?<=\().*(?=\))' | awk -F '/' '{print $4}')
 ### ASTROPORT STATION PORTAL
 sudo sed "s/_PHPVERSION_/$PHPVERSION/g" /home/$YOU/.zen/astroport/www/loveland.conf > /tmp/loveland.conf

g1sms/functions.sh

@@ -328,11 +328,11 @@ log "__SUB:sms_INIT_ACCOUNT: ($1=phone, $2=NOSMS)"
     # GPG decypher PIN
     # TODO make decypher less stress on filesystem, use /tmp and ramdisk
     # /home/$YOU/.zen/astroport/zen/tools/natools.py encrypt -p $NODE_G1PUBKEY -i "$DUNIKEYFILE" -o "$DUNIKEYFILE.crypt"
-    # /home/$YOU/.zen/astroport/zen/tools/natools.py decrypt --pubsec -k "$NODE_PUBSECFILE" -i "$DUNIKEYFILE.crypt" -o "$DUNIKEYFILE"
+    # /home/$YOU/.zen/astroport/zen/tools/natools.py decrypt -f pubsec -k "$NODE_PUBSECFILE" -i "$DUNIKEYFILE.crypt" -o "$DUNIKEYFILE"
     
     # EMAIL
     [[ $SMSEMAIL == "" ]] && [[ -f "$GPGMAILFILE" ]] && echo "${IPFSPrivKey}" | gpg -d -q --output "$MAILFILE" --yes --pinentry-mode loopback --passphrase-fd 0 "$GPGMAILFILE" && SMSEMAIL=$(cat $MAILFILE)
-    [[ $SMSEMAIL == "" ]] && [[ -f "$MAILFILE.crypt" ]] && /home/$YOU/.zen/astroport/zen/tools/natools.py decrypt --pubsec -k "$NODE_PUBSECFILE" -i "$MAILFILE.crypt" -o "$MAILFILE" && SMSEMAIL=$(cat $MAILFILE)
+    [[ $SMSEMAIL == "" ]] && [[ -f "$MAILFILE.crypt" ]] && /home/$YOU/.zen/astroport/zen/tools/natools.py decrypt -f pubsec -k "$NODE_PUBSECFILE" -i "$MAILFILE.crypt" -o "$MAILFILE" && SMSEMAIL=$(cat $MAILFILE)
     log "__SUB:sms_INIT_ACCOUNT: Déchiffrage EMAIL $SMSEMAIL"
     # EMPTY CLEAR EMAIL FILE
     [[ $SMSEMAIL != ""  ]] && echo "" > "$MAILFILE"

g1sms/natools.py

@@ -1,112 +0,0 @@
-#!/usr/bin/env python3
-
-"""
-	CopyLeft 2020 Pascal Engélibert <tuxmain@zettascript.org>
-
-	This program is free software: you can redistribute it and/or modify
-	it under the terms of the GNU Affero General Public License as published by
-	the Free Software Foundation, either version 3 of the License, or
-	(at your option) any later version.
-
-	This program is distributed in the hope that it will be useful,
-	but WITHOUT ANY WARRANTY; without even the implied warranty of
-	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-	GNU Affero General Public License for more details.
-
-	You should have received a copy of the GNU Affero General Public License
-	along with this program.  If not, see <https://www.gnu.org/licenses/>.
-"""
-
-import os, sys, duniterpy.key, libnacl.sign
-
-def getargv(arg:str, default:str="", n:int=1, args:list=sys.argv) -> str:
-	if arg in args and len(args) > args.index(arg)+n:
-		return args[args.index(arg)+n]
-	else:
-		return default
-
-def read_data(data_path, b=True):
-	if data_path == "-":
-		if b:
-			return sys.stdin.read().encode()
-		else:
-			return sys.stdin.read()
-	else:
-		return open(os.path.expanduser(data_path), "rb" if b else "r").read()
-
-def write_data(data, result_path):
-	if result_path == "-":
-		sys.stdout.write(data.decode())
-	else:
-		open(os.path.expanduser(result_path), "wb").write(data)
-
-def encrypt(data, pubkey):
-	return duniterpy.key.PublicKey(pubkey).encrypt_seal(data)
-
-def decrypt(data, privkey):
-	return privkey.decrypt_seal(data)
-
-def sign(data, privkey):
-	return privkey.sign(data)
-
-def verify(data, pubkey):
-	try:
-		sys.stderr.write("Signature OK!\n")
-		return libnacl.sign.Verifier(duniterpy.key.PublicKey(pubkey).hex_pk()).verify(data)
-	except ValueError:
-		sys.stderr.write("Bad signature!\n")
-		exit(1)
-
-def get_privkey(privkey_path, pubsec):
-	if pubsec:
-		return duniterpy.key.SigningKey.from_pubsec_file(privkey_path)
-	else:
-		return duniterpy.key.SigningKey.from_seedhex(read_data(privkey_path, False))
-
-def show_help():
-	print("""Usage:
-python3 natools.py <command> [options]
-
-Commands:
-  encrypt  Encrypt data
-  decrypt  Decrypt data
-  sign     Sign data
-  verify   Verify data
-
-Options:
-  -i <path>  Input file path (default: -)
-  -k <path>  Privkey file path (default: authfile.key)
-  --pubsec   Use pub/sec format for -p
-  -p <str>   Pubkey (base58)
-  -o <path>  Output file path (default: -)
-
-Note: "-" means stdin or stdout.
-""")
-
-if __name__ == "__main__":
-	
-	if "--help" in sys.argv:
-		show_help()
-		exit()
-	
-	data_path = getargv("-i", "-")
-	privkey_path = getargv("-k", "authfile.key")
-	pubsec = "--pubsec" in sys.argv
-	pubkey = getargv("-p")
-	result_path = getargv("-o", "-")
-	
-	try:
-		if sys.argv[1] == "encrypt":
-			write_data(encrypt(read_data(data_path), pubkey), result_path)
-		elif sys.argv[1] == "decrypt":
-			write_data(decrypt(read_data(data_path), get_privkey(privkey_path, pubsec)), result_path)
-		elif sys.argv[1] == "sign":
-			write_data(sign(read_data(data_path), get_privkey(privkey_path, pubsec)), result_path)
-		elif sys.argv[1] == "verify":
-			write_data(verify(read_data(data_path), pubkey), result_path)
-		else:
-			show_help()
-	except Exception as e:
-		sys.stderr.write("Error: {}\n".format(e))
-		show_help()
-		exit(1)

g1sms/sms_NEW.sh

@@ -37,7 +37,7 @@ UNIT=${countvalues[2]}
 # ONLY USED BY sms_NEW.sh !!! To send back PIN
 echo "${IPFSPrivKey}" | gpg -d -q --output "$PINFILE" --yes --pinentry-mode loopback --passphrase-fd 0 "$GPGPINFILE"
 PIN=$(cat "$PINFILE" | xargs)
-[[ "$PIN" == "" ]] && [[ -f "${PINFILE}.crypt" ]] && /home/$YOU/.zen/astroport/zen/tools/natools.py decrypt --pubsec -k "$NODE_PUBSECFILE" -i "${PINFILE}.crypt" -o "$PINFILE" && PIN=$(cat "$PINFILE");
+[[ "$PIN" == "" ]] && [[ -f "${PINFILE}.crypt" ]] && /home/$YOU/.zen/astroport/zen/tools/natools.py decrypt -f pubsec -k "$NODE_PUBSECFILE" -i "${PINFILE}.crypt" -o "$PINFILE" && PIN=$(cat "$PINFILE");
 [[ "$PIN" != "" ]] && echo "" > "$PINFILE" || PIN="PIN EMPTY !!! Contacter $ADMINPHONE SVP"
 
 mess="[G1sms+]

g1sms/tag_OP.sh

@@ -71,7 +71,7 @@ if [[ $FINALSOURCE -lt 0 ]]; then echo "__SUB:tag_OP.sh: KO. La valeur de ce G1T
 #############################################
 ############## EXTRACT $JSOURCERR PUBLISH KEY
 if [[ -f $KEYFILE  && ! -f "~/.ipfs/keystore/$JSOURCERR" ]]; then
-    /home/$YOU/.zen/astroport/zen/tools/natools.py decrypt --pubsec -k "$KEYFILE" -i "$JSOURCEPUBLISHKEY" -o "~/.ipfs/keystore/$JSOURCERR"
+    /home/$YOU/.zen/astroport/zen/tools/natools.py decrypt -f pubsec -k "$KEYFILE" -i "$JSOURCEPUBLISHKEY" -o "~/.ipfs/keystore/$JSOURCERR"
 else
     if [[ ! -f $KEYFILE ]]; then
         echo "__SUB:tag_OP.sh: KO. La clef de dévérouillage pour $JSOURCERR est inexistante. Contact: https://g1sms.fr"
@@ -92,7 +92,7 @@ FINALDEST=$(echo "${JDESTVALUE} + ${VALUE}" | bc -l)
 # EXTRACT $JSOURCERR PUBLISH KEY to "~/.ipfs/keystore/JSOURCE"
 # EXTRACT PUBLISH KEY
 if [[ -f $KEYFILE && ! -f "~/.ipfs/keystore/$JDESTRR" ]]; then
-    /home/$YOU/.zen/astroport/zen/tools/natools.py decrypt --pubsec -k "$KEYFILE" -i "$JDESTPUBLISHKEY" -o "~/.ipfs/keystore/$JDESTRR"
+    /home/$YOU/.zen/astroport/zen/tools/natools.py decrypt -f pubsec -k "$KEYFILE" -i "$JDESTPUBLISHKEY" -o "~/.ipfs/keystore/$JDESTRR"
 else
     if [[ ! -f $KEYFILE ]]; then
         echo "__SUB:tag_OP.sh: KO. La clef de dévérouillage pour $JDESTRR est inexistante. Contact: https://g1sms.fr"

g1sms/tools/G1_TUX_natools.py

@@ -1,85 +0,0 @@
-#!/usr/bin/env python3
-
-import os, sys, duniterpy.key, libnacl.sign
-
-def getargv(arg:str, default:str="", n:int=1, args:list=sys.argv) -> str:
-	if arg in args and len(args) > args.index(arg)+n:
-		return args[args.index(arg)+n]
-	else:
-		return default
-
-def read_data(data_path, b=True):
-	if data_path == "-":
-		if b:
-			return sys.stdin.read().encode()
-		else:
-			return sys.stdin.read()
-	else:
-		if b:
-			return open(os.path.expanduser(data_path), "rb").read()
-		else:
-			return open(os.path.expanduser(data_path), "r").read()
-
-def write_data(data, result_path):
-	(sys.stdout if result_path == "-" else open(os.path.expanduser(result_path), "wb")).write(data)
-
-def encrypt(data, pubkey):
-	return duniterpy.key.PublicKey(pubkey).encrypt_seal(data)
-
-def decrypt(data, privkey):
-	return duniterpy.key.SigningKey.from_seedhex(privkey).decrypt_seal(data)
-
-def sign(data, privkey):
-	return duniterpy.key.SigningKey.from_seedhex(privkey).sign(data)
-
-def verify(data, pubkey):
-	try:
-		return libnacl.sign.Verifier(duniterpy.key.PublicKey(pubkey).hex_pk()).verify(data)
-	except ValueError:
-		exit(1)
-
-def show_help():
-	print("""Usage:
-python3 natools.py <command> [options]
-
-Commands:
-  encrypt  Encrypt data
-  decrypt  Decrypt data
-  sign     Sign data
-  verify   Verify data
-
-Options:
-  -i <path>  Input file path (default: -)
-  -k <path>  Privkey file path (default: authfile.key)
-  -p <str>   Pubkey (base58)
-  -o <path>  Output file path (default: -)
-
-Note: "-" means stdin or stdout.
-""")
-
-if __name__ == "__main__":
-	
-	if "--help" in sys.argv:
-		show_help()
-		exit()
-	
-	data_path = getargv("-i", "-")
-	privkey_path = getargv("-k", "authfile.key")
-	pubkey = getargv("-p")
-	result_path = getargv("-o", "-")
-	
-	try:
-		if sys.argv[1] == "encrypt":
-			write_data(encrypt(read_data(data_path), pubkey), result_path)
-		elif sys.argv[1] == "decrypt":
-			write_data(decrypt(read_data(data_path), read_data(privkey_path, False)), result_path)
-		elif sys.argv[1] == "sign":
-			write_data(sign(read_data(data_path), read_data(privkey_path, False)), result_path)
-		elif sys.argv[1] == "verify":
-			write_data(verify(read_data(data_path), pubkey), result_path)
-		else:
-			show_help()
-	except Exception as e:
-		sys.stderr.write("Error: ", e, "\n")
-		show_help()
-		exit(1)

g1sms/tools/natools.py

@@ -17,7 +17,9 @@
 	along with this program.  If not, see <https://www.gnu.org/licenses/>.
 """
 
-import os, sys, duniterpy.key, libnacl.sign
+__version__ = "1.0"
+
+import os, sys, duniterpy.key, libnacl.sign, base58, base64, getpass
 
 def getargv(arg:str, default:str="", n:int=1, args:list=sys.argv) -> str:
 	if arg in args and len(args) > args.index(arg)+n:
@@ -36,7 +38,7 @@ def read_data(data_path, b=True):
 
 def write_data(data, result_path):
 	if result_path == "-":
-		sys.stdout.write(data.decode())
+		os.fdopen(sys.stdout.fileno(), 'wb').write(data)
 	else:
 		open(os.path.expanduser(result_path), "wb").write(data)
 
@@ -57,11 +59,54 @@ def verify(data, pubkey):
 		sys.stderr.write("Bad signature!\n")
 		exit(1)
 
-def get_privkey(privkey_path, pubsec):
-	if pubsec:
+def get_privkey(privkey_path, privkey_format):
+	if privkey_format == "pubsec":
+		if privkey_path == "*":
+			privkey_path = "privkey.pubsec"
 		return duniterpy.key.SigningKey.from_pubsec_file(privkey_path)
-	else:
+	
+	elif privkey_format == "cred":
+		if privkey_path == "*":
+			privkey_path = "-"
+		if privkey_path == "-":
+			return duniterpy.key.SigningKey.from_credentials(getpass.getpass("Password: "), getpass.getpass("Salt: "))
+		else:
+			return duniterpy.key.SigningKey.from_credentials_file(privkey_path)
+	
+	elif privkey_format == "seedh":
+		if privkey_path == "*":
+			privkey_path = "authfile.seedhex"
 		return duniterpy.key.SigningKey.from_seedhex(read_data(privkey_path, False))
+	
+	elif privkey_format == "wif":
+		if privkey_path == "*":
+			privkey_path = "authfile.wif"
+		return duniterpy.key.SigningKey.from_wif_or_ewif_file(privkey_path)
+	
+	elif privkey_format == "wifh":
+		if privkey_path == "*":
+			privkey_path = "authfile.wif"
+		return duniterpy.key.SigningKey.from_wif_or_ewif_hex(privkey_path)
+	
+	elif privkey_format == "ssb":
+		if privkey_path == "*":
+			privkey_path = "secret"
+		return duniterpy.key.SigningKey.from_ssb_file(privkey_path)
+	
+	elif privkey_format == "key":
+		if privkey_path == "*":
+			privkey_path = "authfile.key"
+		return duniterpy.key.SigningKey.from_private_key(privkey_path)
+
+fmt = {
+	"raw": lambda data: data,
+	"16": lambda data: data.hex().encode(),
+	"32": lambda data: base64.b32encode(data),
+	"58": lambda data: base58.b58encode(data),
+	"64": lambda data: base64.b64encode(data),
+	"64u": lambda data: base64.urlsafe_b64encode(data),
+	"85": lambda data: base64.b85encode(data),
+}
 
 def show_help():
 	print("""Usage:
@@ -74,11 +119,18 @@ Commands:
   verify   Verify data
 
 Options:
+  -f <fmt>   Private key format (default: cred)
+   key cred pubsec seedh ssb wif wifh
   -i <path>  Input file path (default: -)
-  -k <path>  Privkey file path (default: authfile.key)
-  --pubsec   Use pub/sec format for -p
+  -k <path>  Privkey file path (* for auto) (default: *)
   -p <str>   Pubkey (base58)
   -o <path>  Output file path (default: -)
+  --noinc    Do not include msg after signature
+  -O <fmt>   Output format: raw 16 32 58 64 64u 85 (default: raw)
+  
+  --help     Show help
+  --version  Show version
+  --debug    Debug mode (display full errors)
 
 Note: "-" means stdin or stdout.
 """)
@@ -89,24 +141,42 @@ if __name__ == "__main__":
 		show_help()
 		exit()
 	
+	if "--version" in sys.argv:
+		print(__version__)
+		exit()
+	
+	privkey_format = getargv("-f", "auto")
 	data_path = getargv("-i", "-")
-	privkey_path = getargv("-k", "authfile.key")
-	pubsec = "--pubsec" in sys.argv
+	privkey_path = getargv("-k", "*")
 	pubkey = getargv("-p")
 	result_path = getargv("-o", "-")
+	output_format = getargv("-O", "raw")
 	
 	try:
 		if sys.argv[1] == "encrypt":
-			write_data(encrypt(read_data(data_path), pubkey), result_path)
+			write_data(fmt[output_format](encrypt(read_data(data_path), pubkey)), result_path)
+		
 		elif sys.argv[1] == "decrypt":
-			write_data(decrypt(read_data(data_path), get_privkey(privkey_path, pubsec)), result_path)
+			write_data(fmt[output_format](decrypt(read_data(data_path), get_privkey(privkey_path, privkey_format))), result_path)
+		
 		elif sys.argv[1] == "sign":
-			write_data(sign(read_data(data_path), get_privkey(privkey_path, pubsec)), result_path)
+			data = read_data(data_path)
+			signed = sign(data, get_privkey(privkey_path, privkey_format))
+			
+			if "--noinc" in sys.argv:
+				signed = signed[:len(signed)-len(data)]
+			
+			write_data(fmt[output_format](signed), result_path)
+		
 		elif sys.argv[1] == "verify":
-			write_data(verify(read_data(data_path), pubkey), result_path)
+			write_data(fmt[output_format](verify(read_data(data_path), pubkey)), result_path)
+		
 		else:
 			show_help()
+		
 	except Exception as e:
+		if "--debug" in sys.argv:
+			0/0 # DEBUG MODE
 		sys.stderr.write("Error: {}\n".format(e))
 		show_help()
 		exit(1)

zen/README.md

@@ -125,5 +125,5 @@ IPFS SWARM :
 ```
 g1pub=$(cat ~/.ssb/secret.dunikey | grep 'pub:' | cut -d ' ' -f 2)
 ~/.zen/astroport/zen/tools/natools.py encrypt -p $g1pub -i file -o file.crypt
-~/.zen/astroport/zen/tools/natools.py decrypt --pubsec -k ~/.ssb/secret.dunikey -i file.crypt -o file
+~/.zen/astroport/zen/tools/natools.py decrypt -f pubsec -k ~/.ssb/secret.dunikey -i file.crypt -o file
 ```

zen/ssb_INIT.sh

@@ -128,12 +128,16 @@ $imagefile
 $id : $type : $size bits
 
 "
-nodename=$(cat /etc/hostname)
-extension=$(echo $nodename | cut -d '.' -f 2)
-if [[ $extension == $nodename ]]; then
-    nodename=$nodename.home
+# NOT WORKING, sudo inside !!!
+#nodename=$(~/.zen/astroport/zen/tools/nodename)
+nodename=$(cat /home/$YOU/.zen/ipfs/.$IPFSNODEID/G1SSB/_nodename)
+if [[ $nodename == "" ]]; then
+    nodename=$(cat /etc/hostname)
+    extension=$(echo$ nodename | cut -d '.' -f 2)
+    if [[ $extension == $nodename ]]; then
+        nodename=$nodename.home
+    fi
 fi
-
 ########################################################################
 # DUNITER G1 Wallet balance
 export LC_ALL=C.UTF-8 #attipix

zen/ssb_SURVEY_swarmkey.sh

@@ -99,7 +99,7 @@ to ~/.ipfs/ipfs_swarm.key
 echo "http://localhost:8989/blobs/get/$mylink"
 continue 
         curl -s "http://localhost:8989/blobs/get/$mylink" > $mytmp/ipfs_swarm.key.crypt
-        $MY_PATH/tools/natools.py decrypt --pubsec -k ~/.ssb/secret.dunikey -i $mytmp/ipfs_swarm.key.crypt -o ~/.ipfs/ipfs_swarm.key && \
+        $MY_PATH/tools/natools.py decrypt -f pubsec -k ~/.ssb/secret.dunikey -i $mytmp/ipfs_swarm.key.crypt -o ~/.ipfs/ipfs_swarm.key && \
         echo  "IPFS SWARM KEY ~/.ipfs/ipfs_swarm.key received from SSB $author ... OK !"
 
 

zen/tools/make_G1SSB_secret.sh

@@ -91,14 +91,9 @@ echo '
 \____/_/  |_/____/___//____/  
                               
 ' | lolcat
+
 nodename=$(curl -s https://git.p2p.legal/axiom-team/astroport/raw/master/zen/tools/nodename | bash)
-extension=$(echo $nodename | cut -d '.' -f 2)
-if [[ $extension == $nodename ]]; then
-    PUB="false"
-    nodename=$nodename.local
-else
-    PUB="true"
-fi
+
 if [[ ! $(which oasis) ]]; then
     echo "INSTALL....  http://$nodename"
     echo "ENTER Station accessible Network name !!! Suggestion : $nodename"

zen/tools/natools.py

@@ -17,7 +17,9 @@
 	along with this program.  If not, see <https://www.gnu.org/licenses/>.
 """
 
-import os, sys, duniterpy.key, libnacl.sign
+__version__ = "1.0"
+
+import os, sys, duniterpy.key, libnacl.sign, base58, base64, getpass
 
 def getargv(arg:str, default:str="", n:int=1, args:list=sys.argv) -> str:
 	if arg in args and len(args) > args.index(arg)+n:
@@ -36,7 +38,7 @@ def read_data(data_path, b=True):
 
 def write_data(data, result_path):
 	if result_path == "-":
-		sys.stdout.write(data.decode())
+		os.fdopen(sys.stdout.fileno(), 'wb').write(data)
 	else:
 		open(os.path.expanduser(result_path), "wb").write(data)
 
@@ -57,11 +59,54 @@ def verify(data, pubkey):
 		sys.stderr.write("Bad signature!\n")
 		exit(1)
 
-def get_privkey(privkey_path, pubsec):
-	if pubsec:
+def get_privkey(privkey_path, privkey_format):
+	if privkey_format == "pubsec":
+		if privkey_path == "*":
+			privkey_path = "privkey.pubsec"
 		return duniterpy.key.SigningKey.from_pubsec_file(privkey_path)
-	else:
+	
+	elif privkey_format == "cred":
+		if privkey_path == "*":
+			privkey_path = "-"
+		if privkey_path == "-":
+			return duniterpy.key.SigningKey.from_credentials(getpass.getpass("Password: "), getpass.getpass("Salt: "))
+		else:
+			return duniterpy.key.SigningKey.from_credentials_file(privkey_path)
+	
+	elif privkey_format == "seedh":
+		if privkey_path == "*":
+			privkey_path = "authfile.seedhex"
 		return duniterpy.key.SigningKey.from_seedhex(read_data(privkey_path, False))
+	
+	elif privkey_format == "wif":
+		if privkey_path == "*":
+			privkey_path = "authfile.wif"
+		return duniterpy.key.SigningKey.from_wif_or_ewif_file(privkey_path)
+	
+	elif privkey_format == "wifh":
+		if privkey_path == "*":
+			privkey_path = "authfile.wif"
+		return duniterpy.key.SigningKey.from_wif_or_ewif_hex(privkey_path)
+	
+	elif privkey_format == "ssb":
+		if privkey_path == "*":
+			privkey_path = "secret"
+		return duniterpy.key.SigningKey.from_ssb_file(privkey_path)
+	
+	elif privkey_format == "key":
+		if privkey_path == "*":
+			privkey_path = "authfile.key"
+		return duniterpy.key.SigningKey.from_private_key(privkey_path)
+
+fmt = {
+	"raw": lambda data: data,
+	"16": lambda data: data.hex().encode(),
+	"32": lambda data: base64.b32encode(data),
+	"58": lambda data: base58.b58encode(data),
+	"64": lambda data: base64.b64encode(data),
+	"64u": lambda data: base64.urlsafe_b64encode(data),
+	"85": lambda data: base64.b85encode(data),
+}
 
 def show_help():
 	print("""Usage:
@@ -74,11 +119,18 @@ Commands:
   verify   Verify data
 
 Options:
+  -f <fmt>   Private key format (default: cred)
+   key cred pubsec seedh ssb wif wifh
   -i <path>  Input file path (default: -)
-  -k <path>  Privkey file path (default: authfile.key)
-  --pubsec   Use pub/sec format for -p
+  -k <path>  Privkey file path (* for auto) (default: *)
   -p <str>   Pubkey (base58)
   -o <path>  Output file path (default: -)
+  --noinc    Do not include msg after signature
+  -O <fmt>   Output format: raw 16 32 58 64 64u 85 (default: raw)
+  
+  --help     Show help
+  --version  Show version
+  --debug    Debug mode (display full errors)
 
 Note: "-" means stdin or stdout.
 """)
@@ -89,24 +141,42 @@ if __name__ == "__main__":
 		show_help()
 		exit()
 	
+	if "--version" in sys.argv:
+		print(__version__)
+		exit()
+	
+	privkey_format = getargv("-f", "auto")
 	data_path = getargv("-i", "-")
-	privkey_path = getargv("-k", "authfile.key")
-	pubsec = "--pubsec" in sys.argv
+	privkey_path = getargv("-k", "*")
 	pubkey = getargv("-p")
 	result_path = getargv("-o", "-")
+	output_format = getargv("-O", "raw")
 	
 	try:
 		if sys.argv[1] == "encrypt":
-			write_data(encrypt(read_data(data_path), pubkey), result_path)
+			write_data(fmt[output_format](encrypt(read_data(data_path), pubkey)), result_path)
+		
 		elif sys.argv[1] == "decrypt":
-			write_data(decrypt(read_data(data_path), get_privkey(privkey_path, pubsec)), result_path)
+			write_data(fmt[output_format](decrypt(read_data(data_path), get_privkey(privkey_path, privkey_format))), result_path)
+		
 		elif sys.argv[1] == "sign":
-			write_data(sign(read_data(data_path), get_privkey(privkey_path, pubsec)), result_path)
+			data = read_data(data_path)
+			signed = sign(data, get_privkey(privkey_path, privkey_format))
+			
+			if "--noinc" in sys.argv:
+				signed = signed[:len(signed)-len(data)]
+			
+			write_data(fmt[output_format](signed), result_path)
+		
 		elif sys.argv[1] == "verify":
-			write_data(verify(read_data(data_path), pubkey), result_path)
+			write_data(fmt[output_format](verify(read_data(data_path), pubkey)), result_path)
+		
 		else:
 			show_help()
+		
 	except Exception as e:
+		if "--debug" in sys.argv:
+			0/0 # DEBUG MODE
 		sys.stderr.write("Error: {}\n".format(e))
 		show_help()
 		exit(1)