Eureka ! Read/Send OK !
This commit is contained in:
parent
506963ed40
commit
3cf3c8b8f2
27
decrypt.py
27
decrypt.py
|
@ -1,27 +0,0 @@
|
|||
#! /usr/bin/python3
|
||||
|
||||
import sys
|
||||
from base58 import b58decode
|
||||
from base64 import b64decode
|
||||
from libnacl import crypto_sign_ed25519_sk_to_curve25519 as private_sign2crypt
|
||||
from libnacl import crypto_sign_ed25519_pk_to_curve25519 as public_sign2crypt
|
||||
from libnacl.sign import Signer, Verifier
|
||||
from libnacl.public import SecretKey, PublicKey, Box
|
||||
|
||||
sender_pub = sys.argv[1]
|
||||
recip_seed = sys.argv[2]
|
||||
nonce = sys.argv[3]
|
||||
title = sys.argv[4]
|
||||
content = sys.argv[5]
|
||||
|
||||
signer = Signer(b58decode(recip_seed))
|
||||
sk = SecretKey(private_sign2crypt(signer.sk))
|
||||
|
||||
verifier = Verifier(b58decode(sender_pub).hex())
|
||||
pk = PublicKey(public_sign2crypt(verifier.vk))
|
||||
|
||||
box = Box(sk.sk, pk.pk)
|
||||
|
||||
print("Objet: " + box.decrypt(b64decode(nonce) + b64decode(title)).decode('utf-8'))
|
||||
print("\n" + box.decrypt(b64decode(nonce) + b64decode(content)).decode('utf-8'))
|
||||
|
77
natools.py
77
natools.py
|
@ -17,9 +17,9 @@
|
|||
along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
"""
|
||||
|
||||
__version__ = "1.2.2"
|
||||
__version__ = "1.3.1"
|
||||
|
||||
import os, sys, duniterpy.key, libnacl, libnacl.sign, base58, base64, getpass
|
||||
import os, sys, duniterpy.key, libnacl, base58, base64, getpass
|
||||
|
||||
def getargv(arg:str, default:str="", n:int=1, args:list=sys.argv) -> str:
|
||||
if arg in args and len(args) > args.index(arg)+n:
|
||||
|
@ -30,7 +30,7 @@ def getargv(arg:str, default:str="", n:int=1, args:list=sys.argv) -> str:
|
|||
def read_data(data_path, b=True):
|
||||
if data_path == "-":
|
||||
if b:
|
||||
return sys.stdin.read().encode()
|
||||
return sys.stdin.buffer.read()
|
||||
else:
|
||||
return sys.stdin.read()
|
||||
else:
|
||||
|
@ -48,6 +48,23 @@ def encrypt(data, pubkey):
|
|||
def decrypt(data, privkey):
|
||||
return privkey.decrypt_seal(data)
|
||||
|
||||
def box_encrypt(data, privkey, pubkey, nonce=None, attach_nonce=False):
|
||||
signer = libnacl.sign.Signer(privkey.seed)
|
||||
sk = libnacl.public.SecretKey(libnacl.crypto_sign_ed25519_sk_to_curve25519(signer.sk))
|
||||
verifier = libnacl.sign.Verifier(base58.b58decode(pubkey).hex())
|
||||
pk = libnacl.public.PublicKey(libnacl.crypto_sign_ed25519_pk_to_curve25519(verifier.vk))
|
||||
box = libnacl.public.Box(sk.sk, pk.pk)
|
||||
data = box.encrypt(data, nonce) if nonce else box.encrypt(data)
|
||||
return data if attach_nonce else data[24:]
|
||||
|
||||
def box_decrypt(data, privkey, pubkey, nonce=None):
|
||||
signer = libnacl.sign.Signer(privkey.seed)
|
||||
sk = libnacl.public.SecretKey(libnacl.crypto_sign_ed25519_sk_to_curve25519(signer.sk))
|
||||
verifier = libnacl.sign.Verifier(base58.b58decode(pubkey).hex())
|
||||
pk = libnacl.public.PublicKey(libnacl.crypto_sign_ed25519_pk_to_curve25519(verifier.vk))
|
||||
box = libnacl.public.Box(sk.sk, pk.pk)
|
||||
return box.decrypt(data, nonce) if nonce else box.decrypt(data)
|
||||
|
||||
def sign(data, privkey):
|
||||
return privkey.sign(data)
|
||||
|
||||
|
@ -131,24 +148,38 @@ fmt = {
|
|||
"85": lambda data: base64.b85encode(data),
|
||||
}
|
||||
|
||||
defmt = {
|
||||
"raw": lambda data: data,
|
||||
"16": lambda data: bytes.fromhex(data),
|
||||
"32": lambda data: base64.b32decode(data),
|
||||
"58": lambda data: base58.b58decode(data),
|
||||
"64": lambda data: base64.b64decode(data),
|
||||
"85": lambda data: base64.b85decode(data),
|
||||
}
|
||||
|
||||
def show_help():
|
||||
print("""Usage:
|
||||
python3 natools.py <command> [options]
|
||||
|
||||
Commands:
|
||||
encrypt Encrypt data
|
||||
decrypt Decrypt data
|
||||
sign Sign data
|
||||
verify Verify data
|
||||
pubkey Display pubkey
|
||||
pk Display b58 pubkey shorthand
|
||||
encrypt Encrypt data
|
||||
decrypt Decrypt data
|
||||
box-encrypt Encrypt data (NaCl box)
|
||||
box-decrypt Decrypt data (NaCl box)
|
||||
sign Sign data
|
||||
verify Verify data
|
||||
pubkey Display pubkey
|
||||
pk Display b58 pubkey shorthand
|
||||
|
||||
Options:
|
||||
-c Display pubkey checksum
|
||||
-f <fmt> Private key format (default: cred)
|
||||
key cred pubsec seedh ssb wif wifh
|
||||
-i <path> Input file path (default: -)
|
||||
-I <fmt> Input format: raw 16 32 58 64 85 (default: raw)
|
||||
-k <path> Privkey file path (* for auto) (default: *)
|
||||
-n <nonce> Nonce (b64, 24 bytes) (for NaCl box)
|
||||
-N Attach nonce to output (for NaCl box encryption)
|
||||
--noinc Do not include msg after signature
|
||||
-o <path> Output file path (default: -)
|
||||
-O <fmt> Output format: raw 16 32 58 64 64u 85 (default: raw)
|
||||
|
@ -177,6 +208,7 @@ if __name__ == "__main__":
|
|||
pubkey = getargv("-p")
|
||||
result_path = getargv("-o", "-")
|
||||
output_format = getargv("-O", "raw")
|
||||
input_format = getargv("-I", "raw")
|
||||
|
||||
if pubkey:
|
||||
pubkey, len_deprecated = check_pubkey(pubkey)
|
||||
|
@ -194,13 +226,32 @@ if __name__ == "__main__":
|
|||
if not pubkey:
|
||||
print("Please provide pubkey!")
|
||||
exit(1)
|
||||
write_data(fmt[output_format](encrypt(read_data(data_path), pubkey)), result_path)
|
||||
write_data(fmt[output_format](encrypt(defmt[input_format](read_data(data_path)), pubkey)), result_path)
|
||||
|
||||
elif sys.argv[1] == "decrypt":
|
||||
write_data(fmt[output_format](decrypt(read_data(data_path), get_privkey(privkey_path, privkey_format))), result_path)
|
||||
write_data(fmt[output_format](decrypt(defmt[input_format](read_data(data_path)), get_privkey(privkey_path, privkey_format))), result_path)
|
||||
|
||||
elif sys.argv[1] == "box-encrypt":
|
||||
if not pubkey:
|
||||
print("Please provide pubkey!")
|
||||
exit(1)
|
||||
nonce = getargv("-n", None)
|
||||
if nonce:
|
||||
nonce = base64.b64decode(nonce)
|
||||
attach_nonce = "-N" in sys.argv
|
||||
write_data(fmt[output_format](box_encrypt(defmt[input_format](read_data(data_path)), get_privkey(privkey_path, privkey_format), pubkey, nonce, attach_nonce)), result_path)
|
||||
|
||||
elif sys.argv[1] == "box-decrypt":
|
||||
if not pubkey:
|
||||
print("Please provide pubkey!")
|
||||
exit(1)
|
||||
nonce = getargv("-n", None)
|
||||
if nonce:
|
||||
nonce = base64.b64decode(nonce)
|
||||
write_data(fmt[output_format](box_decrypt(defmt[input_format](read_data(data_path)), get_privkey(privkey_path, privkey_format), pubkey, nonce)), result_path)
|
||||
|
||||
elif sys.argv[1] == "sign":
|
||||
data = read_data(data_path)
|
||||
data = defmt[input_format](read_data(data_path))
|
||||
signed = sign(data, get_privkey(privkey_path, privkey_format))
|
||||
|
||||
if "--noinc" in sys.argv:
|
||||
|
@ -212,7 +263,7 @@ if __name__ == "__main__":
|
|||
if not pubkey:
|
||||
print("Please provide pubkey!")
|
||||
exit(1)
|
||||
write_data(fmt[output_format](verify(read_data(data_path), pubkey)), result_path)
|
||||
write_data(fmt[output_format](verify(defmt[input_format](read_data(data_path)), pubkey)), result_path)
|
||||
|
||||
elif sys.argv[1] == "pubkey":
|
||||
if pubkey:
|
||||
|
|
10
readmsg.sh
10
readmsg.sh
|
@ -52,9 +52,6 @@ fi
|
|||
|
||||
[[ -z $(grep -Eo $REGEX_PUBKEYS <<<$recipient) ]] && echo "Le format de la clé publique du destinataire est invalide." && exit 1
|
||||
|
||||
times=$(date -u +'%s')
|
||||
nonce=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)
|
||||
|
||||
document="{\"sort\":{\"time\":\"desc\"},\"from\":0,\"size\":$nbrRaw,\"_source\":[\"issuer\",\"recipient\",\"title\",\"content\",\"time\",\"nonce\",\"read_signature\"],\"query\":{\"bool\":{\"filter\":{\"term\":{\"recipient\":\"$recipient\"}}}}}"
|
||||
|
||||
# Envoi du document
|
||||
|
@ -64,7 +61,6 @@ msgContent=$(curl -s -X POST "https://g1.data.duniter.fr/message/$type/_search"
|
|||
n=0
|
||||
for i in $msgContent; do
|
||||
echo -e "=== $n ===\n"
|
||||
#totalMsg='{'$(jq -r .total <<<"$i")'}'
|
||||
dataObj=($(jq -r '.issuer,.recipient,.nonce,.title,.content,.time' <<<"$i"))
|
||||
issuer="${dataObj[0]}"
|
||||
recipient="${dataObj[1]}"
|
||||
|
@ -73,10 +69,10 @@ for i in $msgContent; do
|
|||
content="${dataObj[4]}"
|
||||
time="${dataObj[5]}"
|
||||
|
||||
# python3 decrypt.py "$issuer" "$duniSeed" "$nonce" "$title" "$content"
|
||||
titleClear=$(./natools.py box-decrypt -p "$issuer" -n "$nonce" -f pubsec -k "$dunikey" <<<"$title")
|
||||
titleClear=$(./natools.py box-decrypt -p $issuer -f pubsec -k $dunikey -n $nonce -I 64 <<< "${title}")
|
||||
contentClear=$(./natools.py box-decrypt -p $issuer -f pubsec -k $dunikey -n $nonce -I 64 <<< "${content}")
|
||||
echo "$titleClear"
|
||||
echo "$contentClear"
|
||||
echo "========="
|
||||
((n++))
|
||||
done
|
||||
|
||||
|
|
25
sendmsg.sh
25
sendmsg.sh
|
@ -66,17 +66,15 @@ fi
|
|||
[[ -z $(grep -Eo $REGEX_PUBKEYS <<<$issuer) ]] && echo "Le format de la clé publique de l'émetteur est invalide." && exit 1
|
||||
|
||||
# Récupération et chiffrement du titre et du message
|
||||
title=$(head -n1 <<<$message | ./natools.py encrypt --pubsec -p $recipient -O 58)
|
||||
content=$(tail -n+2 <<<$message | ./natools.py encrypt --pubsec -p $recipient -O 58)
|
||||
|
||||
# title="78FPlouMe63I49IzyNY1B2Uh6s8mBBoBZA=="
|
||||
# content="78FPlouMe63I49IzyNY1B2Uh6s8mBBoBZA=="
|
||||
nonce=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)
|
||||
b58nonce=$(echo $nonce | base64 -d | base58)
|
||||
title=$(head -n1 <<<$message | ./natools.py box-encrypt -n $nonce -f pubsec -k $dunikey -p $recipient -O 64)
|
||||
content=$(tail -n+2 <<<$message | ./natools.py box-encrypt -n $nonce -f pubsec -k $dunikey -p $recipient -O 64)
|
||||
|
||||
times=$(date -u +'%s')
|
||||
nonce=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)
|
||||
|
||||
# Fabrication du hash
|
||||
hashBrut="{\"issuer\":\"$issuer\",\"recipient\":\"$recipient\",\"title\":\"$title\",\"content\":\"$content\",\"time\":$times,\"nonce\":\"$nonce\",\"version\":2}"
|
||||
hashBrut="{\"issuer\":\"$issuer\",\"recipient\":\"$recipient\",\"title\":\"$title\",\"content\":\"$content\",\"time\":$times,\"nonce\":\"$b58nonce\",\"version\":2}"
|
||||
hash=$(echo -n "$hashBrut" | sha256sum | cut -d ' ' -f1 | awk '{ print toupper($0) }')
|
||||
|
||||
# Fabrication de la signature
|
||||
|
@ -88,14 +86,17 @@ jq . <<<$document
|
|||
|
||||
# Envoi du document
|
||||
#curl -s -i -X OPTIONS "$pod/message/inbox?pubkey=$issuer" -d "pubkey=$issuer"
|
||||
msgID=$(curl -s -X POST "$pod/message/inbox?pubkey=$issuer" -d "$document")
|
||||
msgID=$(curl -s -X POST "$pod/message/inbox?pubkey=$recipient" -d "$document")
|
||||
echo -e "\nMessage ID: $msgID"
|
||||
|
||||
|
||||
### Tests mode ###
|
||||
|
||||
# Delete the message 1 second later, just for test
|
||||
sleep 1 && ./deletemsg.sh -id $msgID
|
||||
#sleep 1 && ./deletemsg.sh -id $msgID
|
||||
|
||||
# To put the message in outbox too
|
||||
# curl -s -X POST "$pod/message/outbox?pubkey=$issuer" -d "$document"
|
||||
#curl -s -X POST "$pod/message/outbox?pubkey=$issuer" -d "$document"
|
||||
|
||||
# To put the message as read
|
||||
# ,\"read_signature\":\"$signature\"
|
||||
# To put the message as read, ad this at the end of document
|
||||
#,\"read_signature\":\"$signature\"
|
||||
|
|
Loading…
Reference in New Issue