From 3cf3c8b8f29641534f2aaa7927aee26e1d9b3940 Mon Sep 17 00:00:00 2001 From: poka Date: Tue, 10 Nov 2020 11:08:07 +0100 Subject: [PATCH] Eureka ! Read/Send OK ! --- decrypt.py | 27 ------------------- natools.py | 77 +++++++++++++++++++++++++++++++++++++++++++++--------- readmsg.sh | 10 +++---- sendmsg.sh | 25 +++++++++--------- 4 files changed, 80 insertions(+), 59 deletions(-) delete mode 100755 decrypt.py diff --git a/decrypt.py b/decrypt.py deleted file mode 100755 index 5010209..0000000 --- a/decrypt.py +++ /dev/null @@ -1,27 +0,0 @@ -#! /usr/bin/python3 - -import sys -from base58 import b58decode -from base64 import b64decode -from libnacl import crypto_sign_ed25519_sk_to_curve25519 as private_sign2crypt -from libnacl import crypto_sign_ed25519_pk_to_curve25519 as public_sign2crypt -from libnacl.sign import Signer, Verifier -from libnacl.public import SecretKey, PublicKey, Box - -sender_pub = sys.argv[1] -recip_seed = sys.argv[2] -nonce = sys.argv[3] -title = sys.argv[4] -content = sys.argv[5] - -signer = Signer(b58decode(recip_seed)) -sk = SecretKey(private_sign2crypt(signer.sk)) - -verifier = Verifier(b58decode(sender_pub).hex()) -pk = PublicKey(public_sign2crypt(verifier.vk)) - -box = Box(sk.sk, pk.pk) - -print("Objet: " + box.decrypt(b64decode(nonce) + b64decode(title)).decode('utf-8')) -print("\n" + box.decrypt(b64decode(nonce) + b64decode(content)).decode('utf-8')) - diff --git a/natools.py b/natools.py index c69cb22..18f06d1 100755 --- a/natools.py +++ b/natools.py @@ -17,9 +17,9 @@ along with this program. If not, see . """ -__version__ = "1.2.2" +__version__ = "1.3.1" -import os, sys, duniterpy.key, libnacl, libnacl.sign, base58, base64, getpass +import os, sys, duniterpy.key, libnacl, base58, base64, getpass def getargv(arg:str, default:str="", n:int=1, args:list=sys.argv) -> str: if arg in args and len(args) > args.index(arg)+n: @@ -30,7 +30,7 @@ def getargv(arg:str, default:str="", n:int=1, args:list=sys.argv) -> str: def read_data(data_path, b=True): if data_path == "-": if b: - return sys.stdin.read().encode() + return sys.stdin.buffer.read() else: return sys.stdin.read() else: @@ -48,6 +48,23 @@ def encrypt(data, pubkey): def decrypt(data, privkey): return privkey.decrypt_seal(data) +def box_encrypt(data, privkey, pubkey, nonce=None, attach_nonce=False): + signer = libnacl.sign.Signer(privkey.seed) + sk = libnacl.public.SecretKey(libnacl.crypto_sign_ed25519_sk_to_curve25519(signer.sk)) + verifier = libnacl.sign.Verifier(base58.b58decode(pubkey).hex()) + pk = libnacl.public.PublicKey(libnacl.crypto_sign_ed25519_pk_to_curve25519(verifier.vk)) + box = libnacl.public.Box(sk.sk, pk.pk) + data = box.encrypt(data, nonce) if nonce else box.encrypt(data) + return data if attach_nonce else data[24:] + +def box_decrypt(data, privkey, pubkey, nonce=None): + signer = libnacl.sign.Signer(privkey.seed) + sk = libnacl.public.SecretKey(libnacl.crypto_sign_ed25519_sk_to_curve25519(signer.sk)) + verifier = libnacl.sign.Verifier(base58.b58decode(pubkey).hex()) + pk = libnacl.public.PublicKey(libnacl.crypto_sign_ed25519_pk_to_curve25519(verifier.vk)) + box = libnacl.public.Box(sk.sk, pk.pk) + return box.decrypt(data, nonce) if nonce else box.decrypt(data) + def sign(data, privkey): return privkey.sign(data) @@ -131,24 +148,38 @@ fmt = { "85": lambda data: base64.b85encode(data), } +defmt = { + "raw": lambda data: data, + "16": lambda data: bytes.fromhex(data), + "32": lambda data: base64.b32decode(data), + "58": lambda data: base58.b58decode(data), + "64": lambda data: base64.b64decode(data), + "85": lambda data: base64.b85decode(data), +} + def show_help(): print("""Usage: python3 natools.py [options] Commands: - encrypt Encrypt data - decrypt Decrypt data - sign Sign data - verify Verify data - pubkey Display pubkey - pk Display b58 pubkey shorthand + encrypt Encrypt data + decrypt Decrypt data + box-encrypt Encrypt data (NaCl box) + box-decrypt Decrypt data (NaCl box) + sign Sign data + verify Verify data + pubkey Display pubkey + pk Display b58 pubkey shorthand Options: -c Display pubkey checksum -f Private key format (default: cred) key cred pubsec seedh ssb wif wifh -i Input file path (default: -) + -I Input format: raw 16 32 58 64 85 (default: raw) -k Privkey file path (* for auto) (default: *) + -n Nonce (b64, 24 bytes) (for NaCl box) + -N Attach nonce to output (for NaCl box encryption) --noinc Do not include msg after signature -o Output file path (default: -) -O Output format: raw 16 32 58 64 64u 85 (default: raw) @@ -177,6 +208,7 @@ if __name__ == "__main__": pubkey = getargv("-p") result_path = getargv("-o", "-") output_format = getargv("-O", "raw") + input_format = getargv("-I", "raw") if pubkey: pubkey, len_deprecated = check_pubkey(pubkey) @@ -194,13 +226,32 @@ if __name__ == "__main__": if not pubkey: print("Please provide pubkey!") exit(1) - write_data(fmt[output_format](encrypt(read_data(data_path), pubkey)), result_path) + write_data(fmt[output_format](encrypt(defmt[input_format](read_data(data_path)), pubkey)), result_path) elif sys.argv[1] == "decrypt": - write_data(fmt[output_format](decrypt(read_data(data_path), get_privkey(privkey_path, privkey_format))), result_path) + write_data(fmt[output_format](decrypt(defmt[input_format](read_data(data_path)), get_privkey(privkey_path, privkey_format))), result_path) + + elif sys.argv[1] == "box-encrypt": + if not pubkey: + print("Please provide pubkey!") + exit(1) + nonce = getargv("-n", None) + if nonce: + nonce = base64.b64decode(nonce) + attach_nonce = "-N" in sys.argv + write_data(fmt[output_format](box_encrypt(defmt[input_format](read_data(data_path)), get_privkey(privkey_path, privkey_format), pubkey, nonce, attach_nonce)), result_path) + + elif sys.argv[1] == "box-decrypt": + if not pubkey: + print("Please provide pubkey!") + exit(1) + nonce = getargv("-n", None) + if nonce: + nonce = base64.b64decode(nonce) + write_data(fmt[output_format](box_decrypt(defmt[input_format](read_data(data_path)), get_privkey(privkey_path, privkey_format), pubkey, nonce)), result_path) elif sys.argv[1] == "sign": - data = read_data(data_path) + data = defmt[input_format](read_data(data_path)) signed = sign(data, get_privkey(privkey_path, privkey_format)) if "--noinc" in sys.argv: @@ -212,7 +263,7 @@ if __name__ == "__main__": if not pubkey: print("Please provide pubkey!") exit(1) - write_data(fmt[output_format](verify(read_data(data_path), pubkey)), result_path) + write_data(fmt[output_format](verify(defmt[input_format](read_data(data_path)), pubkey)), result_path) elif sys.argv[1] == "pubkey": if pubkey: diff --git a/readmsg.sh b/readmsg.sh index b77de0e..50a3e89 100755 --- a/readmsg.sh +++ b/readmsg.sh @@ -52,9 +52,6 @@ fi [[ -z $(grep -Eo $REGEX_PUBKEYS <<<$recipient) ]] && echo "Le format de la clé publique du destinataire est invalide." && exit 1 -times=$(date -u +'%s') -nonce=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1) - document="{\"sort\":{\"time\":\"desc\"},\"from\":0,\"size\":$nbrRaw,\"_source\":[\"issuer\",\"recipient\",\"title\",\"content\",\"time\",\"nonce\",\"read_signature\"],\"query\":{\"bool\":{\"filter\":{\"term\":{\"recipient\":\"$recipient\"}}}}}" # Envoi du document @@ -64,7 +61,6 @@ msgContent=$(curl -s -X POST "https://g1.data.duniter.fr/message/$type/_search" n=0 for i in $msgContent; do echo -e "=== $n ===\n" - #totalMsg='{'$(jq -r .total <<<"$i")'}' dataObj=($(jq -r '.issuer,.recipient,.nonce,.title,.content,.time' <<<"$i")) issuer="${dataObj[0]}" recipient="${dataObj[1]}" @@ -73,10 +69,10 @@ for i in $msgContent; do content="${dataObj[4]}" time="${dataObj[5]}" - # python3 decrypt.py "$issuer" "$duniSeed" "$nonce" "$title" "$content" - titleClear=$(./natools.py box-decrypt -p "$issuer" -n "$nonce" -f pubsec -k "$dunikey" <<<"$title") + titleClear=$(./natools.py box-decrypt -p $issuer -f pubsec -k $dunikey -n $nonce -I 64 <<< "${title}") + contentClear=$(./natools.py box-decrypt -p $issuer -f pubsec -k $dunikey -n $nonce -I 64 <<< "${content}") echo "$titleClear" + echo "$contentClear" echo "=========" ((n++)) done - diff --git a/sendmsg.sh b/sendmsg.sh index 1033784..1f44cc3 100755 --- a/sendmsg.sh +++ b/sendmsg.sh @@ -66,17 +66,15 @@ fi [[ -z $(grep -Eo $REGEX_PUBKEYS <<<$issuer) ]] && echo "Le format de la clé publique de l'émetteur est invalide." && exit 1 # Récupération et chiffrement du titre et du message -title=$(head -n1 <<<$message | ./natools.py encrypt --pubsec -p $recipient -O 58) -content=$(tail -n+2 <<<$message | ./natools.py encrypt --pubsec -p $recipient -O 58) - -# title="78FPlouMe63I49IzyNY1B2Uh6s8mBBoBZA==" -# content="78FPlouMe63I49IzyNY1B2Uh6s8mBBoBZA==" +nonce=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1) +b58nonce=$(echo $nonce | base64 -d | base58) +title=$(head -n1 <<<$message | ./natools.py box-encrypt -n $nonce -f pubsec -k $dunikey -p $recipient -O 64) +content=$(tail -n+2 <<<$message | ./natools.py box-encrypt -n $nonce -f pubsec -k $dunikey -p $recipient -O 64) times=$(date -u +'%s') -nonce=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1) # Fabrication du hash -hashBrut="{\"issuer\":\"$issuer\",\"recipient\":\"$recipient\",\"title\":\"$title\",\"content\":\"$content\",\"time\":$times,\"nonce\":\"$nonce\",\"version\":2}" +hashBrut="{\"issuer\":\"$issuer\",\"recipient\":\"$recipient\",\"title\":\"$title\",\"content\":\"$content\",\"time\":$times,\"nonce\":\"$b58nonce\",\"version\":2}" hash=$(echo -n "$hashBrut" | sha256sum | cut -d ' ' -f1 | awk '{ print toupper($0) }') # Fabrication de la signature @@ -88,14 +86,17 @@ jq . <<<$document # Envoi du document #curl -s -i -X OPTIONS "$pod/message/inbox?pubkey=$issuer" -d "pubkey=$issuer" -msgID=$(curl -s -X POST "$pod/message/inbox?pubkey=$issuer" -d "$document") +msgID=$(curl -s -X POST "$pod/message/inbox?pubkey=$recipient" -d "$document") echo -e "\nMessage ID: $msgID" + +### Tests mode ### + # Delete the message 1 second later, just for test -sleep 1 && ./deletemsg.sh -id $msgID +#sleep 1 && ./deletemsg.sh -id $msgID # To put the message in outbox too -# curl -s -X POST "$pod/message/outbox?pubkey=$issuer" -d "$document" +#curl -s -X POST "$pod/message/outbox?pubkey=$issuer" -d "$document" -# To put the message as read -# ,\"read_signature\":\"$signature\" +# To put the message as read, ad this at the end of document +#,\"read_signature\":\"$signature\"