Compare commits

...

4 Commits
master ... wip

Author SHA1 Message Date
Yann Autissier 65fdb648ca wip: refacto 2022-10-08 12:51:28 +02:00
Yann Autissier fb08e6ed65 wip: refacto 2022-10-08 05:14:20 +02:00
Yann Autissier 029f49be22 add base36 and base58 multiformat output
* output cidv1 of key in base36 or base58
* fix rsa custom seed to concatenate p + q instead of adding it
* renamed output file format pb2 to p2p
2022-10-01 03:29:07 +02:00
Yann Autissier f1b4573294 wip: first did implementation 2022-09-29 06:21:36 +02:00
9 changed files with 1254 additions and 1119 deletions

1
about.py Normal file
View File

@ -0,0 +1 @@
__version__='0.1.0'

View File

@ -1,162 +0,0 @@
# Generated by the protocol buffer compiler. DO NOT EDIT!
# source: crypto.proto
import sys
_b=sys.version_info[0]<3 and (lambda x:x) or (lambda x:x.encode('latin1'))
from google.protobuf.internal import enum_type_wrapper
from google.protobuf import descriptor as _descriptor
from google.protobuf import message as _message
from google.protobuf import reflection as _reflection
from google.protobuf import symbol_database as _symbol_database
# @@protoc_insertion_point(imports)
_sym_db = _symbol_database.Default()
DESCRIPTOR = _descriptor.FileDescriptor(
name='crypto.proto',
package='crypto.pb',
syntax='proto2',
serialized_options=_b('Z*github.com/libp2p/go-libp2p-core/crypto/pb'),
serialized_pb=_b('\n\x0c\x63rypto.proto\x12\tcrypto.pb\";\n\tPublicKey\x12 \n\x04Type\x18\x01 \x02(\x0e\x32\x12.crypto.pb.KeyType\x12\x0c\n\x04\x44\x61ta\x18\x02 \x02(\x0c\"<\n\nPrivateKey\x12 \n\x04Type\x18\x01 \x02(\x0e\x32\x12.crypto.pb.KeyType\x12\x0c\n\x04\x44\x61ta\x18\x02 \x02(\x0c*9\n\x07KeyType\x12\x07\n\x03RSA\x10\x00\x12\x0b\n\x07\x45\x64\x32\x35\x35\x31\x39\x10\x01\x12\r\n\tSecp256k1\x10\x02\x12\t\n\x05\x45\x43\x44SA\x10\x03\x42,Z*github.com/libp2p/go-libp2p-core/crypto/pb')
)
_KEYTYPE = _descriptor.EnumDescriptor(
name='KeyType',
full_name='crypto.pb.KeyType',
filename=None,
file=DESCRIPTOR,
values=[
_descriptor.EnumValueDescriptor(
name='RSA', index=0, number=0,
serialized_options=None,
type=None),
_descriptor.EnumValueDescriptor(
name='Ed25519', index=1, number=1,
serialized_options=None,
type=None),
_descriptor.EnumValueDescriptor(
name='Secp256k1', index=2, number=2,
serialized_options=None,
type=None),
_descriptor.EnumValueDescriptor(
name='ECDSA', index=3, number=3,
serialized_options=None,
type=None),
],
containing_type=None,
serialized_options=None,
serialized_start=150,
serialized_end=207,
)
_sym_db.RegisterEnumDescriptor(_KEYTYPE)
KeyType = enum_type_wrapper.EnumTypeWrapper(_KEYTYPE)
RSA = 0
Ed25519 = 1
Secp256k1 = 2
ECDSA = 3
_PUBLICKEY = _descriptor.Descriptor(
name='PublicKey',
full_name='crypto.pb.PublicKey',
filename=None,
file=DESCRIPTOR,
containing_type=None,
fields=[
_descriptor.FieldDescriptor(
name='Type', full_name='crypto.pb.PublicKey.Type', index=0,
number=1, type=14, cpp_type=8, label=2,
has_default_value=False, default_value=0,
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
_descriptor.FieldDescriptor(
name='Data', full_name='crypto.pb.PublicKey.Data', index=1,
number=2, type=12, cpp_type=9, label=2,
has_default_value=False, default_value=_b(""),
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
],
extensions=[
],
nested_types=[],
enum_types=[
],
serialized_options=None,
is_extendable=False,
syntax='proto2',
extension_ranges=[],
oneofs=[
],
serialized_start=27,
serialized_end=86,
)
_PRIVATEKEY = _descriptor.Descriptor(
name='PrivateKey',
full_name='crypto.pb.PrivateKey',
filename=None,
file=DESCRIPTOR,
containing_type=None,
fields=[
_descriptor.FieldDescriptor(
name='Type', full_name='crypto.pb.PrivateKey.Type', index=0,
number=1, type=14, cpp_type=8, label=2,
has_default_value=False, default_value=0,
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
_descriptor.FieldDescriptor(
name='Data', full_name='crypto.pb.PrivateKey.Data', index=1,
number=2, type=12, cpp_type=9, label=2,
has_default_value=False, default_value=_b(""),
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
],
extensions=[
],
nested_types=[],
enum_types=[
],
serialized_options=None,
is_extendable=False,
syntax='proto2',
extension_ranges=[],
oneofs=[
],
serialized_start=88,
serialized_end=148,
)
_PUBLICKEY.fields_by_name['Type'].enum_type = _KEYTYPE
_PRIVATEKEY.fields_by_name['Type'].enum_type = _KEYTYPE
DESCRIPTOR.message_types_by_name['PublicKey'] = _PUBLICKEY
DESCRIPTOR.message_types_by_name['PrivateKey'] = _PRIVATEKEY
DESCRIPTOR.enum_types_by_name['KeyType'] = _KEYTYPE
_sym_db.RegisterFileDescriptor(DESCRIPTOR)
PublicKey = _reflection.GeneratedProtocolMessageType('PublicKey', (_message.Message,), dict(
DESCRIPTOR = _PUBLICKEY,
__module__ = 'crypto_pb2'
# @@protoc_insertion_point(class_scope:crypto.pb.PublicKey)
))
_sym_db.RegisterMessage(PublicKey)
PrivateKey = _reflection.GeneratedProtocolMessageType('PrivateKey', (_message.Message,), dict(
DESCRIPTOR = _PRIVATEKEY,
__module__ = 'crypto_pb2'
# @@protoc_insertion_point(class_scope:crypto.pb.PrivateKey)
))
_sym_db.RegisterMessage(PrivateKey)
DESCRIPTOR._options = None
# @@protoc_insertion_point(module_scope)

307
dpgpid
View File

@ -1,6 +1,6 @@
#!/bin/sh
#!/usr/bin/env python3
# link: https://git.p2p.legal/aya/dpgpid/
# desc: dpgpid (Decentralized PGP IDentifiers) shares PGP keys with DIDs on IPFS
# desc: generate did:ipid keys from gpg
# Copyleft 2022 Yann Autissier <aya@asycn.io>
@ -12,58 +12,273 @@
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# GNU Affero General Public License for more details.
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
set -eu
import argparse
import configparser
import gpg
import json
import logging as log
from SecureBytes import clearmem
import os
import re
import struct
import sys
import time
import warnings
DATE=$(date -u +%FT%TZ%Z)
USAGE='[--help] [--version] show'
VERSION='0.0.1'
sys.path.append(os.path.abspath('../py-ipfs-http-client/'))
import ipfshttpclient
import key
dpgpid() {
while test $# != 0; do
case "$1" in
-h|--help)
help
;;
-v|--version)
version
;;
--)
shift
break
;;
-*)
usage
;;
show)
show
;;
*)
break
;;
esac
shift
done
}
__version__='0.1.0'
help() {
usage
}
class dpgpid:
def __init__(self):
self.parser = argparse.ArgumentParser(description="""
Generate did:ipid keys from gpg.
It converts a gpg key to a Decentralized IDentifier.""")
self.parser.add_argument(
'action',
help="{list,publish}",
nargs="?",
)
self.parser.add_argument(
"-d",
"--debug",
action="store_true",
help="show debug informations",
)
self.parser.add_argument(
"-q",
"--quiet",
action="store_true",
help="show only errors",
)
self.parser.add_argument(
"-t",
"--type",
choices=['dns', 'ipid','key'],
default="ipid",
dest="type",
help="did output format, default: ipid",
)
self.parser.add_argument(
"-v",
"--verbose",
action="store_true",
help="show more informations",
)
self.parser.add_argument(
"--version",
action="store_true",
help="show version and exit",
)
self.parser.add_argument(
'-u',
'--username',
dest="username",
)
self.parser.add_argument(
'-p',
'--password',
dest="password",
)
show() {
gpg --list-keys --with-colons |awk -F: '$1 == "pub" {print "did:pgp:"$5}'
}
def _check_args(self, args):
log.debug("dpgpid._check_args(%s)" % args)
if self.action not in ['list', 'publish']:
self.parser.error('dpgpid requires a valid action')
usage() {
printf "%s\n" "Usage: $(basename "$0") ${USAGE}"
}
def _cleanup(self):
log.debug("dpgpid._cleanup()")
self.ipfs.close()
version() {
printf "%s\n" "Version: $(basename "$0") v${VERSION}"
}
def _cli(self, argv):
args = self.parser.parse_args(argv)
vars(self).update(vars(args))
dpgpid "$@"
# display version
if args.version:
version()
sys.exit()
# define log format
log_format='%(asctime)s %(levelname)s: %(message)s'
log_datefmt='%Y/%m/%d %H:%M:%S'
if args.debug:
log_level='DEBUG'
elif args.quiet:
log_level='ERROR'
elif args.verbose:
log_level='INFO'
else:
log_level='WARNING'
log.basicConfig(format=log_format, datefmt=log_datefmt, level=log_level)
self._check_args(args)
self._load_config()
self.gpg = gpg.Context(armor=True, offline=True)
try:
self.ipfs = ipfshttpclient.connect('/ip4/172.18.0.2/tcp/5001/',session=True,timeout=3)
except Exception as e:
log.error('Unable to load ipfs client: %s' % e)
exit(2)
method = getattr(self, f'do_{self.type}', self._invalid_type)
return method()
def _invalid_type(self):
log.debug("dpgpid._invalid_type()")
self.parser.error(f"type {self.type} is not valid.")
def _load_config(self):
log.debug("dpgpid._load_config()")
self.config = configparser.RawConfigParser()
config_dir = os.path.join(os.environ.get('XDG_CONFIG_HOME', os.path.expanduser('~/.config')), 'dpgpid')
log.debug("config_dir=%s" % config_dir)
self.config.read( [config_dir + '/dpgpid.conf'] )
def did_from_key(self):
log.debug("dpgpid.did_from_key()")
self.did = json.dumps({
"@context": "/ipfs/QmfS56jDfrXNaS6Xcsp3RJiXd2wyY7smeEAwyTAnL1RhEG",
"id": "did:ipid:" + self.key_id,
"created": self.key_created_at,
"publicKey": [{
"id": "did:ipid:" + self.key_id,
"type": "GpgVerificationKey2020",
"expires": self.key_expires_at,
"publicKeyGpg": self.key_public_key,
}, {
"id": "did:ipid:" + self.key_id,
"type": "JsonWebKey2020",
"expires": self.key_expires_at,
"publicKeyJwk": self.key_public_jwk,
}],
})
if self.key_updated_at:
self.did.update({"updated": self.key_updated_at,})
log.debug("dpgpid.did=%s" % self.did)
def do_list(self):
log.debug("dpgpid.do_list()")
gpgkeys = list(self.gpg.keylist(pattern=self.username, secret=True))
for gpgkey in gpgkeys:
self.key_from_gpg(gpgkey.fpr, self.password)
print("did:ipid:%s" % self.key_id)
self._cleanup()
def do_publish(self):
log.debug("dpgpid.do_publish()")
gpgkeys = list(self.gpg.keylist(pattern=self.username, secret=True))
if not gpgkeys:
log.warning(f"""Unable to find any key matching "{self.username}".""")
exit(1)
else:
gpgkey = gpgkeys[0]
log.info(f"""Found key id "{gpgkey.fpr}" matching "{self.username}".""")
self.key_from_gpg(gpgkey.fpr, self.password)
self.did_from_key()
self.did_cid = self.ipfs.add_json(self.did)
log.debug('dpgpid.did_cid=%s' % self.did_cid)
self.did_ipns = self.ipfs.name.publish(ipfs_path='/ipfs/' + self.did_cid, key=self.key_id)['Name']
log.debug('dpgpid.did_ipns=%s' % self.did_ipns)
self._cleanup()
def do_key(self):
log.debug("dpgpid.do_key()")
gpgkeys = list(self.gpg.keylist(pattern=self.username, secret=True))
if not gpgkeys:
log.warning(f"""Unable to find any key matching "{self.username}".""")
exit(1)
else:
gpgkey = gpgkeys[0]
log.info(f"""Found key id "{gpgkey.fpr}" matching "{self.username}".""")
self.key_from_gpg(gpgkey.fpr, self.password)
self.did_from_key()
self.did_cid = self.ipfs.add_json(self.did)
log.debug('dpgpid.did_cid=%s' % self.did_cid)
self.did_ipns = self.ipfs.name.publish(ipfs_path='/ipfs/' + self.did_cid, key=self.key_id)['Name']
log.debug('dpgpid.did_ipns=%s' % self.did_ipns)
didkit.keyToDID('key', self.key_secret_jwk)
self._cleanup()
def do_show(self):
log.debug("dpgpid.do_show()")
gpgkeys = list(self.gpg.keylist(pattern=self.username, secret=True))
if not gpgkeys:
log.warning(f"""Unable to find any key matching "{self.username}".""")
exit(1)
else:
gpgkey = gpgkeys[0]
log.info(f"""Found key id "{gpgkey.fpr}" matching "{self.username}".""")
self.key_from_gpg(gpgkey.fpr, self.password)
self.did_from_key()
print(self.did)
self._cleanup()
def ipfs_peerid(self, args):
log.debug("dpgpid.ipfs_peerid(%s)" % args)
try:
self.ipfs_peerid = self.ipfs.id()['ID']
except Exception as e:
log.error(f'Unable to get ipfs peer id: {e}')
exit()
log.debug('dpgpid.ipfs_peerid=%s' % self.ipfs_peerid)
def key_from_gpg(self, username, password):
log.debug("dpgpid.key_from_gpg(%s, %s)" % (username, password))
try:
key = keygen.keygen()
key.gpg = gpg.Context(armor=True, offline=True)
key.gpg.set_passphrase_cb(key.gpg_passphrase_cb)
key.username = username
key.password = password
key.ed25519_from_gpg()
key.pem_pkcs8_from_ed25519()
key.libp2p_from_ed25519()
key.b58mh_from_libp2p()
key.jwk_from_ed25519()
self.key_created_at = str(key.pgpy.created)
self.key_expires_at = str(key.pgpy.expires_at)
self.key_fingerprint = key.gpg_secret_key.fpr
self.key_id = key.ed25519_public_b58mh
self.key_is_expired = key.gpg_secret_key.expired
self.key_is_revoked = key.gpg_secret_key.revoked
self.key_public_key = str(key.pgpy.pubkey)
self.key_public_jwk = key.ed25519_public_jwk
self.key_secret_jwk = key.ed25519_secret_jwk
self.key_secret_pem = key.ed25519_secret_pem_pkcs8
self.key_signers = key.pgpy.signers
self.key_uids = key.gpg_secret_key.uids
self.key_updated_at = key.gpg_secret_key.last_update
log.debug("dpgpid.key.created_at=%s" % self.key_created_at)
log.debug("dpgpid.key.expires_at=%s" % self.key_expires_at)
log.debug("dpgpid.key.fingerprint=%s" % self.key_fingerprint)
log.debug("dpgpid.key.id=%s" % self.key_id)
log.debug("dpgpid.key.is_expired=%s" % self.key_is_expired)
log.debug("dpgpid.key.is_revoked=%s" % self.key_is_revoked)
log.debug("dpgpid.key.public_key=%s" % self.key_public_key)
log.debug("dpgpid.key.public_jwk=%s" % self.key_public_jwk)
log.debug("dpgpid.key.secret_jwk=%s" % self.key_secret_jwk)
log.debug("dpgpid.key.signers=%s" % self.key_signers)
log.debug("dpgpid.key.uids=%s" % self.key_uids)
log.debug("dpgpid.key.updated_at=%s" % self.key_updated_at)
except Exception as e:
log.error(f'Unable to get key from gpg: {e}')
exit(2)
def main(argv=None):
if argv is None:
argv = sys.argv[1:]
return dpgpid()._cli(argv)
def version(version=__version__):
print("%s v%s" % (sys.argv[0],version))
if __name__ == "__main__":
sys.exit(main())

581
key/__init__.py Normal file
View File

@ -0,0 +1,581 @@
#!/usr/bin/env python3
# link: https://git.p2p.legal/aya/dpgpid/
# desc: dpgpid builds a decentralized gpg world of trust with did over ipfs
# Copyleft 2022 Yann Autissier <aya@asycn.io>
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
from cryptography.hazmat.primitives import serialization
from jwcrypto.jwk import JWK
from SecureBytes import clearmem
import base36
import base58
import base64
import duniterpy.key
import gpg
import logging as log
import pgpy
import pynentry
import re
import warnings
def from_args(args, config):
log.debug("key.from_args(%s, %s)" % (args, config))
from key import ed25519
if args.gpg:
_gpg = gpg.Context(armor=True, offline=True)
return from_gpg(_gpg, args.username[0], args.password)
else:
scrypt_params = duniterpy.key.scrypt_params.ScryptParams(
int(config.get('scrypt', 'n')) if config and config.has_option('scrypt', 'n') else 4096,
int(config.get('scrypt', 'r')) if config and config.has_option('scrypt', 'r') else 16,
int(config.get('scrypt', 'p')) if config and config.has_option('scrypt', 'p') else 1,
int(config.get('scrypt', 'sl')) if config and config.has_option('scrypt', 'sl') else 32,
)
if args.input:
return from_file(args.input, args.password, scrypt_params)
else:
if args.mnemonic:
return from_mnemonic(' '.join(args.username), scrypt_params)
else:
return from_credentials(args.username[0], args.password, scrypt_params)
def from_credentials(username, password=None, scrypt_params=None):
log.debug("key.from_credentials(%s, %s, %s)" % (username, password, scrypt_params))
try:
if not password:
with pynentry.PynEntry() as p:
p.description = f"""Please enter the passord for username "{username}"."""
p.prompt = 'Passsord:'
try:
password = p.get_pin()
except pynentry.PinEntryCancelled:
log.warning('Cancelled! Goodbye.')
exit(1)
return from_duniterpy(duniterpy.key.SigningKey.from_credentials(
username,
password,
scrypt_params
))
except Exception as e:
log.error(f'Unable to get key from credentials: {e}')
exit(2)
def from_duniterpy(duniterpy):
log.debug("key.from_duniterpy(%s)" % duniterpy)
key = ed25519.from_duniterpy(duniterpy)
key.duniterpy = duniterpy
return key
def from_file(input_file, password=None, scrypt_params=None):
log.debug("key.from_file(%s, %s, %s)" % (input_file, password, scrypt_params))
try:
with open(input_file, 'r') as file:
lines = file.readlines()
if len(lines) > 0:
line = lines[0].strip()
regex_ewif = re.compile('^Type: EWIF$')
regex_jwk = re.compile('^\\s*{\\s*"crv":\\s*"Ed25519",\\s*"d":\\s*"(.)+",\\s*"kty":\\s*"OKP",\\s*"x":\\s*"(.)+"\\s*}')
regex_nacl = re.compile('^\\s*{\\s*"priv":\\s*"[0-9a-fA-F]+",\\s*"verify":\\s*"[0-9a-fA-F]+",\\s*"sign":\\s*"[0-9a-fA-F]+"\\s*}')
regex_pem = re.compile('^-----BEGIN PRIVATE KEY-----$')
regex_pubsec = re.compile('^Type: PubSec$')
regex_seed = re.compile('^[0-9a-fA-F]{64}$')
regex_ssb = re.compile('\\s*{\\s*"curve":\\s*"ed25519",\\s*"public":\\s*"(.+)\\.ed25519",\\s*"private":\\s*"(.+)\\.ed25519",\\s*"id":\\s*"@(.+).ed25519"\\s*}')
regex_wif = re.compile('^Type: WIF$')
if re.search(regex_ewif, line):
log.info("input file format detected: ewif")
if not password:
with pynentry.PynEntry() as p:
p.description = f"""Data in EWIF file is encrypted.
Please enter a password to decrypt seed.
"""
p.prompt = 'Passphrase:'
try:
password = p.get_pin()
except pynentry.PinEntryCancelled:
log.warning('Cancelled! Goodbye.')
exit(1)
return from_duniterpy(duniterpy.key.SigningKey.from_ewif_file(input_file, password))
elif re.search(regex_jwk, line):
log.info("input file format detected: jwk")
return from_jwk(JWK.from_json(line))
elif re.search(regex_nacl, line):
log.info("input file format detected: nacl")
return from_duniterpy(duniterpy.key.SigningKey.from_private_key(input_file))
elif re.search(regex_pem, line):
log.info("input file format detected: pem")
return from_pem(''.join(lines).encode())
elif re.search(regex_pubsec, line):
log.info("input file format detected: pubsec")
return from_duniterpy(duniterpy.key.SigningKey.from_pubsec_file(input_file))
elif re.search(regex_seed, line):
log.info("input file format detected: seed")
return from_duniterpy(duniterpy.key.SigningKey.from_seedhex_file(input_file))
elif re.search(regex_ssb, line):
log.info("input file format detected: ssb")
return from_duniterpy(duniterpy.key.SigningKey.from_ssb_file(input_file))
elif re.search(regex_wif, line):
log.info("input file format detected: wif")
return from_duniterpy(duniterpy.key.SigningKey.from_wif_file(input_file))
elif len(line.split(' ')) == 12:
log.info("input file format detected: mnemonic")
return from_mnemonic(line, scrypt_params)
elif len(lines) > 1:
log.info("input file format detected: credentials")
return from_credentials(line, lines[1].strip(), scrypt_params)
else:
raise NotImplementedError('unknown input file format.')
else:
raise IOError('empty file.')
except UnicodeDecodeError as e:
try:
with open(input_file, 'rb') as file:
lines = file.readlines()
if len(lines) > 0:
line = lines[0].strip()
regex_dewif = re.compile(b'^\x00\x00\x00\x01\x00\x00\x00\x01')
regex_p2p = re.compile(b'^\x08\x01\x12@')
if re.search(regex_dewif, line):
log.info("input file format detected: dewif")
if not password:
with pynentry.PynEntry() as p:
p.description = f"""Data in DEWIF file is encrypted.
Please enter a password to decrypt seed.
"""
p.prompt = 'Passphrase:'
try:
password = p.get_pin()
except pynentry.PinEntryCancelled:
log.warning('Cancelled! Goodbye.')
exit(1)
return from_duniterpy(duniterpy.key.SigningKey.from_dewif_file(input_file, password))
if re.search(regex_p2p, line):
log.info("input file format detected: p2p")
return from_libp2p(line)
else:
raise NotImplementedError('unknown input file format.')
else:
raise IOError('empty file.')
except Exception as e:
log.error(f'Unable to get key from input file {input_file}: {e}')
exit(2)
except Exception as e:
log.error(f'Unable to get key from input file {input_file}: {e}')
exit(2)
def from_gpg(_gpg, username, password=None):
log.debug("key.from_gpg(%s, %s, %s)" % (_gpg, username, password))
try:
secret_keys = list(_gpg.keylist(pattern=username, secret=True))
log.debug("key.secret_keys=%s" % secret_keys)
if not secret_keys:
log.warning(f"""Unable to find any key matching "{username}".""")
exit(1)
else:
_gpg.secret_key = secret_keys[0]
log.info(f"""Found key id "{_gpg.secret_key.fpr}" matching "{username}".""")
log.debug("key._gpg.secret_key.expired=%s" % _gpg.secret_key.expired)
log.debug("key._gpg.secret_key.fpr=%s" % _gpg.secret_key.fpr)
log.debug("key._gpg.secret_key.revoked=%s" % _gpg.secret_key.revoked)
log.debug("key._gpg.secret_key.uids=%s" % _gpg.secret_key.uids)
log.debug("key._gpg.secret_key.owner_trust=%s" % _gpg.secret_key.owner_trust)
log.debug("key._gpg.secret_key.last_update=%s" % _gpg.secret_key.last_update)
if password:
gpg_passphrase_cb = gpg_passphrase(password).cb
_gpg.set_passphrase_cb(gpg_passphrase_cb)
_gpg.set_pinentry_mode(gpg.constants.PINENTRY_MODE_LOOPBACK)
_gpg.public_armor = _gpg.key_export(_gpg.secret_key.fpr)
_gpg.secret_armor = _gpg.key_export_secret(_gpg.secret_key.fpr)
if not _gpg.secret_armor:
log.error(f"""Unable to export gpg secret key id "{_gpg.secret_key.fpr}" for username "{username}". Please check your password!""")
exit(2)
with warnings.catch_warnings():
# remove CryptographyDeprecationWarning about deprecated
# SymmetricKeyAlgorithm IDEA, CAST5 and Blowfish (PGPy v0.5.4)
warnings.simplefilter('ignore')
_pgpy, _ = pgpy.PGPKey.from_blob(_gpg.secret_armor)
key = from_pgpy(_pgpy, password)
key.gpg = _gpg
return key
except Exception as e:
log.error(f'Unable to get key from gpg: {e}')
exit(2)
def from_jwk(jwk):
log.debug("key.from_jwk(%s)" % jwk)
key = ed25519.from_jwk(jwk)
key.jwk = jwk
return key
def from_libp2p(libp2p):
log.debug("key.from_libp2p(%s)" % libp2p)
return ed25519.from_libp2p(libp2p)
def from_mnemonic(mnemonic, scrypt_params=None):
log.debug("key.from_mnemonic(%s, %s)" % (mnemonic, scrypt_params))
try:
return from_duniterpy(duniterpy.key.SigningKey.from_dubp_mnemonic(
mnemonic,
scrypt_params
))
except Exception as e:
log.error(f'Unable to get key from mnemonic: {e}')
exit(2)
def from_pem(pem):
log.debug("key.from_pem(%s)" % pem)
return ed25519.from_pem(pem)
def from_pgpy(_pgpy, password=None):
log.debug("key.from_pgpy(%s, %s)" % (_pgpy, password))
try:
log.debug("key._pgpy.fingerprint.keyid=%s" % _pgpy.fingerprint.keyid)
log.debug("key._pgpy.is_protected=%s" % _pgpy.is_protected)
_pgpy.key_type = pgpy_key_type(_pgpy)
if _pgpy.is_protected:
if not password:
with pynentry.PynEntry() as p:
p.description = f"""The exported pgp key id "{_pgpy.fingerprint.keyid}" is password protected.
Please enter the passphrase again to unlock it.
"""
p.prompt = 'Passphrase:'
try:
password = p.get_pin()
except pynentry.PinEntryCancelled:
log.warning('Cancelled! Goodbye.')
exit(1)
try:
with warnings.catch_warnings():
# remove CryptographyDeprecationWarning about deprecated
# SymmetricKeyAlgorithm IDEA, CAST5 and Blowfish (PGPy v0.5.4)
warnings.simplefilter('ignore')
with _pgpy.unlock(password):
assert _pgpy.is_unlocked
log.debug("key._pgpy.is_unlocked=%s" % _pgpy.is_unlocked)
key = ed25519.from_pgpy(_pgpy)
except Exception as e:
log.error(f"""Unable to unlock pgp secret key id "{pgpy.fingerprint.keyid}": {e}""")
exit(2)
else:
key = ed25519.from_pgpy(_pgpy)
key.pgpy = _pgpy
return key
except Exception as e:
log.error(f'Unable to get key from pgpy: {e}')
exit(2)
def pgpy_key_type(_pgpy):
log.debug("key.pgpy_key_type(%s)" % _pgpy)
if isinstance(_pgpy._key.keymaterial, pgpy.packet.fields.RSAPriv):
key_type = 'RSA'
elif isinstance(_pgpy._key.keymaterial, pgpy.packet.fields.DSAPriv):
key_type = 'DSA'
elif isinstance(_pgpy._key.keymaterial, pgpy.packet.fields.ElGPriv):
key_type = 'ElGamal'
elif isinstance(_pgpy._key.keymaterial, pgpy.packet.fields.ECDSAPriv):
key_type = 'ECDSA'
elif isinstance(_pgpy._key.keymaterial, pgpy.packet.fields.EdDSAPriv):
key_type = 'EdDSA'
elif isinstance(_pgpy._key.keymaterial, pgpy.packet.fields.ECDHPriv):
key_type = 'ECDH'
else:
key_type = 'undefined'
log.debug("key.pgpy_key_type().key_type=%s" % key_type)
return key_type
class gpg_passphrase():
def __init__(self, password):
log.debug("gpg_passphrase().__init__(%s)" % password)
self.password = password
def cb(self, uid_hint, passphrase_info, prev_was_bad):
log.debug("gpg_passphrase().cb(%s, %s, %s)" % (uid_hint, passphrase_info, prev_was_bad))
return self.password
class key():
def __init__(self):
log.debug("key().__init__()")
self.algorithm = 'undefined'
self.cryptography = None
def __del__(self):
log.debug("key().__del__()")
self._cleanup()
def _cleanup(self):
log.debug("key()._cleanup()")
if hasattr(self, 'duniterpy'):
if hasattr(self.duniterpy, 'seed') and self.duniterpy.seed:
clearmem(self.duniterpy.seed)
log.debug("cleared: key().duniterpy.seed")
if hasattr(self.duniterpy, 'sk') and self.duniterpy.sk:
clearmem(self.duniterpy.sk)
log.debug("cleared: key().duniterpy.sk")
if hasattr(self, 'gpg'):
if hasattr(self.gpg, 'secret_armor') and self.gpg.secret_armor:
clearmem(self.gpg.secret_armor)
log.debug("cleared: key().gpg.secret_armor")
if hasattr(self, 'jwk'):
if hasattr(self, 'secret_jwk') and self.secret_jwk:
clearmem(self.secret_jwk)
log.debug("cleared: key().secret_jwk")
if hasattr(self.jwk, 'd') and self.jwk.d:
clearmem(self.jwk.d)
log.debug("cleared: key().jwk.d")
if hasattr(self, 'pgpy'):
if hasattr(self.pgpy._key.keymaterial, 'p') and self.pgpy._key.keymaterial.p and not isinstance(self.pgpy._key.keymaterial.p, pgpy.packet.fields.ECPoint):
clearmem(self.pgpy._key.keymaterial.p)
log.debug("cleared: key().pgpy._key.material.p")
if hasattr(self.pgpy._key.keymaterial, 'q') and self.pgpy._key.keymaterial.q:
clearmem(self.pgpy._key.keymaterial.q)
log.debug("cleared: key().pgpy._key.material.q")
if hasattr(self.pgpy._key.keymaterial, 's') and self.pgpy._key.keymaterial.s:
clearmem(self.pgpy._key.keymaterial.s)
log.debug("cleared: key().pgpy._key.material.s")
if hasattr(self, 'secret_b36mf') and self.secret_b36mf:
clearmem(self.secret_b36mf)
log.debug("cleared: key().secret_b36mf")
if hasattr(self, 'secret_b58mf') and self.secret_b58mf:
clearmem(self.secret_b58mf)
log.debug("cleared: key().secret_b58mf")
if hasattr(self, 'secret_b58mh') and self.secret_b58mh:
clearmem(self.secret_b58mh)
log.debug("cleared: key().secret_b58mh")
if hasattr(self, 'secret_b64mh') and self.secret_b64mh:
clearmem(self.secret_b64mh)
log.debug("cleared: key().secret_b64mh")
if hasattr(self, 'secret_base58') and self.secret_base58:
clearmem(self.secret_base58)
log.debug("cleared: key().secret_base58")
if hasattr(self, 'secret_base64') and self.secret_base64:
clearmem(self.secret_base64)
log.debug("cleared: key().secret_base64")
if hasattr(self, 'secret_cidv1') and self.secret_cidv1:
clearmem(self.secret_cidv1)
log.debug("cleared: key().secret_cidv1")
if hasattr(self, 'secret_libp2p') and self.secret_libp2p:
clearmem(self.secret_libp2p)
log.debug("cleared: key().secret_libp2p")
if hasattr(self, 'secret_pem_pkcs8') and self.secret_pem_pkcs8:
clearmem(self.secret_pem_pkcs8)
log.debug("cleared: key().secret_pem_pkcs8")
if hasattr(self, 'secret_proto2') and self.secret_proto2:
clearmem(self.secret_proto2)
log.debug("cleared: key().secret_proto2")
def to_b36mf(self):
log.debug("key().to_b36mf()")
if not hasattr(self, 'public_cidv1') or not hasattr(self, 'secret_cidv1'):
self.to_cidv1()
try:
self.public_b36mf = 'k' + base36.dumps(int.from_bytes(self.public_cidv1, byteorder='big'))
self.secret_b36mf = 'k' + base36.dumps(int.from_bytes(self.secret_cidv1, byteorder='big'))
except Exception as e:
log.error(f'Unable to get b36mf from cidv1: {e}')
exit(2)
log.debug("key().public_b36mf=%s" % self.public_b36mf)
log.debug("key().secret_b36mf=%s" % self.secret_b36mf)
def to_b58mf(self):
log.debug("key().to_b58mf()")
if not hasattr(self, 'public_cidv1') or not hasattr(self, 'secret_cidv1'):
self.to_cidv1()
try:
self.public_b58mf = 'z' + base58.b58encode(self.public_cidv1).decode('ascii')
self.secret_b58mf = 'z' + base58.b58encode(self.secret_cidv1).decode('ascii')
except Exception as e:
log.error(f'Unable to get b58mf from cidv1: {e}')
exit(2)
log.debug("key().public_b58mf=%s" % self.public_b58mf)
log.debug("key().secret_b58mf=%s" % self.secret_b58mf)
def to_b58mh(self):
log.debug("key().to_b58mh()")
if not hasattr(self, 'public_libp2p') or not hasattr(self, 'secret_libp2p'):
self.to_libp2p()
try:
self.public_b58mh = base58.b58encode(self.public_libp2p).decode('ascii')
self.secret_b58mh = base58.b58encode(self.secret_libp2p).decode('ascii')
except Exception as e:
log.error(f'Unable to get b58mh from libp2p: {e}')
exit(2)
log.debug("key().public_b58mh=%s" % self.public_b58mh)
log.debug("key().secret_b58mh=%s" % self.secret_b58mh)
def to_b64mh(self):
log.debug("key().to_b64mh()")
if not hasattr(self, 'public_libp2p') or not hasattr(self, 'secret_libp2p'):
self.to_libp2p()
try:
self.public_b64mh = base64.b64encode(self.public_libp2p).decode('ascii')
self.secret_b64mh = base64.b64encode(self.secret_libp2p).decode('ascii')
except Exception as e:
log.error(f'Unable to get b64mh from libp2p: {e}')
exit(2)
log.debug("key().public_b64mh=%s" % self.public_b64mh)
log.debug("key().secret_b64mh=%s" % self.secret_b64mh)
def to_base58(self):
log.debug("key().to_base58()")
try:
self.public_base58 = base58.b58encode(self.public_bytes).decode('ascii')
self.secret_base58 = base58.b58encode(self.secret_bytes).decode('ascii')
except Exception as e:
log.error(f'Unable to get base58: {e}')
exit(2)
log.debug("key().public_base58=%s" % self.public_base58)
log.debug("key().secret_base58=%s" % self.secret_base58)
def to_base64(self):
log.debug("key().to_base64()")
try:
self.public_base64 = base64.b64encode(self.public_bytes).decode('ascii')
self.secret_base64 = base64.b64encode(self.secret_bytes).decode('ascii')
except Exception as e:
log.error(f'Unable to get base64: {e}')
exit(2)
log.debug("key().public_base64=%s" % self.public_base64)
log.debug("key().secret_base64=%s" % self.secret_base64)
def to_cidv1(self):
log.debug("key().to_cidv1()")
if not hasattr(self, 'public_libp2p') or not hasattr(self, 'secret_libp2p'):
self.to_libp2p()
try:
# \x01: multicodec cid prefix = CIDv1
# \x72: multicodec content prefix = libp2p-key
self.public_cidv1 = b'\x01\x72' + self.public_libp2p
self.secret_cidv1 = b'\x01\x72' + self.secret_libp2p
except Exception as e:
log.error(f'Unable to get cidv1: {e}')
exit(2)
log.debug("key().public_cidv1=%s" % self.public_cidv1)
log.debug("key().secret_cidv1=%s" % self.secret_cidv1)
def to_duniterpy(self):
log.debug("key().to_duniterpy()")
raise NotImplementedError(f"key().to_duniterpy() is not implemented for algorithm {self.algorithm}")
def to_file(self, output_file, file_format=None, password=None):
log.debug("key().to_file(%s, %s, %s)" % (output_file, file_format, password))
try:
if file_format == 'dewif':
if not hasattr(self, 'duniterpy'):
self.to_duniterpy()
if not password:
with pynentry.PynEntry() as p:
p.description = f"""Data in DEWIF file needs to be encrypted.
Please enter a password to encrypt seed.
"""
p.prompt = 'Passphrase:'
try:
password = p.get_pin()
except pynentry.PinEntryCancelled:
log.warning('Cancelled! Goodbye.')
exit(1)
self.duniterpy.save_dewif_v1_file(output_file, password)
elif file_format == 'ewif':
if not hasattr(self, 'duniterpy'):
self.to_duniterpy()
if not password:
with pynentry.PynEntry() as p:
p.description = f"""Data in EWIF file needs to be encrypted.
Please enter a password to encrypt seed.
"""
p.prompt = 'Passphrase:'
try:
password = p.get_pin()
except pynentry.PinEntryCancelled:
log.warning('Cancelled! Goodbye.')
exit(1)
self.duniterpy.save_ewif_file(output_file, password)
elif file_format == 'jwk':
if not hasattr(self, 'jwk'):
self.to_jwk()
with open(output_file, "w") as file:
file.write(self.jwk.export())
elif file_format == 'nacl':
if not hasattr(self, 'duniterpy'):
self.to_duniterpy()
self.duniterpy.save_private_key(output_file)
elif file_format == 'p2p':
if not hasattr(self, 'secret_libp2p'):
self.to_libp2p()
with open(output_file, "wb") as file:
file.write(self.secret_libp2p)
elif file_format == 'pubsec':
if not hasattr(self, 'duniterpy'):
self.to_duniterpy()
self.duniterpy.save_pubsec_file(output_file)
elif file_format == 'seed':
if not hasattr(self, 'duniterpy'):
self.to_duniterpy()
self.duniterpy.save_seedhex_file(output_file)
elif file_format == 'wif':
if not hasattr(self, 'duniterpy'):
self.to_duniterpy()
self.duniterpy.save_wif_file(output_file)
else:
if not hasattr(self, 'secret_pem_pkcs8'):
self.to_pem_pkcs8()
with open(output_file, "w") as file:
file.write(self.secret_pem_pkcs8)
except Exception as e:
log.error(f'Unable to write key to output file {output_file}: {e}')
exit(2)
def to_jwk(self):
log.debug("key().to_jwk()")
try:
if not hasattr(self, 'jwk'):
self.jwk = JWK.from_pyca(self.cryptography)
self.public_jwk = self.jwk.export_public()
self.secret_jwk = self.jwk.export_private()
except Exception as e:
log.error(f'Unable to get jwk: {e}')
exit(2)
def to_libp2p(self):
log.debug("key().to_libp2p()")
try:
if not hasattr(self, 'public_proto2') or not hasattr(self, 'secret_proto2'):
self.to_proto2()
# \x00: multihash prefix = raw id
# \x24: multihash length = 36 bytes
self.public_libp2p = b'\x00$' + self.public_proto2
self.secret_libp2p = self.secret_proto2
except Exception as e:
log.error(f'Unable to get libp2p: {e}')
exit(2)
log.debug("key().public_libp2p=%s" % self.public_libp2p)
log.debug("key().secret_libp2p=%s" % self.secret_libp2p)
def to_pem_pkcs8(self):
log.debug("key().to_pem_pkcs8()")
try:
self.secret_pem_pkcs8 = self.cryptography.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.PKCS8,
encryption_algorithm=serialization.NoEncryption()
).decode('ascii')
except Exception as e:
log.error(f'Unable to get pem pkcs8: {e}')
exit(2)
log.debug("key().secret_pem_pkcs8=%s" % self.secret_pem_pkcs8)
def to_proto2(self):
log.debug("key().to_proto2()")
raise NotImplementedError(f"key().to_proto2() is not implemented for algorithm {self.algorithm}")

136
key/ed25519.py Normal file
View File

@ -0,0 +1,136 @@
#!/usr/bin/env python3
# link: https://git.p2p.legal/aya/dpgpid/
# desc: dpgpid builds a decentralized gpg world of trust with did over ipfs
# Copyleft 2022 Yann Autissier <aya@asycn.io>
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
from . import key
from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey
from cryptography.hazmat.primitives import serialization
from SecureBytes import clearmem
import duniterpy.key
import logging as log
def from_duniterpy(duniterpy):
log.debug("ed25519.from_duniterpy(%s)" % duniterpy)
try:
return ed25519(duniterpy.sk[:32])
except Exception as e:
log.error(f'Unable to get ed25519 from duniterpy: {e}')
exit(2)
def from_jwk(jwk):
log.debug("ed25519.from_jwk(%s)" % jwk)
try:
return ed25519(jwk._okp_pri().private_bytes(
encoding=serialization.Encoding.Raw,
format=serialization.PrivateFormat.Raw,
encryption_algorithm=serialization.NoEncryption()
))
except Exception as e:
log.error(f'Unable to get ed25519 from jwk: {e}')
exit(2)
def from_libp2p(libp2p):
log.debug("ed25519.from_libp2p(%s) % libp2p")
try:
return ed25519(libp2p.lstrip(b'\x08\x01\x12@')[:32])
except Exception as e:
log.error(f'Unable to get ed25519 from libp2p: {e}')
exit(2)
def from_pem(pem):
log.debug("ed25519.from_pem(%s)" % pem)
try:
return ed25519(serialization.load_pem_private_key(pem, password=None).private_bytes(
encoding=serialization.Encoding.Raw,
format=serialization.PrivateFormat.Raw,
encryption_algorithm=serialization.NoEncryption()
))
except Exception as e:
log.error(f'Unable to get ed25519 from pem: {e}')
exit(2)
def from_pgpy(_pgpy):
log.debug("ed25519.from_pgpy(%s)" % _pgpy)
try:
if _pgpy.key_type == 'RSA':
log.debug("ed25519._pgpy._key.keymaterial.p=%s" % _pgpy._key.keymaterial.p)
log.debug("ed25519._pgpy._key.keymaterial.q=%s" % _pgpy._key.keymaterial.q)
# rsa custom seed: sha256 hash of (p + q), where + is a string concatenation
# self.ed25519_seed_bytes = nacl.bindings.crypto_hash_sha256((rsa_int).to_bytes(rsa_len,byteorder='big'))
rsa_int = int(str(_pgpy._key.keymaterial.p) + str(_pgpy._key.keymaterial.q))
rsa_len = (rsa_int.bit_length() + 7) // 8
from cryptography.hazmat.primitives import hashes
digest = hashes.Hash(hashes.SHA256())
digest.update((rsa_int).to_bytes(rsa_len,byteorder='big'))
seed = digest.finalize()
# seed_bytes = nacl.bindings.crypto_hash_sha256((rsa_int).to_bytes(rsa_len,byteorder='big'))
elif _pgpy.key_type in ('ECDSA', 'EdDSA', 'ECDH'):
log.debug("ed25519._pgpy._key.keymaterial.s=%s" % _pgpy._key.keymaterial.s)
seed = _pgpy._key.keymaterial.s.to_bytes(32, byteorder='big')
else:
raise NotImplementedError(f"getting seed from pgpy key type {_pgpy.key_type} is not implemented.")
return ed25519(seed)
except Exception as e:
log.error(f'Unable to get ed25519 from pgpy: {e}')
exit(2)
class ed25519(key):
def __init__(self, seed: bytes):
log.debug("ed25519().__init__(%s)" % seed)
super().__init__()
self.algorithm = 'ed25519'
self.cryptography = Ed25519PrivateKey.from_private_bytes(seed)
self.public_bytes = self.cryptography.public_key().public_bytes(
encoding=serialization.Encoding.Raw,
format=serialization.PublicFormat.Raw,
)
self.secret_bytes = seed + self.public_bytes
self.seed_bytes = seed
def _cleanup(self):
log.debug("ed25519()._cleanup()")
if hasattr(self, 'secret_bytes') and self.secret_bytes:
clearmem(self.secret_bytes)
log.debug("cleared: ed25519().secret_bytes")
if hasattr(self, 'seed_bytes') and self.seed_bytes:
clearmem(self.seed_bytes)
log.debug("cleared: ed25519().seed_bytes")
super()._cleanup()
def to_duniterpy(self):
log.debug("ed25519().to_duniterpy()")
try:
if not hasattr(self, 'duniterpy'):
self.duniterpy = duniterpy.key.SigningKey(self.seed_bytes)
except Exception as e:
log.error(f'Unable to get duniterpy: {e}')
exit(2)
log.debug("ed25519().duniterpy.seed: %s" % self.duniterpy.seed)
def to_proto2(self):
log.debug("ed25519().to_proto2()")
try:
## libp2p Protocol Buffer serialization
self.public_proto2 = b'\x08\x01\x12 ' + self.public_bytes
self.secret_proto2 = b'\x08\x01\x12@' + self.secret_bytes
except Exception as e:
log.error(f'Unable to get proto2: {e}')
exit(2)
log.debug("ed25519().public_proto2=%s" % self.public_proto2)
log.debug("ed25519().secret_proto2=%s" % self.secret_proto2)

819
keygen
View File

@ -1,14 +1,8 @@
#!/usr/bin/env python3
# link: https://git.p2p.legal/aya/dpgpid/
# desc: generate ed25519 keys for duniter and ipfs from gpg
# desc: dpgpid builds a decentralized gpg world of trust with did over ipfs
# Copyleft 2022 Yann Autissier <aya@asycn.io>
# all crypto science belongs to Pascal Engélibert <tuxmain@zettascript.org>
# coming from files available at https://git.p2p.legal/qo-op/Astroport.ONE/tools
# gpgme stuff has been provided by Ben McGinnes
# and comes from http://files.au.adversary.org/crypto/gpgme-python-howto.html
# gpg key extraction is taken from work of Simon Vareille available at
# https://gist.github.com/SimonVareille/fda49baf5f3e15b5c88e25560aeb2822
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
@ -24,28 +18,13 @@
# along with this program. If not, see <https://www.gnu.org/licenses/>.
import argparse
import base58
import base64
import configparser
from cryptography.hazmat.primitives.asymmetric import ed25519
from cryptography.hazmat.primitives import serialization
import duniterpy.key
import gpg
from jwcrypto import jwk
import logging as log
import nacl.bindings
import nacl.encoding
import pgpy
import pynentry
from SecureBytes import clearmem
import os
import re
import struct
import sys
import time
import warnings
__version__='0.0.5'
from about import __version__
import key
class keygen:
def __init__(self):
@ -62,7 +41,7 @@ class keygen:
self.parser.add_argument(
"-f",
"--format",
choices=['ewif', 'jwk', 'nacl','pb2','pem','pubsec','seed','wif'],
choices=['ewif', 'jwk', 'nacl','p2p','pem','pubsec','seed','wif'],
default=None,
dest="format",
help="output file format, default: pem (pkcs8)",
@ -77,7 +56,7 @@ class keygen:
"-i",
"--input",
dest="input",
help="read ed25519 key from file FILE, autodetect format: {credentials,ewif,jwk,nacl,mnemonic,pb2,pubsec,seed,wif}",
help="read ed25519 key from file FILE, autodetect format: {credentials,ewif,jwk,nacl,mnemonic,p2p,pem,pubsec,seed,wif}",
metavar='FILE',
)
self.parser.add_argument(
@ -102,9 +81,9 @@ class keygen:
)
self.parser.add_argument(
"-p",
"--prefix",
action="store_true",
help="prefix output text with key type",
"--password",
dest="password",
help="user password for duniter, gpg key and file encryption",
)
self.parser.add_argument(
"-q",
@ -121,7 +100,7 @@ class keygen:
self.parser.add_argument(
"-t",
"--type",
choices=['b58mh','b64mh','base58','base64','duniter','ipfs','jwk'],
choices=['b36mf', 'b58mf', 'b58mh','b64mh','base58','base64','duniter','ipfs','jwk'],
default="base58",
dest="type",
help="output text format, default: base58",
@ -139,171 +118,16 @@ class keygen:
)
self.parser.add_argument(
'username',
nargs="?",
)
self.parser.add_argument(
'password',
nargs="?",
help="username, mnemonic or gpg key",
nargs="*",
)
def _check_args(self, args):
log.debug("keygen._check_args(%s)" % args)
if self.input is None and self.username is None:
log.debug("keygen()._check_args(%s)" % args)
if self.input is None and not len(self.username):
self.parser.error('keygen requires an input file or a username')
def _cleanup(self):
log.debug("keygen._cleanup()")
if hasattr(self, 'duniterpy'):
if hasattr(self.duniterpy, 'seed') and self.duniterpy.seed:
clearmem(self.duniterpy.seed)
log.debug("cleared: keygen.duniterpy.seed")
if hasattr(self.duniterpy, 'sk') and self.duniterpy.sk:
clearmem(self.duniterpy.sk)
log.debug("cleared: keygen.duniterpy.sk")
if hasattr(self, 'ed25519_secret_base58') and self.ed25519_secret_base58:
clearmem(self.ed25519_secret_base58)
log.debug("cleared: keygen.ed25519_secret_base58")
if hasattr(self, 'ed25519_secret_base64') and self.ed25519_secret_base64:
clearmem(self.ed25519_secret_base64)
log.debug("cleared: keygen.ed25519_secret_base64")
if hasattr(self, 'ed25519_secret_bytes') and self.ed25519_secret_bytes:
clearmem(self.ed25519_secret_bytes)
log.debug("cleared: keygen.ed25519_secret_bytes")
if hasattr(self, 'ed25519_secret_pem_pkcs8') and self.ed25519_secret_pem_pkcs8:
clearmem(self.ed25519_secret_pem_pkcs8)
log.debug("cleared: keygen.ed25515_secret_pem_pkcs8")
if hasattr(self, 'ed25519_secret_protobuf') and self.ed25519_secret_protobuf:
clearmem(self.ed25519_secret_protobuf)
log.debug("cleared: keygen.ed25515_secret_protobuf")
if hasattr(self, 'ed25519_seed_bytes') and self.ed25519_seed_bytes:
clearmem(self.ed25519_seed_bytes)
log.debug("cleared: keygen.ed25519_seed_bytes")
if hasattr(self, 'ipfs_privkey') and self.ipfs_privkey:
clearmem(self.ipfs_privkey)
log.debug("cleared: keygen.ipfs_privkey")
if hasattr(self, 'jwk'):
if hasattr(self.jwk, 'd') and self.jwk.d:
clearmem(self.jwk.d)
log.debug("cleared: keygen.jwk.d")
if hasattr(self, 'password') and self.password:
clearmem(self.password)
log.debug("cleared: keygen.password")
if hasattr(self, 'pgp_secret_armor') and self.pgp_secret_armor:
clearmem(self.pgp_secret_armor)
log.debug("cleared: keygen.pgp_secret_armor")
if hasattr(self, 'pgpy'):
if hasattr(self.pgpy._key.keymaterial, 'p') and self.pgpy._key.keymaterial.p and not isinstance(self.pgpy._key.keymaterial.p, pgpy.packet.fields.ECPoint):
clearmem(self.pgpy._key.keymaterial.p)
log.debug("cleared: keygen.pgpy._key.material.p")
if hasattr(self.pgpy._key.keymaterial, 'q') and self.pgpy._key.keymaterial.q:
clearmem(self.pgpy._key.keymaterial.q)
log.debug("cleared: keygen.pgpy._key.material.q")
if hasattr(self.pgpy._key.keymaterial, 's') and self.pgpy._key.keymaterial.s:
clearmem(self.pgpy._key.keymaterial.s)
log.debug("cleared: keygen.pgpy._key.material.s")
if hasattr(self, 'username') and self.username:
clearmem(self.username)
log.debug("cleared: keygen.username")
def _invalid_type(self):
log.debug("keygen._invalid_type()")
self.parser.error(f"type {self.type} is not valid.")
def _load_config(self):
log.debug("keygen._load_config()")
self.config = configparser.RawConfigParser()
config_dir = os.path.join(os.environ.get('XDG_CONFIG_HOME', os.path.expanduser('~/.config')), 'dpgpid')
log.debug("config_dir=%s" % config_dir)
self.config.read( [config_dir + '/keygen.conf'] )
def _output(self, public_key, secret_key, public_key_prefix, secret_key_prefix):
log.debug("keygen._output()")
if self.output is None:
self._output_text(public_key, secret_key, public_key_prefix, secret_key_prefix)
else:
self._output_file()
os.chmod(self.output, 0o600)
self._cleanup()
def _output_file(self):
log.debug("keygen._output_file()")
try:
if self.format == 'dewif':
if not hasattr(self, 'duniterpy'):
self.duniterpy_from_ed25519_seed_bytes()
if not self.password:
with pynentry.PynEntry() as p:
p.description = f"""Data in DEWIF file needs to be encrypted.
Please enter a password to encrypt seed.
"""
p.prompt = 'Passphrase:'
try:
self.password = p.get_pin()
except pynentry.PinEntryCancelled:
log.warning('Cancelled! Goodbye.')
self._cleanup()
exit(1)
self.duniterpy.save_dewif_v1_file(self.output, self.password)
elif self.format == 'ewif':
if not hasattr(self, 'duniterpy'):
self.duniterpy_from_ed25519_seed_bytes()
if not self.password:
with pynentry.PynEntry() as p:
p.description = f"""Data in EWIF file needs to be encrypted.
Please enter a password to encrypt seed.
"""
p.prompt = 'Passphrase:'
try:
self.password = p.get_pin()
except pynentry.PinEntryCancelled:
log.warning('Cancelled! Goodbye.')
self._cleanup()
exit(1)
self.duniterpy.save_ewif_file(self.output, self.password)
elif self.format == 'jwk':
if not hasattr(self, 'jwk'):
self.jwk_from_ed25519()
with open(self.output, "w") as file:
file.write(self.jwk.export())
elif self.format == 'nacl':
if not hasattr(self, 'duniterpy'):
self.duniterpy_from_ed25519_seed_bytes()
self.duniterpy.save_private_key(self.output)
elif self.format == 'pb2':
if not hasattr(self, 'ed25519_secret_protobuf'):
self.protobuf_from_ed25519()
with open(self.output, "wb") as file:
file.write(self.ed25519_secret_protobuf)
elif self.format == 'pubsec':
if not hasattr(self, 'duniterpy'):
self.duniterpy_from_ed25519_seed_bytes()
self.duniterpy.save_pubsec_file(self.output)
elif self.format == 'seed':
if not hasattr(self, 'duniterpy'):
self.duniterpy_from_ed25519_seed_bytes()
self.duniterpy.save_seedhex_file(self.output)
elif self.format == 'wif':
if not hasattr(self, 'duniterpy'):
self.duniterpy_from_ed25519_seed_bytes()
self.duniterpy.save_wif_file(self.output)
else:
if not hasattr(self, 'ed25519_secret_pem_pkcs8'):
self.pem_pkcs8_from_ed25519()
with open(self.output, "w") as file:
file.write(self.ed25519_secret_pem_pkcs8)
except Exception as e:
log.error(f'Unable to output file {self.output}: {e}')
self._cleanup()
exit(2)
def _output_text(self, public_key, secret_key, public_key_prefix, secret_key_prefix):
log.debug("keygen._output_text()")
if self.keys or not self.secret:
print("%s" % ''.join([self.prefix * public_key_prefix, public_key]))
if self.keys or self.secret:
print("%s" % ''.join([self.prefix * secret_key_prefix, secret_key]))
def _run(self, argv):
def _cli(self, argv):
args = self.parser.parse_args(argv)
vars(self).update(vars(args))
@ -324,573 +148,118 @@ class keygen:
else:
log_level='WARNING'
log.basicConfig(format=log_format, datefmt=log_datefmt, level=log_level)
log.debug("keygen.run(%s)" % argv)