aya
/
dpgpid
1
0
Fork 1
Code Issues 1 Pull Requests 1 Projects Releases Wiki Activity

Compare commits

base: aya:793c96f458996a9b30145abf11bb34dd505ea6c0
Branches Tags
aya:master
aya:wip
...
compare: aya:c84b59e2cf9a9074f96234a65c0e03ad406d7980
Branches Tags
aya:wip
aya:master

2 Commits
793c96f458 ... c84b59e2cf

Author SHA1 Message Date
Yann Autissier c84b59e2cf new input/output format 
* add JWK input/output format
* bump version v0.0.5
 2022-09-27 16:34:30 +02:00
Yann Autissier 2c6f5a924c new input/output formats 
* add b58mh and b64mh text output
* add protobuf2 input file
 2022-09-24 00:12:58 +02:00
5 changed files with 549 additions and 272 deletions
Show Stats Expand all files Collapse all files

21
Makefile
View File

@ -1,28 +1,35 @@
.PHONY: all default install shellcheck-% shellspec-% tests uninstall
BINDIR ?= $(PREFIX)/bin
PREFIX ?= /usr/local
.PHONY: all default install shellcheck-% shellspec-% tests uninstall
-include $(MYOS)/make/include.mk
MYOS ?= ../myos
MYOS_REPOSITORY ?= $(patsubst %/dpgpid,%/myos,$(shell git config --get remote.origin.url 2>/dev/null))
MYOS_REPOSITORY ?= $(patsubst %/$(THIS),%/myos,$(THIS_REPOSITORY))
THIS ?= $(lastword $(subst /, ,$(THIS_REPOSITORY)))
THIS_REPOSITORY ?= $(shell git config --get remote.origin.url 2>/dev/null)
$(MYOS):
-@git clone $(MYOS_REPOSITORY) $(MYOS)
-include $(MYOS)/make/include.mk
default: tests
all: install tests
install:
install: $(if $(shell which pip3),pip3-install,pip3-not-found)
mkdir -p "$(BINDIR)"
install dpgpid "$(BINDIR)/dpgpid"
install keygen "$(BINDIR)/keygen"
pip install -r requirements.txt
pip3-install:
pip3 install -r requirements.txt
pip3-not-found:
printf "WARNING: pip3 not found, please manually install python modules from requirements.txt\n"
shellcheck-%:
shellcheck $*/*.sh
@shellcheck $*/*.sh
shellspec-%:
shellspec -f tap $*
@shellspec -f tap $*
tests: shellcheck-specs shellspec-specs

26
docker/dpgpid/Dockerfile
View File

@ -8,9 +8,20 @@ ARG PROCESSOR_ARCHITECTURE=$(uname -m)
ARG PYTHON_RELEASE=3.10
WORKDIR /opt/dpgpid
COPY requirements.txt ./
RUN apk upgrade --no-cache \
&& apk add --no-cache --repository http://dl-cdn.alpinelinux.org/alpine/edge/community/ --virtual .build-deps \
&& apk add --no-cache \
bash \
ca-certificates \
gettext \
gpg \
gpg-agent \
libc6-compat \
libsodium \
make
COPY requirements.txt ./
RUN apk add --no-cache --repository http://dl-cdn.alpinelinux.org/alpine/edge/community/ --virtual .build-deps \
build-base \
libffi-dev \
py3-gpgme \
@ -27,16 +38,7 @@ RUN apk upgrade --no-cache \
|awk 'system("[ -e /lib/"$1" -o -e /usr/lib/"$1" -o -e ./lib/python'"${PYTHON_RELEASE}"'/site-packages/*/"$1" ]") == 0 { next } { print "so:" $1 }' \
|xargs -rt apk add --no-cache --repository http://dl-cdn.alpinelinux.org/alpine/edge/community/
RUN apk add --no-cache \
bash \
ca-certificates \
gettext \
gpg \
gpg-agent \
libc6-compat \
libsodium \
make \
&& OS="$(echo ${OPERATING_SYSTEM} |awk '{print tolower($0)}')"; \
RUN OS="$(echo ${OPERATING_SYSTEM} |awk '{print tolower($0)}')"; \
ARCH="$(echo ${PROCESSOR_ARCHITECTURE})"; \
wget -qO - https://github.com/koalaman/shellcheck/releases/download/stable/shellcheck-stable.${OS}.${ARCH}.tar.xz \
|tar --strip-components 1 -C ./bin -xJf - \

680
keygen
View File

@ -1,6 +1,6 @@
#!/usr/bin/env python3
# link: https://git.p2p.legal/aya/dpgpid/
# desc: generate ed25519 keys suitables for duniter or ipfs
# desc: generate ed25519 keys for duniter and ipfs from gpg
# Copyleft 2022 Yann Autissier <aya@asycn.io>
# all crypto science belongs to Pascal Engélibert <tuxmain@zettascript.org>
@ -31,6 +31,7 @@ from cryptography.hazmat.primitives.asymmetric import ed25519
from cryptography.hazmat.primitives import serialization
import duniterpy.key
import gpg
from jwcrypto import jwk
import logging as log
import nacl.bindings
import nacl.encoding
@ -44,27 +45,27 @@ import sys
import time
import warnings
__version__='0.0.4'
__version__='0.0.5'
class keygen:
def __init__(self):
# desc: generate ed25519 keys suitables for duniter or ipfs
self.parser = argparse.ArgumentParser(description="""
Generate ed25519 keys suitables for duniter and ipfs.
It converts an ed25519 key, duniter username/password, or a GPG key, to
a duniter wallet or an IPFS PeerID/PrivateKEY.""")
Generate ed25519 keys for duniter and ipfs from gpg.
It converts a gpg key, a duniter username/password, or any ed25519 key to
a duniter wallet or an IPFS key.""")
self.parser.add_argument(
"-d",
"--debug",
action="store_true",
help="show debug informations (WARNING: including SECRET KEY value)",
help="show debug informations (WARNING: including SECRET KEY)",
)
self.parser.add_argument(
"-f",
"--format",
dest="format",
choices=['ewif', 'jwk', 'nacl','pb2','pem','pubsec','seed','wif'],
default=None,
help="output file format: [ewif|nacl|pb2|pem|pubsec|seed|wif], default: pem (pkcs8)",
dest="format",
help="output file format, default: pem (pkcs8)",
)
self.parser.add_argument(
"-g",
@ -76,8 +77,8 @@ class keygen:
"-i",
"--input",
dest="input",
default=None,
help="read ed25519 key from file INPUT, autodetect format: [credentials|ewif|libnacl|mnemonic|pubsec|seedhex|wif]",
help="read ed25519 key from file FILE, autodetect format: {credentials,ewif,jwk,nacl,mnemonic,pb2,pubsec,seed,wif}",
metavar='FILE',
)
self.parser.add_argument(
"-k",
@ -96,7 +97,8 @@ class keygen:
"--output",
dest="output",
default=None,
help="write ed25519 key to file OUTPUT",
help="write ed25519 key to file FILE",
metavar='FILE',
)
self.parser.add_argument(
"-p",
@ -114,14 +116,15 @@ class keygen:
"-s",
"--secret",
action="store_true",
help="show secret key",
help="show only secret key",
)
self.parser.add_argument(
"-t",
"--type",
dest="type",
choices=['b58mh','b64mh','base58','base64','duniter','ipfs','jwk'],
default="base58",
help="output text format: [base58|base64|duniter|ipfs], default: base58",
dest="type",
help="output text format, default: base58",
)
self.parser.add_argument(
"-v",
@ -145,12 +148,8 @@ class keygen:
def _check_args(self, args):
log.debug("keygen._check_args(%s)" % args)
if self.input is None:
if self.password is None:
if self.username is None:
self.parser.error(f"keygen requires an input file or username args")
if self.format not in [None, 'ewif', 'nacl', 'pb2', 'pem', 'pubsec', 'seed', 'wif']:
self.parser.error(f"format not valid")
if self.input is None and self.username is None:
self.parser.error('keygen requires an input file or a username')
def _cleanup(self):
log.debug("keygen._cleanup()")
@ -173,21 +172,25 @@ class keygen:
if hasattr(self, 'ed25519_secret_pem_pkcs8') and self.ed25519_secret_pem_pkcs8:
clearmem(self.ed25519_secret_pem_pkcs8)
log.debug("cleared: keygen.ed25515_secret_pem_pkcs8")
if hasattr(self, 'ed25519_secret_protobuf2') and self.ed25519_secret_protobuf2:
clearmem(self.ed25519_secret_protobuf2)
log.debug("cleared: keygen.ed25515_secret_protobuf2")
if hasattr(self, 'ed25519_secret_protobuf') and self.ed25519_secret_protobuf:
clearmem(self.ed25519_secret_protobuf)
log.debug("cleared: keygen.ed25515_secret_protobuf")
if hasattr(self, 'ed25519_seed_bytes') and self.ed25519_seed_bytes:
clearmem(self.ed25519_seed_bytes)
log.debug("cleared: keygen.ed25519_seed_bytes")
if hasattr(self, 'ipfs_privkey') and self.ipfs_privkey:
clearmem(self.ipfs_privkey)
log.debug("cleared: keygen.ipfs_privkey")
if hasattr(self, 'jwk'):
if hasattr(self.jwk, 'd') and self.jwk.d:
clearmem(self.jwk.d)
log.debug("cleared: keygen.jwk.d")
if hasattr(self, 'password') and self.password:
clearmem(self.password)
log.debug("cleared: keygen.password")
if hasattr(self, 'pgp_secret_armored') and self.pgp_secret_armored:
clearmem(self.pgp_secret_armored)
log.debug("cleared: keygen.pgp_secret_armored")
if hasattr(self, 'pgp_secret_armor') and self.pgp_secret_armor:
clearmem(self.pgp_secret_armor)
log.debug("cleared: keygen.pgp_secret_armor")
if hasattr(self, 'pgpy'):
if hasattr(self.pgpy._key.keymaterial, 'p') and self.pgpy._key.keymaterial.p and not isinstance(self.pgpy._key.keymaterial.p, pgpy.packet.fields.ECPoint):
clearmem(self.pgpy._key.keymaterial.p)
@ -204,7 +207,7 @@ class keygen:
def _invalid_type(self):
log.debug("keygen._invalid_type()")
self.parser.error(f"type: {self.type} is not valid.")
self.parser.error(f"type {self.type} is not valid.")
def _load_config(self):
log.debug("keygen._load_config()")
@ -224,48 +227,74 @@ class keygen:
def _output_file(self):
log.debug("keygen._output_file()")
if self.format == 'ewif':
if not hasattr(self, 'duniterpy'):
self.duniterpy_from_ed25519()
if not self.password:
with pynentry.PynEntry() as p:
p.description = f"""Data in EWIF file needs to be encrypted.
Please enter a password to encrypt seed.
"""
p.prompt = 'Passphrase:'
try:
self.password = p.get_pin()
except pynentry.PinEntryCancelled:
log.warning('Cancelled! Goodbye.')
self._cleanup()
exit(2)
self.duniterpy.save_ewif_file(self.output, self.password)
elif self.format == 'nacl':
if not hasattr(self, 'duniterpy'):
self.duniterpy_from_ed25519()
self.duniterpy.save_private_key(self.output)
elif self.format == 'pb2':
if not hasattr(self, 'ed25519_secret_protobuf2'):
self.protobuf2_from_ed25519()
with open(self.output, "wb") as fh:
fh.write(self.ed25519_secret_protobuf2)
elif self.format == 'pubsec':
if not hasattr(self, 'duniterpy'):
self.duniterpy_from_ed25519()
self.duniterpy.save_pubsec_file(self.output)
elif self.format == 'seed':
if not hasattr(self, 'duniterpy'):
self.duniterpy_from_ed25519()
self.duniterpy.save_seedhex_file(self.output)
elif self.format == 'wif':
if not hasattr(self, 'duniterpy'):
self.duniterpy_from_ed25519()
self.duniterpy.save_wif_file(self.output)
else:
if not hasattr(self, 'ed25519_secret_pem_pkcs8'):
self.pem_pkcs8_from_ed25519()
with open(self.output, "w") as fh:
fh.write(self.ed25519_secret_pem_pkcs8)
try:
if self.format == 'dewif':
if not hasattr(self, 'duniterpy'):
self.duniterpy_from_ed25519_seed_bytes()
if not self.password:
with pynentry.PynEntry() as p:
p.description = f"""Data in DEWIF file needs to be encrypted.
Please enter a password to encrypt seed.
"""
p.prompt = 'Passphrase:'
try:
self.password = p.get_pin()
except pynentry.PinEntryCancelled:
log.warning('Cancelled! Goodbye.')
self._cleanup()
exit(1)
self.duniterpy.save_dewif_v1_file(self.output, self.password)
elif self.format == 'ewif':
if not hasattr(self, 'duniterpy'):
self.duniterpy_from_ed25519_seed_bytes()
if not self.password:
with pynentry.PynEntry() as p:
p.description = f"""Data in EWIF file needs to be encrypted.
Please enter a password to encrypt seed.
"""
p.prompt = 'Passphrase:'
try:
self.password = p.get_pin()
except pynentry.PinEntryCancelled:
log.warning('Cancelled! Goodbye.')
self._cleanup()
exit(1)
self.duniterpy.save_ewif_file(self.output, self.password)
elif self.format == 'jwk':
if not hasattr(self, 'jwk'):
self.jwk_from_ed25519()
with open(self.output, "w") as file:
file.write(self.jwk.export())
elif self.format == 'nacl':
if not hasattr(self, 'duniterpy'):
self.duniterpy_from_ed25519_seed_bytes()
self.duniterpy.save_private_key(self.output)
elif self.format == 'pb2':
if not hasattr(self, 'ed25519_secret_protobuf'):
self.protobuf_from_ed25519()
with open(self.output, "wb") as file:
file.write(self.ed25519_secret_protobuf)
elif self.format == 'pubsec':
if not hasattr(self, 'duniterpy'):
self.duniterpy_from_ed25519_seed_bytes()
self.duniterpy.save_pubsec_file(self.output)
elif self.format == 'seed':
if not hasattr(self, 'duniterpy'):
self.duniterpy_from_ed25519_seed_bytes()
self.duniterpy.save_seedhex_file(self.output)
elif self.format == 'wif':
if not hasattr(self, 'duniterpy'):
self.duniterpy_from_ed25519_seed_bytes()
self.duniterpy.save_wif_file(self.output)
else:
if not hasattr(self, 'ed25519_secret_pem_pkcs8'):
self.pem_pkcs8_from_ed25519()
with open(self.output, "w") as file:
file.write(self.ed25519_secret_pem_pkcs8)
except Exception as e:
log.error(f'Unable to output file {self.output}: {e}')
self._cleanup()
exit(2)
def _output_text(self, public_key, secret_key, public_key_prefix, secret_key_prefix):
log.debug("keygen._output_text()")
@ -305,27 +334,65 @@ class keygen:
method = getattr(self, f'do_{self.type}', self._invalid_type)
return method()
def b58mh_from_protobuf(self):
log.debug("keygen.b58mh_from_protobuf()")
try:
self.ed25519_public_b58mh = base58.b58encode(self.ed25519_public_protobuf).decode('ascii')
self.ed25519_secret_b58mh = base58.b58encode(self.ed25519_secret_protobuf).decode('ascii')
except Exception as e:
log.error(f'Unable to get b58mh from protobuf: {e}')
self._cleanup()
exit(2)
log.debug("keygen.ed25519_public_b58mh=%s" % self.ed25519_public_b58mh)
log.debug("keygen.ed25519_secret_b58mh=%s" % self.ed25519_secret_b58mh)
def b64mh_from_protobuf(self):
log.debug("keygen.b64mh_from_protobuf()")
try:
self.ed25519_public_b64mh = base64.b64encode(self.ed25519_public_protobuf).decode('ascii')
self.ed25519_secret_b64mh = base64.b64encode(self.ed25519_secret_protobuf).decode('ascii')
except Exception as e:
log.error(f'Unable to get b64mh from protobuf: {e}')
self._cleanup()
exit(2)
log.debug("keygen.ed25519_public_b64mh=%s" % self.ed25519_public_b64mh)
log.debug("keygen.ed25519_secret_b64mh=%s" % self.ed25519_secret_b64mh)
def base58_from_ed25519(self):
log.debug("keygen.base58_from_ed25519()")
self.ed25519_public_base58 = base58.b58encode(self.ed25519_public_bytes).decode('ascii')
try:
self.ed25519_public_base58 = base58.b58encode(self.ed25519_public_bytes).decode('ascii')
self.ed25519_secret_base58 = base58.b58encode(self.ed25519_secret_bytes).decode('ascii')
except Exception as e:
log.error(f'Unable to get base58 from ed25519: {e}')
self._cleanup()
exit(2)
log.debug("keygen.ed25519_public_base58=%s" % self.ed25519_public_base58)
self.ed25519_secret_base58 = base58.b58encode(self.ed25519_secret_bytes).decode('ascii')
log.debug("keygen.ed25519_secret_base58=%s" % self.ed25519_secret_base58)
def base64_from_ed25519(self):
log.debug("keygen.base64_from_ed25519()")
self.ed25519_public_base64 = base64.b64encode(self.ed25519_public_bytes).decode('ascii')
try:
self.ed25519_public_base64 = base64.b64encode(self.ed25519_public_bytes).decode('ascii')
self.ed25519_secret_base64 = base64.b64encode(self.ed25519_secret_bytes).decode('ascii')
except Exception as e:
log.error(f'Unable to get base64 from ed25519: {e}')
self._cleanup()
exit(2)
log.debug("keygen.ed25519_public_base64=%s" % self.ed25519_public_base64)
self.ed25519_secret_base64 = base64.b64encode(self.ed25519_secret_bytes).decode('ascii')
log.debug("keygen.ed25519_secret_base64=%s" % self.ed25519_secret_base64)
def base58_from_pubsec(self):
log.debug("keygen.base58_from_pubsec()")
for line in open(self.input, "r"):
if re.search("pub", line):
self.ed25519_public_base58 = line.replace('\n','').split(': ')[1]
elif re.search("sec", line):
self.ed25519_secret_base58 = line.replace('\n','').split(': ')[1]
def do_b58mh(self):
log.debug("keygen.do_b58mh()")
self.protobuf_from_ed25519()
self.b58mh_from_protobuf()
self._output(self.ed25519_public_b58mh, self.ed25519_secret_b58mh, 'pub: ', 'sec: ')
def do_b64mh(self):
log.debug("keygen.do_b64mh()")
self.protobuf_from_ed25519()
self.b64mh_from_protobuf()
self._output(self.ed25519_public_b64mh, self.ed25519_secret_b64mh, 'pub: ', 'sec: ')
def do_base58(self):
log.debug("keygen.do_base58()")
@ -338,44 +405,62 @@ class keygen:
self._output(self.ed25519_public_base64, self.ed25519_secret_base64, 'pub: ', 'sec: ')
def do_duniter(self):
log.debug("keygen.do_duniter()")
if not self.format:
self.format = 'pubsec'
self.do_base58()
self.base58_from_ed25519()
self._output(self.ed25519_public_base58, self.ed25519_secret_base58, 'pub: ', 'sec: ')
def do_ipfs(self):
log.debug("keygen.do_ipfs()")
self.protobuf2_from_ed25519()
self.ipfs_from_protobuf2()
self._output(self.ipfs_peerid, self.ipfs_privkey, 'PeerID: ', 'PrivKEY: ')
self.protobuf_from_ed25519()
self.b58mh_from_protobuf()
self.b64mh_from_protobuf()
self._output(self.ed25519_public_b58mh, self.ed25519_secret_b64mh, 'PeerID: ', 'PrivKEY: ')
def do_jwk(self):
log.debug("keygen.do_jwk()")
self.jwk_from_ed25519()
self._output(self.jwk.export_public(), self.jwk.export_private(), 'pub: ', 'sec: ')
def duniterpy_from_credentials(self):
log.debug("keygen.duniterpy_from_credentials()")
scrypt_params = duniterpy.key.scrypt_params.ScryptParams(
int(self.config.get('scrypt', 'n')) if self.config.has_option('scrypt', 'n') else 4096,
int(self.config.get('scrypt', 'r')) if self.config.has_option('scrypt', 'r') else 16,
int(self.config.get('scrypt', 'p')) if self.config.has_option('scrypt', 'p') else 1,
int(self.config.get('scrypt', 'sl')) if self.config.has_option('scrypt', 'sl') else 32,
)
if not self.password:
with pynentry.PynEntry() as p:
p.description = f"""Please enter the passord for username "{self.username}"."""
p.prompt = 'Passsord:'
try:
self.password = p.get_pin()
except pynentry.PinEntryCancelled:
log.warning('Cancelled! Goodbye.')
self._cleanup()
exit(2)
self.duniterpy = duniterpy.key.SigningKey.from_credentials(
self.username,
self.password,
scrypt_params
)
try:
scrypt_params = duniterpy.key.scrypt_params.ScryptParams(
int(self.config.get('scrypt', 'n')) if self.config.has_option('scrypt', 'n') else 4096,
int(self.config.get('scrypt', 'r')) if self.config.has_option('scrypt', 'r') else 16,
int(self.config.get('scrypt', 'p')) if self.config.has_option('scrypt', 'p') else 1,
int(self.config.get('scrypt', 'sl')) if self.config.has_option('scrypt', 'sl') else 32,
)
if not self.password:
with pynentry.PynEntry() as p:
p.description = f"""Please enter the passord for username "{self.username}"."""
p.prompt = 'Passsord:'
try:
self.password = p.get_pin()
except pynentry.PinEntryCancelled:
log.warning('Cancelled! Goodbye.')
self._cleanup()
exit(1)
self.duniterpy = duniterpy.key.SigningKey.from_credentials(
self.username,
self.password,
scrypt_params
)
except Exception as e:
log.error(f'Unable to get duniter from credentials: {e}')
self._cleanup()
exit(2)
log.debug("keygen.duniterpy.seed: %s" % self.duniterpy.seed)
def duniterpy_from_ed25519(self):
log.debug("keygen.duniterpy_from_ed25519()")
self.duniterpy = duniterpy.key.SigningKey(self.ed25519_secret_bytes[:32])
def duniterpy_from_ed25519_seed_bytes(self):
log.debug("keygen.duniterpy_from_ed25519_seed_bytes()")
try:
self.duniterpy = duniterpy.key.SigningKey(self.ed25519_seed_bytes)
except Exception as e:
log.error(f'Unable to get duniterpy from ed25519 seed bytes: {e}')
self._cleanup()
exit(2)
log.debug("keygen.duniterpy.seed: %s" % self.duniterpy.seed)
def duniterpy_from_file(self):
@ -386,17 +471,18 @@ class keygen:
if len(lines) > 0:
line = lines[0].strip()
regex_ewif = re.compile('^Type: EWIF$')
regex_nacl = re.compile('^\\s*{\\s*"priv":\\s*"[0-9a-fA-F]+",\\s*"verify":\\s*"[0-9a-fA-F]+",\\s*"sign":\\s*"[0-9a-fA-F]+"\\s*}$')
regex_jwk = re.compile('^\\s*{\\s*"crv":\\s*"Ed25519",\\s*"d":\\s*"(.)+",\\s*"kty":\\s*"OKP",\\s*"x":\\s*"(.)+"\\s*}')
regex_nacl = re.compile('^\\s*{\\s*"priv":\\s*"[0-9a-fA-F]+",\\s*"verify":\\s*"[0-9a-fA-F]+",\\s*"sign":\\s*"[0-9a-fA-F]+"\\s*}')
regex_pem = re.compile('^-----BEGIN PRIVATE KEY-----$')
regex_pubsec = re.compile('^Type: PubSec$')
regex_seed = re.compile('^[0-9a-fA-F]{64}$')
regex_ssb = re.compile('\\s*{\\s*"curve": "ed25519",\\s*"public": "(.+)\\.ed25519",\\s*"private":\\s*"(.+)\\.ed25519",\\s*"id":\\s*"@(.+).ed25519"\\s*}')
regex_ssb = re.compile('\\s*{\\s*"curve":\\s*"ed25519",\\s*"public":\\s*"(.+)\\.ed25519",\\s*"private":\\s*"(.+)\\.ed25519",\\s*"id":\\s*"@(.+).ed25519"\\s*}')
regex_wif = re.compile('^Type: WIF$')
if re.search(regex_ewif, line):
log.info("input file format detected: ewif")
if not self.password:
with pynentry.PynEntry() as p:
p.description = f"""Data in EWIF file needs to be decrypted.
p.description = f"""Data in EWIF file is encrypted.
Please enter a password to decrypt seed.
"""
p.prompt = 'Passphrase:'
@ -405,17 +491,20 @@ class keygen:
except pynentry.PinEntryCancelled:
log.warning('Cancelled! Goodbye.')
self._cleanup()
exit(2)
exit(1)
self.duniterpy = duniterpy.key.SigningKey.from_ewif_file(self.input, self.password)
elif re.search(regex_jwk, line):
log.info("input file format detected: jwk")
self.jwk_from_json(line)
self.ed25519_seed_bytes_from_jwk()
self.duniterpy_from_ed25519_seed_bytes()
elif re.search(regex_nacl, line):
log.info("input file format detected: nacl")
self.duniterpy = duniterpy.key.SigningKey.from_private_key(self.input)
elif re.search(regex_pem, line):
log.info("input file format detected: pem")
self.ed25519_secret_bytes = serialization.load_pem_private_key(''.join(lines).encode(), password=None).private_bytes(encoding=serialization.Encoding.Raw, format=serialization.PrivateFormat.Raw, encryption_algorithm=serialization.NoEncryption())
self.duniterpy_from_ed25519()
## at this stage, self.ed25519_secret_bytes contains only the 32 seed bytes and not the 32 seed bytes + 32 public bytes as it should
# we need to call self.ed25519_from_duniterpy() later to correctly build the self.ed25519_secret_bytes
self.ed25519_seed_bytes_from_pem(''.join(lines).encode())
self.duniterpy_from_ed25519_seed_bytes()
elif re.search(regex_pubsec, line):
log.info("input file format detected: pubsec")
self.duniterpy = duniterpy.key.SigningKey.from_pubsec_file(self.input)
@ -438,25 +527,68 @@ class keygen:
self.password = lines[1].strip()
self.duniterpy_from_credentials()
else:
raise NotImplementedError(f"""unable to detect input file format.""")
raise NotImplementedError('unknown input file format.')
else:
raise NotImplementedError('empty file.')
except UnicodeDecodeError as e:
try:
with open(self.input, 'rb') as file:
lines = file.readlines()
if len(lines) > 0:
line = lines[0].strip()
regex_dewif = re.compile(b'^\x00\x00\x00\x01\x00\x00\x00\x01')
regex_pb2 = re.compile(b'^\x08\x01\x12@')
if re.search(regex_dewif, line):
log.info("input file format detected: dewif")
if not self.password:
with pynentry.PynEntry() as p:
p.description = f"""Data in DEWIF file is encrypted.
Please enter a password to decrypt seed.
"""
p.prompt = 'Passphrase:'
try:
self.password = p.get_pin()
except pynentry.PinEntryCancelled:
log.warning('Cancelled! Goodbye.')
self._cleanup()
exit(1)
self.duniterpy = duniterpy.key.SigningKey.from_dewif_file(self.input, self.password)
if re.search(regex_pb2, line):
log.info("input file format detected: pb2")
self.ed25519_secret_protobuf = line
self.ed25519_seed_bytes_from_protobuf()
self.duniterpy_from_ed25519_seed_bytes()
else:
raise NotImplementedError('unknown input file format.')
else:
raise NotImplementedError('empty file.')
except Exception as e:
log.error(f'Unable to get duniterpy from file {self.input}: {e}')
self._cleanup()
exit(2)
except Exception as e:
log.error(f"""Unable to open file {self.input}: {e}""")
log.error(f'Unable to get duniterpy from file {self.input}: {e}')
self._cleanup()
exit(1)
exit(2)
log.debug("keygen.duniterpy.seed: %s" % self.duniterpy.seed)
def duniterpy_from_mnemonic(self):
log.debug("keygen.duniterpy_from_mnemonic()")
scrypt_params = duniterpy.key.scrypt_params.ScryptParams(
int(self.config.get('scrypt', 'n')) if self.config.has_option('scrypt', 'n') else 4096,
int(self.config.get('scrypt', 'r')) if self.config.has_option('scrypt', 'r') else 16,
int(self.config.get('scrypt', 'p')) if self.config.has_option('scrypt', 'p') else 1,
int(self.config.get('scrypt', 'sl')) if self.config.has_option('scrypt', 'sl') else 32,
)
self.duniterpy = duniterpy.key.SigningKey.from_dubp_mnemonic(
self.username,
scrypt_params
)
try:
scrypt_params = duniterpy.key.scrypt_params.ScryptParams(
int(self.config.get('scrypt', 'n')) if self.config.has_option('scrypt', 'n') else 4096,
int(self.config.get('scrypt', 'r')) if self.config.has_option('scrypt', 'r') else 16,
int(self.config.get('scrypt', 'p')) if self.config.has_option('scrypt', 'p') else 1,
int(self.config.get('scrypt', 'sl')) if self.config.has_option('scrypt', 'sl') else 32,
)
self.duniterpy = duniterpy.key.SigningKey.from_dubp_mnemonic(
self.username,
scrypt_params
)
except Exception as e:
log.error(f'Unable to get duniterpy from mnemonic: {e}')
self._cleanup()
exit(2)
log.debug("keygen.duniterpy.seed: %s" % self.duniterpy.seed)
def ed25519(self, args):
@ -473,131 +605,204 @@ class keygen:
self.duniterpy_from_credentials()
self.ed25519_from_duniterpy()
def ed25519_from_base58(self):
log.debug("keygen.ed25519_from_base58()")
self.ed25519_public_bytes = base58.b58decode(self.ed25519_public_base58)
self.ed25519_secret_bytes = base58.b58decode(self.ed25519_secret_base58)
log.debug("keygen.ed25519_public_bytes=%s" % self.ed25519_public_bytes)
log.debug("keygen.ed25519_secret_bytes=%s" % self.ed25519_secret_bytes)
def ed25519_from_duniterpy(self):
log.debug("keygen.ed25519_from_duniterpy()")
self.ed25519_public_bytes = base58.b58decode(self.duniterpy.pubkey)
self.ed25519_secret_bytes = self.duniterpy.sk
log.debug("keygen.ed25519_public_bytes=%s" % self.ed25519_public_bytes)
log.debug("keygen.ed25519_secret_bytes=%s" % self.ed25519_secret_bytes)
try:
self.ed25519_seed_bytes_from_duniterpy()
self.ed25519_from_seed_bytes()
except:
log.error(f'Unable to get ed25519 from duniterpy: {e}')
self._cleanup()
exit(2)
def ed25519_from_gpg(self):
log.debug("keygen.ed25519_from_gpg()")
self.pgpy_from_gpg()
self.ed25519_from_pgpy()
def pgpy_from_gpg(self):
log.debug("keygen.pgpy_from_gpg()")
self.gpg_seckeys = list(self.gpg.keylist(pattern=self.username, secret=True))
log.debug("keygen.gpg_seckeys=%s" % self.gpg_seckeys)
if not self.gpg_seckeys:
log.error(f"""Unable to find any key matching username "{self.username}".""")
self._cleanup()
exit(1)
else:
self.gpg_seckey = self.gpg_seckeys[0]
log.info(f"""Found key id "{self.gpg_seckey.fpr}" matching username "{self.username}".""")
log.debug("keygen.gpg_seckey.expired=%s" % self.gpg_seckey.expired)
log.debug("keygen.gpg_seckey.fpr=%s" % self.gpg_seckey.fpr)
log.debug("keygen.gpg_seckey.revoked=%s" % self.gpg_seckey.revoked)
log.debug("keygen.gpg_seckey.uids=%s" % self.gpg_seckey.uids)
log.debug("keygen.gpg_seckey.owner_trust=%s" % self.gpg_seckey.owner_trust)
log.debug("keygen.gpg_seckey.last_update=%s" % self.gpg_seckey.last_update)
if self.password:
self.gpg.set_pinentry_mode(gpg.constants.PINENTRY_MODE_LOOPBACK)
self.pgp_secret_armored = self.gpg.key_export_secret(self.gpg_seckey.fpr)
log.debug("keygen.pgp_secret_armored=%s" % self.pgp_secret_armored)
if not self.pgp_secret_armored:
log.error(f"""Unable to export gpg secret key id "{self.gpg_seckey.fpr}" of user "{self.username}". Please check your password!""")
try:
self.pgpy_from_gpg()
self.ed25519_from_pgpy()
except Exception as e:
log.error(f'Unable to get ed25519 from pgp: {e}')
self._cleanup()
exit(2)
with warnings.catch_warnings():
# remove CryptographyDeprecationWarning about deprecated
# SymmetricKeyAlgorithm IDEA, CAST5 and Blowfish (PGPy v0.5.4)
warnings.simplefilter('ignore')
self.pgpy, _ = pgpy.PGPKey.from_blob(self.pgp_secret_armored)
def ed25519_from_pgpy(self):
log.debug("keygen.ed25519_from_pgpy()")
log.debug("keygen.pgpy.fingerprint.keyid=%s" % self.pgpy.fingerprint.keyid)
log.debug("keygen.pgpy.is_protected=%s" % self.pgpy.is_protected)
if self.pgpy.is_protected:
if not self.password:
with pynentry.PynEntry() as p:
p.description = f"""The exported pgp key id "{self.pgpy.fingerprint.keyid}" of user "{self.username}" is password protected.
Please enter the passphrase again to unlock it.
"""
p.prompt = 'Passphrase:'
try:
self.password = p.get_pin()
except pynentry.PinEntryCancelled:
log.warning('Cancelled! Goodbye.')
self._cleanup()
exit(2)
try:
with warnings.catch_warnings():
# remove CryptographyDeprecationWarning about deprecated
# SymmetricKeyAlgorithm IDEA, CAST5 and Blowfish (PGPy v0.5.4)
warnings.simplefilter('ignore')
with self.pgpy.unlock(self.password):
assert self.pgpy.is_unlocked
log.debug("keygen.pgpy.is_unlocked=%s" % self.pgpy.is_unlocked)
self.ed25519_seed_bytes_from_pgpy()
except Exception as e:
log.error(f"""Unable to unlock pgp secret key id "{self.pgpy.fingerprint.keyid}" of user "{self.username}". Please check your password!""")
self._cleanup()
exit(2)
else:
self.ed25519_seed_bytes_from_pgpy()
self.ed25519_public_bytes, self.ed25519_secret_bytes = nacl.bindings.crypto_sign_seed_keypair(self.ed25519_seed_bytes)
try:
log.debug("keygen.pgpy.fingerprint.keyid=%s" % self.pgpy.fingerprint.keyid)
log.debug("keygen.pgpy.is_protected=%s" % self.pgpy.is_protected)
if self.pgpy.is_protected:
if not self.password:
with pynentry.PynEntry() as p:
p.description = f"""The exported pgp key id "{self.pgpy.fingerprint.keyid}" of user "{self.username}" is password protected.
Please enter the passphrase again to unlock it.
"""
p.prompt = 'Passphrase:'
try:
self.password = p.get_pin()
except pynentry.PinEntryCancelled:
log.warning('Cancelled! Goodbye.')
self._cleanup()
exit(1)
try:
with warnings.catch_warnings():
# remove CryptographyDeprecationWarning about deprecated
# SymmetricKeyAlgorithm IDEA, CAST5 and Blowfish (PGPy v0.5.4)
warnings.simplefilter('ignore')
with self.pgpy.unlock(self.password):
assert self.pgpy.is_unlocked
log.debug("keygen.pgpy.is_unlocked=%s" % self.pgpy.is_unlocked)
self.ed25519_seed_bytes_from_pgpy()
except Exception as e:
log.error(f"""Unable to unlock pgp secret key id "{self.pgpy.fingerprint.keyid}" of user "{self.username}": {e}""")
self._cleanup()
exit(2)
else:
self.ed25519_seed_bytes_from_pgpy()
self.ed25519_from_seed_bytes()
except Exception as e:
log.error(f'Unable to get ed25519 seed bytes from pgpy: {e}')
self._cleanup()
exit(2)
def ed25519_from_seed_bytes(self):
log.debug("keygen.ed25519_from_seed_bytes()")
try:
self.ed25519_public_bytes, self.ed25519_secret_bytes = nacl.bindings.crypto_sign_seed_keypair(self.ed25519_seed_bytes)
self.ed25519 = ed25519.Ed25519PrivateKey.from_private_bytes(self.ed25519_seed_bytes)
except Exception as e:
log.error(f'Unable to get ed25519 from seed bytes: {e}')
self._cleanup()
exit(2)
log.debug("keygen.ed25519_public_bytes=%s" % self.ed25519_public_bytes)
log.debug("keygen.ed25519_secret_bytes=%s" % self.ed25519_secret_bytes)
def ed25519_seed_bytes_from_duniterpy(self):
log.debug("keygen.ed25519_seed_bytes_from_duniterpy()")
try:
self.ed25519_seed_bytes = self.duniterpy.sk[:32]
except Exception as e:
log.error(f'Unable to get ed25519 seed bytes from duniterpy: {e}')
self._cleanup()
exit(2)
log.debug("keygen.ed25519_seed_bytes=%s" % self.ed25519_seed_bytes)
def ed25519_seed_bytes_from_jwk(self):
log.debug("keygen.ed25519_seed_bytes_from_jwk()")
try:
self.ed25519_seed_bytes = self.jwk._okp_pri().private_bytes(encoding=serialization.Encoding.Raw, format=serialization.PrivateFormat.Raw, encryption_algorithm=serialization.NoEncryption())
except Exception as e:
log.error(f'Unable to get ed25519 seed bytes from jwk: {e}')
self._cleanup()
exit(2)
def ed25519_seed_bytes_from_pem(self, pem):
log.debug("keygen.ed25519_seed_bytes_from_pem()")
try:
self.ed25519_seed_bytes = serialization.load_pem_private_key(pem, password=None).private_bytes(encoding=serialization.Encoding.Raw, format=serialization.PrivateFormat.Raw, encryption_algorithm=serialization.NoEncryption())
except Exception as e:
log.error(f'Unable to get ed25519 seed bytes from pem: {e}')
self._cleanup()
exit(2)
def ed25519_seed_bytes_from_pgpy(self):
log.debug("keygen.ed25519_seed_bytes_from_pgpy()")
self.pgpy_key_type()
if self.pgpy_key_type == 'RSA':
log.debug("keygen.pgpy._key.keymaterial.p=%s" % self.pgpy._key.keymaterial.p)
log.debug("keygen.pgpy._key.keymaterial.q=%s" % self.pgpy._key.keymaterial.q)
# custom seed: use sha256 hash of (p + q)
self.ed25519_seed_bytes = nacl.bindings.crypto_hash_sha256(long_to_bytes(self.pgpy._key.keymaterial.p + self.pgpy._key.keymaterial.q))
p = long_to_bytes(self.pgpy._key.keymaterial.p)
q = long_to_bytes(self.pgpy._key.keymaterial.q)
log.debug("keygen.ed25519_seed_bytes=%s" % self.ed25519_seed_bytes)
elif self.pgpy_key_type in ('ECDSA', 'EdDSA', 'ECDH'):
log.debug("keygen.pgpy._key.keymaterial.s=%s" % self.pgpy._key.keymaterial.s)
self.ed25519_seed_bytes = long_to_bytes(self.pgpy._key.keymaterial.s)
log.debug("keygen.ed25519_seed_bytes=%s" % self.ed25519_seed_bytes)
else:
raise NotImplementedError(f"Getting seed from {self.pgpy_key_type} key is not implemented")
try:
self.pgpy_key_type()
if self.pgpy_key_type == 'RSA':
log.debug("keygen.pgpy._key.keymaterial.p=%s" % self.pgpy._key.keymaterial.p)
log.debug("keygen.pgpy._key.keymaterial.q=%s" % self.pgpy._key.keymaterial.q)
# custom seed: use sha256 hash of (p + q)
self.ed25519_seed_bytes = nacl.bindings.crypto_hash_sha256(long_to_bytes(self.pgpy._key.keymaterial.p + self.pgpy._key.keymaterial.q))
elif self.pgpy_key_type in ('ECDSA', 'EdDSA', 'ECDH'):
log.debug("keygen.pgpy._key.keymaterial.s=%s" % self.pgpy._key.keymaterial.s)
self.ed25519_seed_bytes = long_to_bytes(self.pgpy._key.keymaterial.s)
else:
raise NotImplementedError(f"getting seed from {self.pgpy_key_type} key is not implemented")
except Exception as e:
log.error(f'Unable to get ed25519 seed bytes from pgpy: {e}')
self._cleanup()
exit(2)
log.debug("keygen.ed25519_seed_bytes=%s" % self.ed25519_seed_bytes)
def ed25519_seed_bytes_from_protobuf(self):
log.debug("keygen.ed25519_seed_bytes_from_protobuf()")
try:
self.ed25519_seed_bytes = self.ed25519_secret_protobuf.lstrip(b'\x08\x01\x12@')[:32]
except Exception as e:
log.error(f'Unable to get ed25519 seed bytes from protobuf: {e}')
self._cleanup()
exit(2)
log.debug("keygen.ed25519_seed_bytes=%s" % self.ed25519_seed_bytes)
def gpg_passphrase_cb(self, uid_hint, passphrase_info, prev_was_bad):
log.debug("keygen.gpg_passphrase_cb(%s, %s, %s)" % (uid_hint, passphrase_info, prev_was_bad))
return self.password
def ipfs_from_protobuf2(self):
log.debug("keygen.ipfs_from_protobuf2()")
def jwk_from_ed25519(self):
log.debug("keygen.jwk_from_ed25519()")
try:
self.jwk = jwk.JWK.from_pyca(self.ed25519)
except Exception as e:
log.error(f'Unable to get jwk from ed25519: {e}')
self._cleanup()
exit(2)
# PeerID
self.ipfs_peerid = base58.b58encode(self.ed25519_public_protobuf2).decode('ascii')
log.debug("keygen.ipfs_peerid=%s" % self.ipfs_peerid)
# PrivKey
self.ipfs_privkey = base64.b64encode(self.ed25519_secret_protobuf2).decode('ascii')
log.debug("keygen.ipfs_privkey=%s" % self.ipfs_privkey)
def jwk_from_json(self, json):
log.debug("keygen.jwk_from_json()")
try:
self.jwk = jwk.JWK.from_json(json)
except Exception as e:
log.error(f'Unable to get jwk from json: {e}')
self._cleanup()
exit(2)
def pem_pkcs8_from_ed25519(self):
log.debug("keygen.pem_pkcs8_from_ed25519()")
self.ed25519_secret_pem_pkcs8 = ed25519.Ed25519PrivateKey.from_private_bytes(self.ed25519_secret_bytes[:32]).private_bytes(encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.PKCS8, encryption_algorithm=serialization.NoEncryption()).decode('ascii')
try:
self.ed25519_secret_pem_pkcs8 = self.ed25519.private_bytes(encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.PKCS8, encryption_algorithm=serialization.NoEncryption()).decode('ascii')
except Exception as e:
log.error(f'Unable to get pem pkcs8 from ed25519: {e}')
self._cleanup()
exit(2)
log.debug("keygen.ed25519_secret_pem_pkcs8=%s" % self.ed25519_secret_pem_pkcs8)
def pgpy_from_gpg(self):
log.debug("keygen.pgpy_from_gpg()")
try:
self.gpg_seckeys = list(self.gpg.keylist(pattern=self.username, secret=True))
log.debug("keygen.gpg_seckeys=%s" % self.gpg_seckeys)
if not self.gpg_seckeys:
log.warning(f"""Unable to find any key matching username "{self.username}".""")
self._cleanup()
exit(1)
else:
self.gpg_seckey = self.gpg_seckeys[0]
log.info(f"""Found key id "{self.gpg_seckey.fpr}" matching username "{self.username}".""")
log.debug("keygen.gpg_seckey.expired=%s" % self.gpg_seckey.expired)
log.debug("keygen.gpg_seckey.fpr=%s" % self.gpg_seckey.fpr)
log.debug("keygen.gpg_seckey.revoked=%s" % self.gpg_seckey.revoked)
log.debug("keygen.gpg_seckey.uids=%s" % self.gpg_seckey.uids)
log.debug("keygen.gpg_seckey.owner_trust=%s" % self.gpg_seckey.owner_trust)
log.debug("keygen.gpg_seckey.last_update=%s" % self.gpg_seckey.last_update)
if self.password:
self.gpg.set_pinentry_mode(gpg.constants.PINENTRY_MODE_LOOPBACK)
self.pgp_public_armor = self.gpg.key_export(self.gpg_seckey.fpr)
self.pgp_secret_armor = self.gpg.key_export_secret(self.gpg_seckey.fpr)
log.debug("keygen.pgp_secret_armor=%s" % self.pgp_secret_armor)
if not self.pgp_secret_armor:
log.error(f"""Unable to export gpg secret key id "{self.gpg_seckey.fpr}" of user "{self.username}". Please check your password!""")
self._cleanup()
exit(2)
with warnings.catch_warnings():
# remove CryptographyDeprecationWarning about deprecated
# SymmetricKeyAlgorithm IDEA, CAST5 and Blowfish (PGPy v0.5.4)
warnings.simplefilter('ignore')
self.pgpy, _ = pgpy.PGPKey.from_blob(self.pgp_secret_armor)
except Exception as e:
log.error(f'Unable to get pgpy from gpg: {e}')
self._cleanup()
exit(2)
def pgpy_key_type(self):
log.debug("keygen.pgpy_key_type()")
if isinstance(self.pgpy._key.keymaterial, pgpy.packet.fields.RSAPriv):
@ -616,13 +821,18 @@ class keygen:
self.pgpy_key_type = 'undefined'
log.debug("keygen.pgpy_key_type=%s" % self.pgpy_key_type)
def protobuf2_from_ed25519(self):
def protobuf_from_ed25519(self):
# libp2p protobuf version 2
log.debug("keygen.protobuf2_from_ed25519()")
self.ed25519_public_protobuf2 = b'\x00$\x08\x01\x12 ' + self.ed25519_public_bytes
self.ed25519_secret_protobuf2 = b'\x08\x01\x12@' + self.ed25519_secret_bytes
log.debug("keygen.ed25519_public_protobuf2=%s" % self.ed25519_public_protobuf2)
log.debug("keygen.ed25519_secret_protobuf2=%s" % self.ed25519_secret_protobuf2)
log.debug("keygen.protobuf_from_ed25519()")
try:
self.ed25519_public_protobuf = b'\x00$\x08\x01\x12 ' + self.ed25519_public_bytes
self.ed25519_secret_protobuf = b'\x08\x01\x12@' + self.ed25519_secret_bytes
except Exception as e:
log.error(f'Unable to get protobuf from ed25519: {e}')
self._cleanup()
exit(2)
log.debug("keygen.ed25519_public_protobuf=%s" % self.ed25519_public_protobuf)
log.debug("keygen.ed25519_secret_protobuf=%s" % self.ed25519_secret_protobuf)
##
# long_to_bytes comes from PyCrypto, which is released into Public Domain

1
requirements.txt
View File

@ -1,6 +1,7 @@
base58==2.1.1
cryptography==3.4.8
duniterpy==1.1.0
jwcrypto==1.4.2
pgpy==0.5.4
pynentry==0.1.6
pynacl==1.5.0

93
specs/keygen_spec.sh
View File

@ -3,14 +3,15 @@ set -eu
CRED_FILE="${SHELLSPEC_TMPBASE}/credentials"
DUBP_FILE="${SHELLSPEC_TMPBASE}/mnemonic"
EWIF_FILE="${SHELLSPEC_TMPBASE}/ed25519.ewif"
NACL_FILE="${SHELLSPEC_TMPBASE}/ed25519.nacl"
PB2_FILE="${SHELLSPEC_TMPBASE}/ed25519.pb2"
PEM_FILE="${SHELLSPEC_TMPBASE}/ed25519.pem"
PUBSEC_FILE="${SHELLSPEC_TMPBASE}/ed25519.pubsec"
SEED_FILE="${SHELLSPEC_TMPBASE}/ed25519.seed"
SSB_FILE="${SHELLSPEC_TMPBASE}/ed25519.ssb"
WIF_FILE="${SHELLSPEC_TMPBASE}/ed25519.wif"
EWIF_FILE="${SHELLSPEC_TMPBASE}/username.ewif"
JWK_FILE="${SHELLSPEC_TMPBASE}/username.jwk"
NACL_FILE="${SHELLSPEC_TMPBASE}/username.nacl"
PB2_FILE="${SHELLSPEC_TMPBASE}/username.pb2"
PEM_FILE="${SHELLSPEC_TMPBASE}/username.pem"
PUBSEC_FILE="${SHELLSPEC_TMPBASE}/username.pubsec"
SEED_FILE="${SHELLSPEC_TMPBASE}/username.seed"
SSB_FILE="${SHELLSPEC_TMPBASE}/username.ssb"
WIF_FILE="${SHELLSPEC_TMPBASE}/username.wif"
gpg() {
GNUPGHOME="${SHELLSPEC_TMPBASE}" command gpg "$@"
@ -57,7 +58,7 @@ Describe 'keygen'
Describe '--version:'
It 'prints version'
When run keygen --version
The output should include 'v0.0.4'
The output should include 'v0.0.5'
The status should be success
The stderr should equal ""
End
@ -112,42 +113,69 @@ Describe 'keygen'
The stderr should equal ""
End
End
Describe '-t base58 -pk username password:'
Describe '-pkt b58mh username password:'
It 'prints prefixed base58 multihash public and secret keys for user "username" and password "password"'
When run keygen -pkt b58mh username password
The output should include 'pub: 12D3KooWDMhdm5yrvtrbkshXFjkqLedHieUnPioczy9wzdnzquHC'
The output should include 'sec: 23jhTarm17VAHUwPkHD2Kv5sPfuQrsXSZUzKUrRkP2oP8bgnLjVExhG4AVoayCLxbXN4g2pjVG5qiJRucUtogbj7zGapz'
The status should be success
The stderr should equal ""
End
End
Describe '-pkt b64mh username password:'
It 'prints prefixed base64 multihash public and secret keys for user "username" and password "password"'
When run keygen -pkt b64mh username password
The output should include 'pub: ACQIARIgNJoTbvcP+m51+XwxrmWqHaOpI1ZD0USwLjqAmV8Boas='
The output should include 'sec: CAESQA+XqCWjRqCjNe9oU3QA796bEH+T+rxgyPQ/EkXvE2MvNJoTbvcP+m51+XwxrmWqHaOpI1ZD0USwLjqAmV8Boas='
The status should be success
The stderr should equal ""
End
End
Describe '-pkt base58 username password:'
It 'prints prefixed base58 public and secret keys for user "username" and password "password"'
When run keygen -t base58 -pk username password
When run keygen -pkt base58 username password
The output should include 'pub: 4YLU1xQ9jzb7LzC6d91VZrYTEKS9N2j93Nnvcee6wxZG'
The output should include 'sec: K5heSX4xGUPtRbxcZh6zbgaKbDv8FeVc9JuSNWtUs7C1oGNKqv7kQJ3DHdouTPzoW4duKKnuLQK8LbHKfN9fkjC'
The status should be success
The stderr should equal ""
End
End
Describe '-t base64 -pk username password:'
Describe '-pkt base64 username password:'
It 'prints prefixed base64 public and secret keys for user "username" and password "password"'
When run keygen -t base64 -pk username password
When run keygen -pkt base64 username password
The output should include 'pub: NJoTbvcP+m51+XwxrmWqHaOpI1ZD0USwLjqAmV8Boas='
The output should include 'sec: D5eoJaNGoKM172hTdADv3psQf5P6vGDI9D8SRe8TYy80mhNu9w/6bnX5fDGuZaodo6kjVkPRRLAuOoCZXwGhqw=='
The status should be success
The stderr should equal ""
End
End
Describe '-t duniter -pk username password:'
Describe '-pkt duniter username password:'
It 'prints prefixed duniter public and secret keys for user "username" and password "password"'
When run keygen -t duniter -pk username password
When run keygen -pkt duniter username password
The output should include 'pub: 4YLU1xQ9jzb7LzC6d91VZrYTEKS9N2j93Nnvcee6wxZG'
The output should include 'sec: K5heSX4xGUPtRbxcZh6zbgaKbDv8FeVc9JuSNWtUs7C1oGNKqv7kQJ3DHdouTPzoW4duKKnuLQK8LbHKfN9fkjC'
The status should be success
The stderr should equal ""
End
End
Describe '-t ipfs -pk username password:'
Describe '-pkt ipfs username password:'
It 'prints prefixed ipfs public and secret keys for user "username" and password "password"'
When run keygen -t ipfs -pk username password
When run keygen -pkt ipfs username password
The output should include 'PeerID: 12D3KooWDMhdm5yrvtrbkshXFjkqLedHieUnPioczy9wzdnzquHC'
The output should include 'PrivKEY: CAESQA+XqCWjRqCjNe9oU3QA796bEH+T+rxgyPQ/EkXvE2MvNJoTbvcP+m51+XwxrmWqHaOpI1ZD0USwLjqAmV8Boas='
The status should be success
The stderr should equal ""
End
End
Describe '-pkt jwk username password:'
It 'prints prefixed jwk public and secret keys for user "username" and password "password"'
When run keygen -pkt jwk username password
The output should include 'pub: {"crv":"Ed25519","kty":"OKP","x":"NJoTbvcP-m51-XwxrmWqHaOpI1ZD0USwLjqAmV8Boas"}'
The output should include 'sec: {"crv":"Ed25519","d":"D5eoJaNGoKM172hTdADv3psQf5P6vGDI9D8SRe8TYy8","kty":"OKP","x":"NJoTbvcP-m51-XwxrmWqHaOpI1ZD0USwLjqAmV8Boas"}'
The status should be success
The stderr should equal ""
End
End
Describe '-pkm "tongue cute mail ...":'
It 'prints prefixed base58 public and secret keys for mnemonic "tongue cute mail ..."'
When run keygen -pkm "tongue cute mail fossil great frozen same social weasel impact brush kind"
@ -179,6 +207,26 @@ Describe 'keygen'
End
rm -f "${DUBP_FILE}"
End
Describe "-f jwk -o ${JWK_FILE} username password:"
rm -f "${JWK_FILE}"
It 'writes secret key to a JWK file for user "username" and password "password"'
When run keygen -f jwk -o "${JWK_FILE}" username password
The path "${JWK_FILE}" should exist
The contents of file "${JWK_FILE}" should include '{"crv":"Ed25519","d":"D5eoJaNGoKM172hTdADv3psQf5P6vGDI9D8SRe8TYy8","kty":"OKP","x":"NJoTbvcP-m51-XwxrmWqHaOpI1ZD0USwLjqAmV8Boas"}'
The status should be success
The stderr should equal ""
End
End
Describe "-pki ${JWK_FILE}:"
It 'prints prefixed base58 public and secret keys for ed25519 key read from JWK file"'
When run keygen -pki "${JWK_FILE}" -v
The output should include 'pub: 4YLU1xQ9jzb7LzC6d91VZrYTEKS9N2j93Nnvcee6wxZG'
The output should include 'sec: K5heSX4xGUPtRbxcZh6zbgaKbDv8FeVc9JuSNWtUs7C1oGNKqv7kQJ3DHdouTPzoW4duKKnuLQK8LbHKfN9fkjC'
The status should be success
The stderr should include 'input file format detected: jwk'
End
rm -f "${JWK_FILE}"
End
Describe "-f nacl -o ${NACL_FILE} username password:"
rm -f "${NACL_FILE}"
It 'writes secret key to a libnacl file for user "username" and password "password"'
@ -259,7 +307,7 @@ Describe 'keygen'
rm -f "${PB2_FILE}"
It 'writes protobuf2 secret key to a pb2 file for user "username" and password "password"'
decode_pb2() {
xxd -ps "${PB2_FILE}"
xxd -p "${PB2_FILE}"
}
not_xxd() {
! which xxd >/dev/null 2>&1
@ -273,6 +321,15 @@ Describe 'keygen'
The status should be success
The stderr should equal ""
End
End
Describe "-pki ${PB2_FILE}:"
It 'prints prefixed base58 public and secret keys for ed25519 key read from pb2 file"'
When run keygen -pki "${PB2_FILE}" -v
The output should include 'pub: 4YLU1xQ9jzb7LzC6d91VZrYTEKS9N2j93Nnvcee6wxZG'
The output should include 'sec: K5heSX4xGUPtRbxcZh6zbgaKbDv8FeVc9JuSNWtUs7C1oGNKqv7kQJ3DHdouTPzoW4duKKnuLQK8LbHKfN9fkjC'
The status should be success
The stderr should include 'input file format detected: pb2'
End
rm -f "${PB2_FILE}"
End
Describe "-f pubsec -o ${PUBSEC_FILE} username password:"