diff --git a/keygen b/keygen index 09f7121..31818f9 100755 --- a/keygen +++ b/keygen @@ -54,7 +54,7 @@ class keygen: "-d", "--debug", action="store_true", - help="show debug informations (WARNING: THIS WILL PRINT PRIVATE KEY VALUE)", + help="show debug informations (WARNING: including SECRET KEY value)", ) self.parser.add_argument( "-i", @@ -76,18 +76,30 @@ class keygen: default=None, help="write public and secret keys to file OUTPUT", ) + self.parser.add_argument( + "-p", + "--public", + action="store_true", + help="show only public key", + ) self.parser.add_argument( "-q", "--quiet", action="store_true", help="show only errors", ) + self.parser.add_argument( + "-s", + "--secret", + action="store_true", + help="show only secret key", + ) self.parser.add_argument( "-t", "--type", dest="type", - default="ipfs", - help="output key type : [ duniter | ipfs ]", + default="base58", + help="output key type : [ base58 | duniter | ipfs ]", ) self.parser.add_argument( "-v", @@ -118,26 +130,32 @@ class keygen: def _cleanup(self): log.debug("keygen._cleanup()") - if hasattr(keygen, 'base58_secret_key'): + if hasattr(self, 'armored_pgp_secret_key'): + clearmem(self.armored_pgp_secret_key) + if hasattr(self, 'base58_secret_key'): clearmem(self.base58_secret_key) - if hasattr(keygen, 'duniter'): - if hasattr(keygen.duniter, 'sk'): + if hasattr(self, 'duniter'): + if hasattr(self.duniter, 'sk'): clearmem(self.duniterpy.sk) - if hasattr(keygen, 'ed25519_secret_bytes'): + if hasattr(self, 'ed25519_secret_bytes'): clearmem(self.ed25519_secret_bytes) - if hasattr(keygen, 'ed25519_secret_pem_pkcs8'): + if hasattr(self, 'ed25519_secret_pem_pkcs8'): clearmem(self.ed25519_secret_pem_pkcs8) - if hasattr(keygen, 'ipfs_privkey'): + if hasattr(self, 'ipfs_privkey'): clearmem(self.ipfs_privkey) - if hasattr(keygen, 'password'): - clearmem(self.password) - if hasattr(keygen, 'pgpy'): - clearmem(self.pgpy._key.keymaterial.p) - clearmem(self.pgpy._key.keymaterial.q) - clearmem(self.pgpy._key.keymaterial.s) - if hasattr(keygen, 'pgpy_key_seed'): + if hasattr(self, 'password'): + if self.password: + clearmem(self.password) + if hasattr(self, 'pgpy'): + if hasattr(self.pgpy._key.keymaterial, 'p') and not isinstance(self.pgpy._key.keymaterial.p, object): + clearmem(self.pgpy._key.keymaterial.p) + if hasattr(self.pgpy._key.keymaterial, 'q'): + clearmem(self.pgpy._key.keymaterial.q) + if hasattr(self.pgpy._key.keymaterial, 's'): + clearmem(self.pgpy._key.keymaterial.s) + if hasattr(self, 'pgpy_key_seed'): clearmem(self.pgpy_key_seed) - if hasattr(keygen, 'pgpy_key_value'): + if hasattr(self, 'pgpy_key_value'): clearmem(self.pgpy_key_value) def _invalid_type(self): @@ -176,9 +194,7 @@ class keygen: self._check_args(args) self._load_config() - # self.gpg = gpg.Context(armor=True, offline=True, homedir=GNUPGHOME) - self.gpg = gpg.Context( armor=True, - offline=True) + self.gpg = gpg.Context(armor=True, offline=True) self.gpg.set_passphrase_cb(self.gpg_passphrase_cb) self.ed25519(args) method = getattr(self, f'do_{self.type}', self._invalid_type) @@ -199,12 +215,18 @@ class keygen: elif re.search("sec", line): self.base58_secret_key = line.replace('\n','').split(': ')[1] - def do_duniter(self): + def do_base58(self): log.debug("keygen.do_duniter()") self.base58_from_ed25519() if self.output is None: - print("pub: %s" % self.base58_public_key) - print("sec: %s" % self.base58_secret_key) + if not self.public and not self.secret: + print("pub: %s" % self.base58_public_key) + print("sec: %s" % self.base58_secret_key) + else: + if self.public: + print(self.base58_public_key) + if self.secret: + print(self.base58_secret_key) else: with open(self.output, "w") as fh: fh.write(f"""Type: PubSec @@ -216,12 +238,21 @@ sec: {self.base58_secret_key} os.chmod(self.output, 0o600) self._cleanup() + def do_duniter(self): + self.do_base58() + def do_ipfs(self): log.debug("keygen.do_ipfs()") self.ipfs_from_ed25519() if self.output is None: - print("PeerID: %s" % self.ipfs_peerid) - print("PrivKEY: %s" % self.ipfs_privkey) + if not self.public and not self.secret: + print("PeerID: %s" % self.ipfs_peerid) + print("PrivKEY: %s" % self.ipfs_privkey) + else: + if self.public: + print(self.ipfs_peerid) + if self.secret: + print(self.ipfs_privkey) else: # with open(self.output, "wb") as fh: # fh.write(self.ipfs_libp2p_protobuf_key) diff --git a/specs/keygen_spec.sh b/specs/keygen_spec.sh index c3f3283..562b9e4 100644 --- a/specs/keygen_spec.sh +++ b/specs/keygen_spec.sh @@ -1,13 +1,21 @@ #shellcheck shell=sh set -eu +TEST_DIR="$(mktemp -d)" +DUNITER_PUBSEC_FILE="${TEST_DIR}/duniter.pubsec" +IPFS_PEM_FILE="${TEST_DIR}/ipfs.pem" + +gpg() { + GNUPGHOME="${TEST_DIR}" command gpg "$@" +} + keygen() { if [ -x ./keygen ]; then - ./keygen "$@" + GNUPGHOME="${TEST_DIR}" ./keygen "$@" elif [ -x ./bin/keygen ]; then - ./bin/keygen "$@" + GNUPGHOME="${TEST_DIR}" ./bin/keygen "$@" else - keygen "$@" + GNUPGHOME="${TEST_DIR}" command keygen "$@" fi } @@ -15,7 +23,7 @@ Describe 'Dependency' Describe 'pinentry:' It 'is available' When run pinentry --help - The output should include "pinentry" + The output should include 'pinentry' The status should be success The stderr should be present End @@ -23,7 +31,7 @@ Describe 'Dependency' Describe 'python3:' It 'is available' When run python3 --help - The output should include "python3" + The output should include 'python3' The status should be success The stderr should equal "" End @@ -56,37 +64,37 @@ Describe 'keygen' The stderr should equal "" End End - Describe '-o /tmp/keygen_test_duniter.pubsec -t duniter username password:' - rm -f /tmp/keygen_test_duniter.pubsec + Describe "-o ${DUNITER_PUBSEC_FILE} -t duniter username password:" + rm -f "${DUNITER_PUBSEC_FILE}" It 'writes duniter keys to file for user username' - When run keygen -o /tmp/keygen_test_duniter.pubsec -t duniter username password - The path '/tmp/keygen_test_duniter.pubsec' should exist - The contents of file '/tmp/keygen_test_duniter.pubsec' should include 'pub: 4YLU1xQ9jzb7LzC6d91VZrYTEKS9N2j93Nnvcee6wxZG' - The contents of file '/tmp/keygen_test_duniter.pubsec' should include 'sec: K5heSX4xGUPtRbxcZh6zbgaKbDv8FeVc9JuSNWtUs7C1oGNKqv7kQJ3DHdouTPzoW4duKKnuLQK8LbHKfN9fkjC' + When run keygen -o "${DUNITER_PUBSEC_FILE}" -t duniter username password + The path "${DUNITER_PUBSEC_FILE}" should exist + The contents of file "${DUNITER_PUBSEC_FILE}" should include 'pub: 4YLU1xQ9jzb7LzC6d91VZrYTEKS9N2j93Nnvcee6wxZG' + The contents of file "${DUNITER_PUBSEC_FILE}" should include 'sec: K5heSX4xGUPtRbxcZh6zbgaKbDv8FeVc9JuSNWtUs7C1oGNKqv7kQJ3DHdouTPzoW4duKKnuLQK8LbHKfN9fkjC' The status should be success The stderr should equal "" End End - Describe '-i /tmp/keygen_test_duniter.pubsec -t ipfs:' + Describe "-i ${DUNITER_PUBSEC_FILE} -t ipfs:" It 'prints ipfs keys for duniter keys read in pubsec file' - When run keygen -i /tmp/keygen_test_duniter.pubsec -t ipfs + When run keygen -i "${DUNITER_PUBSEC_FILE}" -t ipfs The output should include 'PeerID: 12D3KooWDMhdm5yrvtrbkshXFjkqLedHieUnPioczy9wzdnzquHC' The output should include 'PrivKEY: CAESQA+XqCWjRqCjNe9oU3QA796bEH+T+rxgyPQ/EkXvE2MvNJoTbvcP+m51+XwxrmWqHaOpI1ZD0USwLjqAmV8Boas=' The status should be success The stderr should equal "" End End - Describe '-i /tmp/keygen_test_duniter.pubsec -o /tmp/keygen_test_ipfs.pem -t ipfs:' + Describe "-i ${DUNITER_PUBSEC_FILE} -o ${IPFS_PEM_FILE} -t ipfs:" It 'writes ipfs keys to file for duniter keys read in pubsec file' - When run keygen -i /tmp/keygen_test_duniter.pubsec -o /tmp/keygen_test_ipfs.pem -t ipfs - The path '/tmp/keygen_test_ipfs.pem' should exist - The contents of file '/tmp/keygen_test_ipfs.pem' should include '-----BEGIN PRIVATE KEY-----' - The contents of file '/tmp/keygen_test_ipfs.pem' should include 'MC4CAQAwBQYDK2VwBCIEIA+XqCWjRqCjNe9oU3QA796bEH+T+rxgyPQ/EkXvE2Mv' - The contents of file '/tmp/keygen_test_ipfs.pem' should include '-----END PRIVATE KEY-----' + When run keygen -i "${DUNITER_PUBSEC_FILE}" -o "${IPFS_PEM_FILE}" -t ipfs + The path "${IPFS_PEM_FILE}" should exist + The contents of file "${IPFS_PEM_FILE}" should include '-----BEGIN PRIVATE KEY-----' + The contents of file "${IPFS_PEM_FILE}" should include 'MC4CAQAwBQYDK2VwBCIEIA+XqCWjRqCjNe9oU3QA796bEH+T+rxgyPQ/EkXvE2Mv' + The contents of file "${IPFS_PEM_FILE}" should include '-----END PRIVATE KEY-----' The status should be success The stderr should equal "" End - rm -f /tmp/keygen_test_duniter.pubsec /tmp/keygen_test_ipfs.pem + rm -f "${DUNITER_PUBSEC_FILE}" "${IPFS_PEM_FILE}" End Describe '-t ipfs username password:' It 'prints ipfs keys for user username' @@ -97,17 +105,17 @@ Describe 'keygen' The stderr should equal "" End End - Describe '-o /tmp/keygen_test_ipfs.pem -t ipfs username password:' + Describe "-o ${IPFS_PEM_FILE} -t ipfs username password:" It 'writes ipfs keys to file for user username' - When run keygen username password -o /tmp/keygen_test_ipfs.pem -t ipfs - The path '/tmp/keygen_test_ipfs.pem' should exist - The contents of file '/tmp/keygen_test_ipfs.pem' should include '-----BEGIN PRIVATE KEY-----' - The contents of file '/tmp/keygen_test_ipfs.pem' should include 'MC4CAQAwBQYDK2VwBCIEIA+XqCWjRqCjNe9oU3QA796bEH+T+rxgyPQ/EkXvE2Mv' - The contents of file '/tmp/keygen_test_ipfs.pem' should include '-----END PRIVATE KEY-----' + When run keygen username password -o "${IPFS_PEM_FILE}" -t ipfs + The path "${IPFS_PEM_FILE}" should exist + The contents of file "${IPFS_PEM_FILE}" should include '-----BEGIN PRIVATE KEY-----' + The contents of file "${IPFS_PEM_FILE}" should include 'MC4CAQAwBQYDK2VwBCIEIA+XqCWjRqCjNe9oU3QA796bEH+T+rxgyPQ/EkXvE2Mv' + The contents of file "${IPFS_PEM_FILE}" should include '-----END PRIVATE KEY-----' The status should be success The stderr should equal "" End - rm -f /tmp/keygen_test_ipfs.pem + rm -f "${IPFS_PEM_FILE}" End Describe '-t pgp username password birthday:' gpg --batch --import --quiet specs/username.asc @@ -120,7 +128,7 @@ Describe 'keygen' End Describe '-g -t duniter username:' It 'prints duniter keys for gpg key matching username' - When run keygen -g -t duniter 079E5BF4721944FB + When run keygen -g -t duniter username The output should include 'pub: 2g5UL2zhkn5i7oNYDpWo3fBuWvRYVU1AbMtdVmnGzPNv' The output should include 'sec: 5WtYFfA26nTfG496gAKhkrLYUMMnwXexmE1E8Q7PvtQEyscHfirsdMzW34zDp7WEkt3exNEVwoG4ajZYrm62wpi2' The status should be success @@ -129,7 +137,7 @@ Describe 'keygen' End Describe '-g -t duniter username@protected password:' It 'prints duniter keys for gpg key matching username@protected locked with password' - When run keygen -g -t duniter 6222A29CBC31A087 password + When run keygen -g -t duniter username@protected password The output should include 'pub: C1cRu7yb5rZhsmRHQkeZxusAhtYYJypcnXpY3HycEKsU' The output should include 'sec: VWaEdDroSCoagJDsBnDNUtXJtKAJYdqL6XKNiomz8DtiyF44FvpiMmhidXt2j8HhDBKPZ67xBGcZPnj4Myk6cB8' The status should be success @@ -138,7 +146,7 @@ Describe 'keygen' End Describe '-g -t ipfs username:' It 'prints ipfs keys for gpg key matching username' - When run keygen -g -t ipfs 079E5BF4721944FB + When run keygen -g -t ipfs username The output should include 'PeerID: 12D3KooWBVSe5AaQwgMCXgsxrRG8pTGk1FUBXA5eYxFeskwAtL6r' The output should include 'PrivKEY: CAESQOHXwPgzoiDca1ZnvhU/W3zdogZXulkoErnUsqt+ut82GN5k4MIbVvz2m6Vq0ij9fQFPNUz+ZZdv2D31K6mzBQc=' The status should be success @@ -147,59 +155,61 @@ Describe 'keygen' End Describe '-g -t ipfs username@protected password:' It 'prints ipfs keys for gpg key matching username@protected locked with password' - When run keygen -g -t ipfs 6222A29CBC31A087 password + When run keygen -g -t ipfs username@protected password The output should include 'PeerID: 12D3KooWLpybeFZJGkqCHevi3MPujhx1CDbBLfu6k8BZRH8W8GbQ' The output should include 'PrivKEY: CAESQBiV+XnBNnryoeBs6SNj9e7Cd9Xj6INn24wyxxacylYqo5idwBHJto4Vbbp6NQzuUF+e7aCmrCf6y+BSyL42/i8=' The status should be success The stderr should equal "" End End - Describe '-g -o /tmp/keygen_test_duniter.pubsec -t duniter username:' + Describe "-g -o ${DUNITER_PUBSEC_FILE} -t duniter username:" It 'writes duniter keys to file for gpg key matching username' - When run keygen -g -o /tmp/keygen_test_duniter.pubsec -t duniter 079E5BF4721944FB - The path '/tmp/keygen_test_duniter.pubsec' should exist - The contents of file '/tmp/keygen_test_duniter.pubsec' should include 'pub: 2g5UL2zhkn5i7oNYDpWo3fBuWvRYVU1AbMtdVmnGzPNv' - The contents of file '/tmp/keygen_test_duniter.pubsec' should include 'sec: 5WtYFfA26nTfG496gAKhkrLYUMMnwXexmE1E8Q7PvtQEyscHfirsdMzW34zDp7WEkt3exNEVwoG4ajZYrm62wpi2' + When run keygen -g -o "${DUNITER_PUBSEC_FILE}" -t duniter username + The path "${DUNITER_PUBSEC_FILE}" should exist + The contents of file "${DUNITER_PUBSEC_FILE}" should include 'pub: 2g5UL2zhkn5i7oNYDpWo3fBuWvRYVU1AbMtdVmnGzPNv' + The contents of file "${DUNITER_PUBSEC_FILE}" should include 'sec: 5WtYFfA26nTfG496gAKhkrLYUMMnwXexmE1E8Q7PvtQEyscHfirsdMzW34zDp7WEkt3exNEVwoG4ajZYrm62wpi2' The status should be success The stderr should equal "" End - rm -f /tmp/keygen_test_duniter.pubsec + rm -f "${DUNITER_PUBSEC_FILE}" End - Describe '-g -o /tmp/keygen_test_duniter.pubsec -t duniter username@protected password:' + Describe "-g -o ${DUNITER_PUBSEC_FILE} -t duniter username@protected password:" It 'writes duniter keys to file for gpg key matching username@protected locked with password' - When run keygen -g -o /tmp/keygen_test_duniter.pubsec -t duniter 6222A29CBC31A087 password - The path '/tmp/keygen_test_duniter.pubsec' should exist - The contents of file '/tmp/keygen_test_duniter.pubsec' should include 'pub: C1cRu7yb5rZhsmRHQkeZxusAhtYYJypcnXpY3HycEKsU' - The contents of file '/tmp/keygen_test_duniter.pubsec' should include 'sec: VWaEdDroSCoagJDsBnDNUtXJtKAJYdqL6XKNiomz8DtiyF44FvpiMmhidXt2j8HhDBKPZ67xBGcZPnj4Myk6cB8' + When run keygen -g -o "${DUNITER_PUBSEC_FILE}" -t duniter username@protected password + The path "${DUNITER_PUBSEC_FILE}" should exist + The contents of file "${DUNITER_PUBSEC_FILE}" should include 'pub: C1cRu7yb5rZhsmRHQkeZxusAhtYYJypcnXpY3HycEKsU' + The contents of file "${DUNITER_PUBSEC_FILE}" should include 'sec: VWaEdDroSCoagJDsBnDNUtXJtKAJYdqL6XKNiomz8DtiyF44FvpiMmhidXt2j8HhDBKPZ67xBGcZPnj4Myk6cB8' The status should be success The stderr should equal "" End - rm -f /tmp/keygen_test_duniter.pubsec + rm -f "${DUNITER_PUBSEC_FILE}" End - Describe '-g -o /tmp/keygen_test_ipfs.pem -t ipfs username:' + Describe "-g -o ${IPFS_PEM_FILE} -t ipfs username:" It 'writes ipfs keys to file for gpg key matching username' - When run keygen -g -o /tmp/keygen_test_ipfs.pem -t ipfs 079E5BF4721944FB - The path '/tmp/keygen_test_ipfs.pem' should exist - The contents of file '/tmp/keygen_test_ipfs.pem' should include '-----BEGIN PRIVATE KEY-----' - The contents of file '/tmp/keygen_test_ipfs.pem' should include 'MC4CAQAwBQYDK2VwBCIEIOHXwPgzoiDca1ZnvhU/W3zdogZXulkoErnUsqt+ut82' - The contents of file '/tmp/keygen_test_ipfs.pem' should include '-----END PRIVATE KEY-----' + When run keygen -g -o "${IPFS_PEM_FILE}" -t ipfs username + The path "${IPFS_PEM_FILE}" should exist + The contents of file "${IPFS_PEM_FILE}" should include '-----BEGIN PRIVATE KEY-----' + The contents of file "${IPFS_PEM_FILE}" should include 'MC4CAQAwBQYDK2VwBCIEIOHXwPgzoiDca1ZnvhU/W3zdogZXulkoErnUsqt+ut82' + The contents of file "${IPFS_PEM_FILE}" should include '-----END PRIVATE KEY-----' The status should be success The stderr should equal "" End - rm -f /tmp/keygen_test_ipfs.pem + rm -f "${IPFS_PEM_FILE}" End - Describe '-g -o /tmp/keygen_test_ipfs.pem -t ipfs username@protected password:' + Describe "-g -o ${IPFS_PEM_FILE} -t ipfs username@protected password:" It 'writes ipfs keys to file for gpg key matching username@protected locked with password' - When run keygen -g -o /tmp/keygen_test_ipfs.pem -t ipfs 6222A29CBC31A087 password - The path '/tmp/keygen_test_ipfs.pem' should exist - The contents of file '/tmp/keygen_test_ipfs.pem' should include '-----BEGIN PRIVATE KEY-----' - The contents of file '/tmp/keygen_test_ipfs.pem' should include 'MC4CAQAwBQYDK2VwBCIEIBiV+XnBNnryoeBs6SNj9e7Cd9Xj6INn24wyxxacylYq' - The contents of file '/tmp/keygen_test_ipfs.pem' should include '-----END PRIVATE KEY-----' + When run keygen -g -o "${IPFS_PEM_FILE}" -t ipfs username@protected password + The path "${IPFS_PEM_FILE}" should exist + The contents of file "${IPFS_PEM_FILE}" should include '-----BEGIN PRIVATE KEY-----' + The contents of file "${IPFS_PEM_FILE}" should include 'MC4CAQAwBQYDK2VwBCIEIBiV+XnBNnryoeBs6SNj9e7Cd9Xj6INn24wyxxacylYq' + The contents of file "${IPFS_PEM_FILE}" should include '-----END PRIVATE KEY-----' The status should be success The stderr should equal "" End - rm -f /tmp/keygen_test_ipfs.pem + rm -f "${IPFS_PEM_FILE}" End gpg --batch --delete-secret-and-public-key --yes 4D1CDB77E91FFCD81B10F9A7079E5BF4721944FB gpg --batch --delete-secret-and-public-key --yes 6AF574897D4979B7956AC31B6222A29CBC31A087 End + +rm -rf "${TEST_DIR}"