Eureka ! Read/Send OK !

decrypt.py

@@ -1,27 +0,0 @@
-#! /usr/bin/python3
-
-import sys
-from base58 import b58decode
-from base64 import b64decode
-from libnacl import crypto_sign_ed25519_sk_to_curve25519 as private_sign2crypt
-from libnacl import crypto_sign_ed25519_pk_to_curve25519 as public_sign2crypt
-from libnacl.sign import Signer, Verifier
-from libnacl.public import SecretKey, PublicKey, Box
-
-sender_pub = sys.argv[1]
-recip_seed = sys.argv[2]
-nonce = sys.argv[3]
-title = sys.argv[4]
-content = sys.argv[5]
-
-signer = Signer(b58decode(recip_seed))
-sk = SecretKey(private_sign2crypt(signer.sk))
-
-verifier = Verifier(b58decode(sender_pub).hex())
-pk = PublicKey(public_sign2crypt(verifier.vk))
-
-box = Box(sk.sk, pk.pk)
-
-print("Objet: " + box.decrypt(b64decode(nonce) + b64decode(title)).decode('utf-8'))
-print("\n" + box.decrypt(b64decode(nonce) + b64decode(content)).decode('utf-8'))
-

natools.py

@@ -17,9 +17,9 @@
 	along with this program.  If not, see <https://www.gnu.org/licenses/>.
 """
 
-__version__ = "1.2.2"
+__version__ = "1.3.1"
 
-import os, sys, duniterpy.key, libnacl, libnacl.sign, base58, base64, getpass
+import os, sys, duniterpy.key, libnacl, base58, base64, getpass
 
 def getargv(arg:str, default:str="", n:int=1, args:list=sys.argv) -> str:
 	if arg in args and len(args) > args.index(arg)+n:
@@ -30,7 +30,7 @@ def getargv(arg:str, default:str="", n:int=1, args:list=sys.argv) -> str:
 def read_data(data_path, b=True):
 	if data_path == "-":
 		if b:
-			return sys.stdin.read().encode()
+			return sys.stdin.buffer.read()
 		else:
 			return sys.stdin.read()
 	else:
@@ -48,6 +48,23 @@ def encrypt(data, pubkey):
 def decrypt(data, privkey):
 	return privkey.decrypt_seal(data)
 
+def box_encrypt(data, privkey, pubkey, nonce=None, attach_nonce=False):
+	signer = libnacl.sign.Signer(privkey.seed)
+	sk = libnacl.public.SecretKey(libnacl.crypto_sign_ed25519_sk_to_curve25519(signer.sk))
+	verifier = libnacl.sign.Verifier(base58.b58decode(pubkey).hex())
+	pk = libnacl.public.PublicKey(libnacl.crypto_sign_ed25519_pk_to_curve25519(verifier.vk))
+	box = libnacl.public.Box(sk.sk, pk.pk)
+	data = box.encrypt(data, nonce) if nonce else box.encrypt(data)
+	return data if attach_nonce else data[24:]
+
+def box_decrypt(data, privkey, pubkey, nonce=None):
+	signer = libnacl.sign.Signer(privkey.seed)
+	sk = libnacl.public.SecretKey(libnacl.crypto_sign_ed25519_sk_to_curve25519(signer.sk))
+	verifier = libnacl.sign.Verifier(base58.b58decode(pubkey).hex())
+	pk = libnacl.public.PublicKey(libnacl.crypto_sign_ed25519_pk_to_curve25519(verifier.vk))
+	box = libnacl.public.Box(sk.sk, pk.pk)
+	return box.decrypt(data, nonce) if nonce else box.decrypt(data)
+
 def sign(data, privkey):
 	return privkey.sign(data)
 
@@ -131,24 +148,38 @@ fmt = {
 	"85": lambda data: base64.b85encode(data),
 }
 
+defmt = {
+	"raw": lambda data: data,
+	"16": lambda data: bytes.fromhex(data),
+	"32": lambda data: base64.b32decode(data),
+	"58": lambda data: base58.b58decode(data),
+	"64": lambda data: base64.b64decode(data),
+	"85": lambda data: base64.b85decode(data),
+}
+
 def show_help():
 	print("""Usage:
 python3 natools.py <command> [options]
 
 Commands:
-  encrypt  Encrypt data
-  decrypt  Decrypt data
-  sign     Sign data
-  verify   Verify data
-  pubkey   Display pubkey
-  pk       Display b58 pubkey shorthand
+  encrypt      Encrypt data
+  decrypt      Decrypt data
+  box-encrypt  Encrypt data (NaCl box)
+  box-decrypt  Decrypt data (NaCl box)
+  sign         Sign data
+  verify       Verify data
+  pubkey       Display pubkey
+  pk           Display b58 pubkey shorthand
 
 Options:
   -c         Display pubkey checksum
   -f <fmt>   Private key format (default: cred)
    key cred pubsec seedh ssb wif wifh
   -i <path>  Input file path (default: -)
+  -I <fmt>   Input format: raw 16 32 58 64 85 (default: raw)
   -k <path>  Privkey file path (* for auto) (default: *)
+  -n <nonce> Nonce (b64, 24 bytes) (for NaCl box)
+  -N         Attach nonce to output (for NaCl box encryption)
   --noinc    Do not include msg after signature
   -o <path>  Output file path (default: -)
   -O <fmt>   Output format: raw 16 32 58 64 64u 85 (default: raw)
@@ -177,6 +208,7 @@ if __name__ == "__main__":
 	pubkey = getargv("-p")
 	result_path = getargv("-o", "-")
 	output_format = getargv("-O", "raw")
+	input_format = getargv("-I", "raw")
 	
 	if pubkey:
 		pubkey, len_deprecated = check_pubkey(pubkey)
@@ -194,13 +226,32 @@ if __name__ == "__main__":
 			if not pubkey:
 				print("Please provide pubkey!")
 				exit(1)
-			write_data(fmt[output_format](encrypt(read_data(data_path), pubkey)), result_path)
+			write_data(fmt[output_format](encrypt(defmt[input_format](read_data(data_path)), pubkey)), result_path)
 		
 		elif sys.argv[1] == "decrypt":
-			write_data(fmt[output_format](decrypt(read_data(data_path), get_privkey(privkey_path, privkey_format))), result_path)
+			write_data(fmt[output_format](decrypt(defmt[input_format](read_data(data_path)), get_privkey(privkey_path, privkey_format))), result_path)
+		
+		elif sys.argv[1] == "box-encrypt":
+			if not pubkey:
+				print("Please provide pubkey!")
+				exit(1)
+			nonce = getargv("-n", None)
+			if nonce:
+				nonce = base64.b64decode(nonce)
+			attach_nonce = "-N" in sys.argv
+			write_data(fmt[output_format](box_encrypt(defmt[input_format](read_data(data_path)), get_privkey(privkey_path, privkey_format), pubkey, nonce, attach_nonce)), result_path)
+		
+		elif sys.argv[1] == "box-decrypt":
+			if not pubkey:
+				print("Please provide pubkey!")
+				exit(1)
+			nonce = getargv("-n", None)
+			if nonce:
+				nonce = base64.b64decode(nonce)
+			write_data(fmt[output_format](box_decrypt(defmt[input_format](read_data(data_path)), get_privkey(privkey_path, privkey_format), pubkey, nonce)), result_path)
 		
 		elif sys.argv[1] == "sign":
-			data = read_data(data_path)
+			data = defmt[input_format](read_data(data_path))
 			signed = sign(data, get_privkey(privkey_path, privkey_format))
 			
 			if "--noinc" in sys.argv:
@@ -212,7 +263,7 @@ if __name__ == "__main__":
 			if not pubkey:
 				print("Please provide pubkey!")
 				exit(1)
-			write_data(fmt[output_format](verify(read_data(data_path), pubkey)), result_path)
+			write_data(fmt[output_format](verify(defmt[input_format](read_data(data_path)), pubkey)), result_path)
 		
 		elif sys.argv[1] == "pubkey":
 			if pubkey:

readmsg.sh

@@ -52,9 +52,6 @@ fi
 
 [[ -z $(grep -Eo $REGEX_PUBKEYS <<<$recipient) ]] && echo "Le format de la clé publique du destinataire est invalide." && exit 1
 
-times=$(date -u +'%s')
-nonce=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)
-
 document="{\"sort\":{\"time\":\"desc\"},\"from\":0,\"size\":$nbrRaw,\"_source\":[\"issuer\",\"recipient\",\"title\",\"content\",\"time\",\"nonce\",\"read_signature\"],\"query\":{\"bool\":{\"filter\":{\"term\":{\"recipient\":\"$recipient\"}}}}}"
 
 # Envoi du document
@@ -64,7 +61,6 @@ msgContent=$(curl -s -X POST "https://g1.data.duniter.fr/message/$type/_search"
 n=0
 for i in $msgContent; do
     echo -e "=== $n ===\n"
-    #totalMsg='{'$(jq -r .total <<<"$i")'}'
     dataObj=($(jq -r '.issuer,.recipient,.nonce,.title,.content,.time' <<<"$i"))
     issuer="${dataObj[0]}"
     recipient="${dataObj[1]}"
@@ -73,10 +69,10 @@ for i in $msgContent; do
     content="${dataObj[4]}"
     time="${dataObj[5]}"
 
-    # python3 decrypt.py "$issuer" "$duniSeed" "$nonce" "$title" "$content"
-    titleClear=$(./natools.py box-decrypt -p "$issuer" -n "$nonce" -f pubsec -k "$dunikey" <<<"$title")
+    titleClear=$(./natools.py box-decrypt -p $issuer -f pubsec -k $dunikey -n $nonce -I 64 <<< "${title}")
+    contentClear=$(./natools.py box-decrypt -p $issuer -f pubsec -k $dunikey -n $nonce -I 64 <<< "${content}")
     echo "$titleClear"
+    echo "$contentClear"
     echo "========="
     ((n++))
 done
-

sendmsg.sh

@@ -66,17 +66,15 @@ fi
 [[ -z $(grep -Eo $REGEX_PUBKEYS <<<$issuer) ]] && echo "Le format de la clé publique de l'émetteur est invalide." && exit 1
 
 # Récupération et chiffrement du titre et du message
-title=$(head -n1 <<<$message | ./natools.py encrypt --pubsec -p $recipient -O 58)
-content=$(tail -n+2 <<<$message | ./natools.py encrypt --pubsec -p $recipient -O 58)
-
-# title="78FPlouMe63I49IzyNY1B2Uh6s8mBBoBZA=="
-# content="78FPlouMe63I49IzyNY1B2Uh6s8mBBoBZA=="
+nonce=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)
+b58nonce=$(echo $nonce | base64 -d | base58)
+title=$(head -n1 <<<$message | ./natools.py box-encrypt -n $nonce -f pubsec -k $dunikey -p $recipient -O 64)
+content=$(tail -n+2 <<<$message | ./natools.py box-encrypt -n $nonce -f pubsec -k $dunikey -p $recipient -O 64)
 
 times=$(date -u +'%s')
-nonce=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)
 
 # Fabrication du hash
-hashBrut="{\"issuer\":\"$issuer\",\"recipient\":\"$recipient\",\"title\":\"$title\",\"content\":\"$content\",\"time\":$times,\"nonce\":\"$nonce\",\"version\":2}"
+hashBrut="{\"issuer\":\"$issuer\",\"recipient\":\"$recipient\",\"title\":\"$title\",\"content\":\"$content\",\"time\":$times,\"nonce\":\"$b58nonce\",\"version\":2}"
 hash=$(echo -n "$hashBrut" | sha256sum | cut -d ' ' -f1 | awk '{ print toupper($0) }')
 
 # Fabrication de la signature
@@ -88,14 +86,17 @@ jq . <<<$document
 
 # Envoi du document
 #curl -s -i -X OPTIONS "$pod/message/inbox?pubkey=$issuer" -d "pubkey=$issuer"
-msgID=$(curl -s -X POST "$pod/message/inbox?pubkey=$issuer" -d "$document")
+msgID=$(curl -s -X POST "$pod/message/inbox?pubkey=$recipient" -d "$document")
 echo -e "\nMessage ID: $msgID"
 
+
+### Tests mode ###
+
 # Delete the message 1 second later, just for test
-sleep 1 && ./deletemsg.sh -id $msgID
+#sleep 1 && ./deletemsg.sh -id $msgID
 
 # To put the message in outbox too
-# curl -s -X POST "$pod/message/outbox?pubkey=$issuer" -d "$document"
+#curl -s -X POST "$pod/message/outbox?pubkey=$issuer" -d "$document"
 
-# To put the message as read
-# ,\"read_signature\":\"$signature\"
+# To put the message as read, ad this at the end of document
+#,\"read_signature\":\"$signature\"