diff --git a/Makefile b/Makefile
index d3cbe1b..9aebf8c 100644
--- a/Makefile
+++ b/Makefile
@@ -3,3 +3,5 @@ MYOS_REPOSITORY ?= https://github.com/aynicos/myos
-include $(MYOS)/make/include.mk
$(MYOS):
-@git clone $(MYOS_REPOSITORY) $(MYOS)
+
+ENV_VARS += DOCKER_INTERNAL_DOCKER_HOST
diff --git a/docker/Dockerfile b/docker/Dockerfile
index 638ca50..0ecb522 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -38,14 +38,14 @@ RUN apk add --no-cache --virtual .build-deps \
python3-dev \
swig \
&& mkdir -p /usr/local/src/jaklis \
- && wget -qO - https://git.p2p.legal/axiom-team/jaklis/archive/master.tar.gz \
+ && wget -qO - https://github.com/aynicos/jaklis/archive/master.tar.gz \
|tar --strip-components 1 -C /usr/local/src/jaklis -xzf - \
&& pip3 install -r /usr/local/src/jaklis/requirements.txt \
&& ln -s /usr/local/src/jaklis/jaklis.py /usr/local/bin/jaklis \
&& chmod 0755 /usr/local/bin/jaklis \
&& /usr/local/bin/jaklis --help >/dev/null \
&& mkdir -p /usr/local/src/dpgpid \
- && wget -qO - https://git.p2p.legal/aya/dpgpid/archive/master.tar.gz \
+ && wget -qO - https://github.com/aynicos/dpgpid/archive/wip.tar.gz \
|tar --strip-components 1 -C /usr/local/src/dpgpid -xzf - \
&& pip3 install -r /usr/local/src/dpgpid/requirements.txt \
&& ln -s /usr/local/src/dpgpid/keygen /usr/local/bin/keygen \
@@ -93,3 +93,6 @@ RUN [ "$UID" -eq "$UID" ] 2>/dev/null \
ENV SHELL=${SHELL}
WORKDIR /var/www
+
+RUN rm /etc/php7/conf.d/00_opcache.ini
+RUN sed -i 's/^;php_flag[display_errors] = off/php_flag[display_errors] = on/' /etc/php7/php-fpm.d/www.conf
diff --git a/docker/docker-compose.app.yml b/docker/docker-compose.app.yml
index 3cbd62e..dc6aee3 100644
--- a/docker/docker-compose.app.yml
+++ b/docker/docker-compose.app.yml
@@ -12,6 +12,9 @@ services:
networks:
- private
- public
+ extra_hosts:
+ - astroport.localhost:${DOCKER_INTERNAL_DOCKER_HOST}
+
networks:
private:
diff --git a/lib/Fred.class.php b/lib/Fred.class.php
index ccbf7d8..b5ef70a 100644
--- a/lib/Fred.class.php
+++ b/lib/Fred.class.php
@@ -5,15 +5,23 @@ class Fred {
private $gatewayProtocol = 'http';
private $gatewayDomain = 'libra.copylaradio.com';
+ // private $gatewayDomain = 'aries.copylaradio.com';
+ // private $gatewayDomain = 'astroport.localhost';
private $gatewayPort = '1234';
private $gatewayDelay = 3;
+ private $gatewayMaxRounds = 1;
+
public function __construct () {
}
+ public function donneMoiLAdresseIPDuServeurQuiHebergeMonTiddlyWiki ($salt, $pepper) {
+
+ }
+
public function donneMoiLaPutainDeClefIPNS ($prenomNom, $nomDuChienSuivieDeLaDateDeNaissanceDeJohnnyHallyday) {
$salt = $prenomNom;
@@ -31,12 +39,37 @@ class Fred {
preg_match("`url='([^']+)'`isU", $page1, $matches);
$url = $matches[1];
+
+ $opts2 = array(
+ 'http'=>array(
+ 'method'=>"GET",
+ 'header'=>"Accept-language: fr\r\n",
+ 'follow_location' => 0
+ )
+ );
+
+ $context2 = stream_context_create($opts2);
+
+ $page2 = false;
+ $rounds = 0;
+
+ while (($page2 === false) and $rounds < $this->gatewayMaxRounds) {
+
+ sleep($this->gatewayDelay);
+ // echo "\n\n\nround n°" . $rounds . "\n";
+
+ $page2 = @file_get_contents($url, false, $context2);
+
+ // echo ''. print_r(htmlspecialchars($page2), true) . '
';
+
+ $rounds++;
+ }
- sleep($this->gatewayDelay);
+ if ($page2 === false) {
- $page2 = file_get_contents($url);
-
- if (empty($page2)) {
+ throw new Exception("J'ai pas pû me connecter à ". $url ." pour récupérer la putain de deuxième page.");
+
+ } else if (empty($page2)) {
throw new Exception("J'ai pas pû récupérer la putain de deuxième page.");
}
@@ -78,10 +111,12 @@ class Fred {
$page2 = '';
$rounds = 0;
- while (empty($page2) and $rounds < 10) {
+ while (empty($page2) and $rounds < $this->gatewayMaxRounds) {
sleep($this->gatewayDelay);
$page2 = file_get_contents($url);
+
+ $rounds++;
}
if (empty($page2)) {
@@ -154,11 +189,13 @@ class Fred {
$rounds = 0;
- while (empty($page2) and $rounds < 10) {
+ while (empty($page2) and $rounds < $this->gatewayMaxRounds) {
sleep($this->gatewayDelay);
$page2 = file_get_contents($url, false, $context2);
+
+ $rounds++;
}
if (empty($page2)) {
diff --git a/lib/Jaklis.class.php b/lib/Jaklis.class.php
index 3bbd6e1..1ca6bd9 100644
--- a/lib/Jaklis.class.php
+++ b/lib/Jaklis.class.php
@@ -7,6 +7,8 @@ class Jaklis {
private $mode;
private $jaklisPath = __DIR__ . '/../vendors/jaklis/jaklis';
+
+ // private $jaklisPath = 'jaklis'; // if you use Docker
private $nodes = [
diff --git a/lib/Keygen.class.php b/lib/Keygen.class.php
index 441381a..36d217f 100644
--- a/lib/Keygen.class.php
+++ b/lib/Keygen.class.php
@@ -3,6 +3,8 @@
class Keygen {
private $keygenPath = __DIR__ . '/../vendors/keygen/keygen';
+
+ // private $keygenPath = 'keygen'; // if you use Docker
private $pubsecDir = __DIR__ .'/../cache/pubsec/';
@@ -21,7 +23,7 @@ class Keygen {
$cmd .= ' -f pubsec';
$cmd .= ' -t duniter';
$cmd .= ' "'. $salt .'"';
- $cmd .= ' "'. $pepper .'"';
+ $cmd .= ' -p "'. $pepper .'"';
$output=null;
$result_code=null;
@@ -37,6 +39,30 @@ class Keygen {
return $output[0];
}
+ public function getIPNSPub ($salt, $pepper) {
+
+ $salt = str_replace('"', '\"', $salt);
+ $pepper = str_replace('"', '\"', $pepper);
+
+ $cmd = $this->keygenPath;
+ $cmd .= ' -t b36mf';
+ $cmd .= ' "'. $salt .'"';
+ $cmd .= ' -p "'. $pepper .'"';
+
+ $output=null;
+ $result_code=null;
+ exec($cmd, $output, $result_code);
+
+ // die($cmd . '
'. print_r($output, true) . '
'. print_r($result_code, true));
+
+ if (empty($output) or empty($output[0])) {
+
+ throw new Exception('Keygen me calcule pas (la pub IPNS) :
' . $cmd . '
');
+ }
+
+ return $output[0];
+ }
+
public function generatePubsec ($salt, $pepper) {
$salt = str_replace('"', '\"', $salt);
@@ -50,22 +76,25 @@ class Keygen {
}
- $cmd = $this->keygenPath;
- $cmd .= ' -f pubsec';
- $cmd .= ' -t duniter';
- $cmd .= ' "'. $salt .'"';
- $cmd .= ' "'. $pepper .'"';
- $cmd .= ' -o '. $this->pubsecDir . $userPubkey . '.dunikey';
+ if (!file_exists($this->pubsecDir . $userPubkey . '.dunikey')) {
- $output=null;
- $result_code=null;
- exec($cmd, $output, $result_code);
+ $cmd = $this->keygenPath;
+ $cmd .= ' -f pubsec';
+ $cmd .= ' -t duniter';
+ $cmd .= ' "'. $salt .'"';
+ $cmd .= ' -p "'. $pepper .'"';
+ $cmd .= ' -o '. $this->pubsecDir . $userPubkey . '.dunikey';
- // die($cmd . '
'. print_r($result_code, true));
+ $output=null;
+ $result_code=null;
+ exec($cmd, $output, $result_code);
- if ($result_code != 0) {
+ // die($cmd . '
'. print_r($result_code, true));
- throw new Exception('Keygen me calcule pas (la dunikey)');
+ if ($result_code != 0) {
+
+ throw new Exception('Keygen me calcule pas (la dunikey)');
+ }
}
}
}
diff --git a/vendors/keygen/__pycache__/about.cpython-39.pyc b/vendors/keygen/__pycache__/about.cpython-39.pyc
new file mode 100644
index 0000000..af2ae68
Binary files /dev/null and b/vendors/keygen/__pycache__/about.cpython-39.pyc differ
diff --git a/vendors/keygen/about.py b/vendors/keygen/about.py
new file mode 100644
index 0000000..8e4032f
--- /dev/null
+++ b/vendors/keygen/about.py
@@ -0,0 +1 @@
+__version__='0.1.0'
diff --git a/vendors/keygen/key/__init__.py b/vendors/keygen/key/__init__.py
new file mode 100644
index 0000000..662dfeb
--- /dev/null
+++ b/vendors/keygen/key/__init__.py
@@ -0,0 +1,581 @@
+#!/usr/bin/env python3
+# link: https://git.p2p.legal/aya/dpgpid/
+# desc: dpgpid builds a decentralized gpg world of trust with did over ipfs
+
+# Copyleft 2022 Yann Autissier
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see .
+
+from cryptography.hazmat.primitives import serialization
+from jwcrypto.jwk import JWK
+from SecureBytes import clearmem
+import base36
+import base58
+import base64
+import duniterpy.key
+import gpg
+import logging as log
+import pgpy
+import pynentry
+import re
+import warnings
+
+def from_args(args, config):
+ log.debug("key.from_args(%s, %s)" % (args, config))
+ from key import ed25519
+ if args.gpg:
+ _gpg = gpg.Context(armor=True, offline=True)
+ return from_gpg(_gpg, args.username[0], args.password)
+ else:
+ scrypt_params = duniterpy.key.scrypt_params.ScryptParams(
+ int(config.get('scrypt', 'n')) if config and config.has_option('scrypt', 'n') else 4096,
+ int(config.get('scrypt', 'r')) if config and config.has_option('scrypt', 'r') else 16,
+ int(config.get('scrypt', 'p')) if config and config.has_option('scrypt', 'p') else 1,
+ int(config.get('scrypt', 'sl')) if config and config.has_option('scrypt', 'sl') else 32,
+ )
+ if args.input:
+ return from_file(args.input, args.password, scrypt_params)
+ else:
+ if args.mnemonic:
+ return from_mnemonic(' '.join(args.username), scrypt_params)
+ else:
+ return from_credentials(args.username[0], args.password, scrypt_params)
+
+def from_credentials(username, password=None, scrypt_params=None):
+ log.debug("key.from_credentials(%s, %s, %s)" % (username, password, scrypt_params))
+ try:
+ if not password:
+ with pynentry.PynEntry() as p:
+ p.description = f"""Please enter the passord for username "{username}"."""
+ p.prompt = 'Passsord:'
+ try:
+ password = p.get_pin()
+ except pynentry.PinEntryCancelled:
+ log.warning('Cancelled! Goodbye.')
+ exit(1)
+ return from_duniterpy(duniterpy.key.SigningKey.from_credentials(
+ username,
+ password,
+ scrypt_params
+ ))
+ except Exception as e:
+ log.error(f'Unable to get key from credentials: {e}')
+ exit(2)
+
+def from_duniterpy(duniterpy):
+ log.debug("key.from_duniterpy(%s)" % duniterpy)
+ key = ed25519.from_duniterpy(duniterpy)
+ key.duniterpy = duniterpy
+ return key
+
+def from_file(input_file, password=None, scrypt_params=None):
+ log.debug("key.from_file(%s, %s, %s)" % (input_file, password, scrypt_params))
+ try:
+ with open(input_file, 'r') as file:
+ lines = file.readlines()
+ if len(lines) > 0:
+ line = lines[0].strip()
+ regex_ewif = re.compile('^Type: EWIF$')
+ regex_jwk = re.compile('^\\s*{\\s*"crv":\\s*"Ed25519",\\s*"d":\\s*"(.)+",\\s*"kty":\\s*"OKP",\\s*"x":\\s*"(.)+"\\s*}')
+ regex_nacl = re.compile('^\\s*{\\s*"priv":\\s*"[0-9a-fA-F]+",\\s*"verify":\\s*"[0-9a-fA-F]+",\\s*"sign":\\s*"[0-9a-fA-F]+"\\s*}')
+ regex_pem = re.compile('^-----BEGIN PRIVATE KEY-----$')
+ regex_pubsec = re.compile('^Type: PubSec$')
+ regex_seed = re.compile('^[0-9a-fA-F]{64}$')
+ regex_ssb = re.compile('\\s*{\\s*"curve":\\s*"ed25519",\\s*"public":\\s*"(.+)\\.ed25519",\\s*"private":\\s*"(.+)\\.ed25519",\\s*"id":\\s*"@(.+).ed25519"\\s*}')
+ regex_wif = re.compile('^Type: WIF$')
+ if re.search(regex_ewif, line):
+ log.info("input file format detected: ewif")
+ if not password:
+ with pynentry.PynEntry() as p:
+ p.description = f"""Data in EWIF file is encrypted.
+ Please enter a password to decrypt seed.
+ """
+ p.prompt = 'Passphrase:'
+ try:
+ password = p.get_pin()
+ except pynentry.PinEntryCancelled:
+ log.warning('Cancelled! Goodbye.')
+ exit(1)
+ return from_duniterpy(duniterpy.key.SigningKey.from_ewif_file(input_file, password))
+ elif re.search(regex_jwk, line):
+ log.info("input file format detected: jwk")
+ return from_jwk(JWK.from_json(line))
+ elif re.search(regex_nacl, line):
+ log.info("input file format detected: nacl")
+ return from_duniterpy(duniterpy.key.SigningKey.from_private_key(input_file))
+ elif re.search(regex_pem, line):
+ log.info("input file format detected: pem")
+ return from_pem(''.join(lines).encode())
+ elif re.search(regex_pubsec, line):
+ log.info("input file format detected: pubsec")
+ return from_duniterpy(duniterpy.key.SigningKey.from_pubsec_file(input_file))
+ elif re.search(regex_seed, line):
+ log.info("input file format detected: seed")
+ return from_duniterpy(duniterpy.key.SigningKey.from_seedhex_file(input_file))
+ elif re.search(regex_ssb, line):
+ log.info("input file format detected: ssb")
+ return from_duniterpy(duniterpy.key.SigningKey.from_ssb_file(input_file))
+ elif re.search(regex_wif, line):
+ log.info("input file format detected: wif")
+ return from_duniterpy(duniterpy.key.SigningKey.from_wif_file(input_file))
+ elif len(line.split(' ')) == 12:
+ log.info("input file format detected: mnemonic")
+ return from_mnemonic(line, scrypt_params)
+ elif len(lines) > 1:
+ log.info("input file format detected: credentials")
+ return from_credentials(line, lines[1].strip(), scrypt_params)
+ else:
+ raise NotImplementedError('unknown input file format.')
+ else:
+ raise IOError('empty file.')
+ except UnicodeDecodeError as e:
+ try:
+ with open(input_file, 'rb') as file:
+ lines = file.readlines()
+ if len(lines) > 0:
+ line = lines[0].strip()
+ regex_dewif = re.compile(b'^\x00\x00\x00\x01\x00\x00\x00\x01')
+ regex_p2p = re.compile(b'^\x08\x01\x12@')
+ if re.search(regex_dewif, line):
+ log.info("input file format detected: dewif")
+ if not password:
+ with pynentry.PynEntry() as p:
+ p.description = f"""Data in DEWIF file is encrypted.
+ Please enter a password to decrypt seed.
+ """
+ p.prompt = 'Passphrase:'
+ try:
+ password = p.get_pin()
+ except pynentry.PinEntryCancelled:
+ log.warning('Cancelled! Goodbye.')
+ exit(1)
+ return from_duniterpy(duniterpy.key.SigningKey.from_dewif_file(input_file, password))
+ if re.search(regex_p2p, line):
+ log.info("input file format detected: p2p")
+ return from_libp2p(line)
+ else:
+ raise NotImplementedError('unknown input file format.')
+ else:
+ raise IOError('empty file.')
+ except Exception as e:
+ log.error(f'Unable to get key from input file {input_file}: {e}')
+ exit(2)
+ except Exception as e:
+ log.error(f'Unable to get key from input file {input_file}: {e}')
+ exit(2)
+
+def from_gpg(_gpg, username, password=None):
+ log.debug("key.from_gpg(%s, %s, %s)" % (_gpg, username, password))
+ try:
+ secret_keys = list(_gpg.keylist(pattern=username, secret=True))
+ log.debug("key.secret_keys=%s" % secret_keys)
+ if not secret_keys:
+ log.warning(f"""Unable to find any key matching "{username}".""")
+ exit(1)
+ else:
+ _gpg.secret_key = secret_keys[0]
+ log.info(f"""Found key id "{_gpg.secret_key.fpr}" matching "{username}".""")
+ log.debug("key._gpg.secret_key.expired=%s" % _gpg.secret_key.expired)
+ log.debug("key._gpg.secret_key.fpr=%s" % _gpg.secret_key.fpr)
+ log.debug("key._gpg.secret_key.revoked=%s" % _gpg.secret_key.revoked)
+ log.debug("key._gpg.secret_key.uids=%s" % _gpg.secret_key.uids)
+ log.debug("key._gpg.secret_key.owner_trust=%s" % _gpg.secret_key.owner_trust)
+ log.debug("key._gpg.secret_key.last_update=%s" % _gpg.secret_key.last_update)
+ if password:
+ gpg_passphrase_cb = gpg_passphrase(password).cb
+ _gpg.set_passphrase_cb(gpg_passphrase_cb)
+ _gpg.set_pinentry_mode(gpg.constants.PINENTRY_MODE_LOOPBACK)
+ _gpg.public_armor = _gpg.key_export(_gpg.secret_key.fpr)
+ _gpg.secret_armor = _gpg.key_export_secret(_gpg.secret_key.fpr)
+ if not _gpg.secret_armor:
+ log.error(f"""Unable to export gpg secret key id "{_gpg.secret_key.fpr}" for username "{username}". Please check your password!""")
+ exit(2)
+ with warnings.catch_warnings():
+ # remove CryptographyDeprecationWarning about deprecated
+ # SymmetricKeyAlgorithm IDEA, CAST5 and Blowfish (PGPy v0.5.4)
+ warnings.simplefilter('ignore')
+ _pgpy, _ = pgpy.PGPKey.from_blob(_gpg.secret_armor)
+ key = from_pgpy(_pgpy, password)
+ key.gpg = _gpg
+ return key
+ except Exception as e:
+ log.error(f'Unable to get key from gpg: {e}')
+ exit(2)
+
+def from_jwk(jwk):
+ log.debug("key.from_jwk(%s)" % jwk)
+ key = ed25519.from_jwk(jwk)
+ key.jwk = jwk
+ return key
+
+def from_libp2p(libp2p):
+ log.debug("key.from_libp2p(%s)" % libp2p)
+ return ed25519.from_libp2p(libp2p)
+
+def from_mnemonic(mnemonic, scrypt_params=None):
+ log.debug("key.from_mnemonic(%s, %s)" % (mnemonic, scrypt_params))
+ try:
+ return from_duniterpy(duniterpy.key.SigningKey.from_dubp_mnemonic(
+ mnemonic,
+ scrypt_params
+ ))
+ except Exception as e:
+ log.error(f'Unable to get key from mnemonic: {e}')
+ exit(2)
+
+def from_pem(pem):
+ log.debug("key.from_pem(%s)" % pem)
+ return ed25519.from_pem(pem)
+
+def from_pgpy(_pgpy, password=None):
+ log.debug("key.from_pgpy(%s, %s)" % (_pgpy, password))
+ try:
+ log.debug("key._pgpy.fingerprint.keyid=%s" % _pgpy.fingerprint.keyid)
+ log.debug("key._pgpy.is_protected=%s" % _pgpy.is_protected)
+ _pgpy.key_type = pgpy_key_type(_pgpy)
+ if _pgpy.is_protected:
+ if not password:
+ with pynentry.PynEntry() as p:
+ p.description = f"""The exported pgp key id "{_pgpy.fingerprint.keyid}" is password protected.
+ Please enter the passphrase again to unlock it.
+ """
+ p.prompt = 'Passphrase:'
+ try:
+ password = p.get_pin()
+ except pynentry.PinEntryCancelled:
+ log.warning('Cancelled! Goodbye.')
+ exit(1)
+ try:
+ with warnings.catch_warnings():
+ # remove CryptographyDeprecationWarning about deprecated
+ # SymmetricKeyAlgorithm IDEA, CAST5 and Blowfish (PGPy v0.5.4)
+ warnings.simplefilter('ignore')
+ with _pgpy.unlock(password):
+ assert _pgpy.is_unlocked
+ log.debug("key._pgpy.is_unlocked=%s" % _pgpy.is_unlocked)
+ key = ed25519.from_pgpy(_pgpy)
+ except Exception as e:
+ log.error(f"""Unable to unlock pgp secret key id "{pgpy.fingerprint.keyid}": {e}""")
+ exit(2)
+ else:
+ key = ed25519.from_pgpy(_pgpy)
+ key.pgpy = _pgpy
+ return key
+ except Exception as e:
+ log.error(f'Unable to get key from pgpy: {e}')
+ exit(2)
+
+def pgpy_key_type(_pgpy):
+ log.debug("key.pgpy_key_type(%s)" % _pgpy)
+ if isinstance(_pgpy._key.keymaterial, pgpy.packet.fields.RSAPriv):
+ key_type = 'RSA'
+ elif isinstance(_pgpy._key.keymaterial, pgpy.packet.fields.DSAPriv):
+ key_type = 'DSA'
+ elif isinstance(_pgpy._key.keymaterial, pgpy.packet.fields.ElGPriv):
+ key_type = 'ElGamal'
+ elif isinstance(_pgpy._key.keymaterial, pgpy.packet.fields.ECDSAPriv):
+ key_type = 'ECDSA'
+ elif isinstance(_pgpy._key.keymaterial, pgpy.packet.fields.EdDSAPriv):
+ key_type = 'EdDSA'
+ elif isinstance(_pgpy._key.keymaterial, pgpy.packet.fields.ECDHPriv):
+ key_type = 'ECDH'
+ else:
+ key_type = 'undefined'
+ log.debug("key.pgpy_key_type().key_type=%s" % key_type)
+ return key_type
+
+class gpg_passphrase():
+ def __init__(self, password):
+ log.debug("gpg_passphrase().__init__(%s)" % password)
+ self.password = password
+
+ def cb(self, uid_hint, passphrase_info, prev_was_bad):
+ log.debug("gpg_passphrase().cb(%s, %s, %s)" % (uid_hint, passphrase_info, prev_was_bad))
+ return self.password
+
+class key():
+ def __init__(self):
+ log.debug("key().__init__()")
+ self.algorithm = 'undefined'
+ self.cryptography = None
+
+ def __del__(self):
+ log.debug("key().__del__()")
+ self._cleanup()
+
+ def _cleanup(self):
+ log.debug("key()._cleanup()")
+ if hasattr(self, 'duniterpy'):
+ if hasattr(self.duniterpy, 'seed') and self.duniterpy.seed:
+ clearmem(self.duniterpy.seed)
+ log.debug("cleared: key().duniterpy.seed")
+ if hasattr(self.duniterpy, 'sk') and self.duniterpy.sk:
+ clearmem(self.duniterpy.sk)
+ log.debug("cleared: key().duniterpy.sk")
+ if hasattr(self, 'gpg'):
+ if hasattr(self.gpg, 'secret_armor') and self.gpg.secret_armor:
+ clearmem(self.gpg.secret_armor)
+ log.debug("cleared: key().gpg.secret_armor")
+ if hasattr(self, 'jwk'):
+ if hasattr(self, 'secret_jwk') and self.secret_jwk:
+ clearmem(self.secret_jwk)
+ log.debug("cleared: key().secret_jwk")
+ if hasattr(self.jwk, 'd') and self.jwk.d:
+ clearmem(self.jwk.d)
+ log.debug("cleared: key().jwk.d")
+ if hasattr(self, 'pgpy'):
+ if hasattr(self.pgpy._key.keymaterial, 'p') and self.pgpy._key.keymaterial.p and not isinstance(self.pgpy._key.keymaterial.p, pgpy.packet.fields.ECPoint):
+ clearmem(self.pgpy._key.keymaterial.p)
+ log.debug("cleared: key().pgpy._key.material.p")
+ if hasattr(self.pgpy._key.keymaterial, 'q') and self.pgpy._key.keymaterial.q:
+ clearmem(self.pgpy._key.keymaterial.q)
+ log.debug("cleared: key().pgpy._key.material.q")
+ if hasattr(self.pgpy._key.keymaterial, 's') and self.pgpy._key.keymaterial.s:
+ clearmem(self.pgpy._key.keymaterial.s)
+ log.debug("cleared: key().pgpy._key.material.s")
+ if hasattr(self, 'secret_b36mf') and self.secret_b36mf:
+ clearmem(self.secret_b36mf)
+ log.debug("cleared: key().secret_b36mf")
+ if hasattr(self, 'secret_b58mf') and self.secret_b58mf:
+ clearmem(self.secret_b58mf)
+ log.debug("cleared: key().secret_b58mf")
+ if hasattr(self, 'secret_b58mh') and self.secret_b58mh:
+ clearmem(self.secret_b58mh)
+ log.debug("cleared: key().secret_b58mh")
+ if hasattr(self, 'secret_b64mh') and self.secret_b64mh:
+ clearmem(self.secret_b64mh)
+ log.debug("cleared: key().secret_b64mh")
+ if hasattr(self, 'secret_base58') and self.secret_base58:
+ clearmem(self.secret_base58)
+ log.debug("cleared: key().secret_base58")
+ if hasattr(self, 'secret_base64') and self.secret_base64:
+ clearmem(self.secret_base64)
+ log.debug("cleared: key().secret_base64")
+ if hasattr(self, 'secret_cidv1') and self.secret_cidv1:
+ clearmem(self.secret_cidv1)
+ log.debug("cleared: key().secret_cidv1")
+ if hasattr(self, 'secret_libp2p') and self.secret_libp2p:
+ clearmem(self.secret_libp2p)
+ log.debug("cleared: key().secret_libp2p")
+ if hasattr(self, 'secret_pem_pkcs8') and self.secret_pem_pkcs8:
+ clearmem(self.secret_pem_pkcs8)
+ log.debug("cleared: key().secret_pem_pkcs8")
+ if hasattr(self, 'secret_proto2') and self.secret_proto2:
+ clearmem(self.secret_proto2)
+ log.debug("cleared: key().secret_proto2")
+
+ def to_b36mf(self):
+ log.debug("key().to_b36mf()")
+ if not hasattr(self, 'public_cidv1') or not hasattr(self, 'secret_cidv1'):
+ self.to_cidv1()
+ try:
+ self.public_b36mf = 'k' + base36.dumps(int.from_bytes(self.public_cidv1, byteorder='big'))
+ self.secret_b36mf = 'k' + base36.dumps(int.from_bytes(self.secret_cidv1, byteorder='big'))
+ except Exception as e:
+ log.error(f'Unable to get b36mf from cidv1: {e}')
+ exit(2)
+ log.debug("key().public_b36mf=%s" % self.public_b36mf)
+ log.debug("key().secret_b36mf=%s" % self.secret_b36mf)
+
+ def to_b58mf(self):
+ log.debug("key().to_b58mf()")
+ if not hasattr(self, 'public_cidv1') or not hasattr(self, 'secret_cidv1'):
+ self.to_cidv1()
+ try:
+ self.public_b58mf = 'z' + base58.b58encode(self.public_cidv1).decode('ascii')
+ self.secret_b58mf = 'z' + base58.b58encode(self.secret_cidv1).decode('ascii')
+ except Exception as e:
+ log.error(f'Unable to get b58mf from cidv1: {e}')
+ exit(2)
+ log.debug("key().public_b58mf=%s" % self.public_b58mf)
+ log.debug("key().secret_b58mf=%s" % self.secret_b58mf)
+
+ def to_b58mh(self):
+ log.debug("key().to_b58mh()")
+ if not hasattr(self, 'public_libp2p') or not hasattr(self, 'secret_libp2p'):
+ self.to_libp2p()
+ try:
+ self.public_b58mh = base58.b58encode(self.public_libp2p).decode('ascii')
+ self.secret_b58mh = base58.b58encode(self.secret_libp2p).decode('ascii')
+ except Exception as e:
+ log.error(f'Unable to get b58mh from libp2p: {e}')
+ exit(2)
+ log.debug("key().public_b58mh=%s" % self.public_b58mh)
+ log.debug("key().secret_b58mh=%s" % self.secret_b58mh)
+
+ def to_b64mh(self):
+ log.debug("key().to_b64mh()")
+ if not hasattr(self, 'public_libp2p') or not hasattr(self, 'secret_libp2p'):
+ self.to_libp2p()
+ try:
+ self.public_b64mh = base64.b64encode(self.public_libp2p).decode('ascii')
+ self.secret_b64mh = base64.b64encode(self.secret_libp2p).decode('ascii')
+ except Exception as e:
+ log.error(f'Unable to get b64mh from libp2p: {e}')
+ exit(2)
+ log.debug("key().public_b64mh=%s" % self.public_b64mh)
+ log.debug("key().secret_b64mh=%s" % self.secret_b64mh)
+
+ def to_base58(self):
+ log.debug("key().to_base58()")
+ try:
+ self.public_base58 = base58.b58encode(self.public_bytes).decode('ascii')
+ self.secret_base58 = base58.b58encode(self.secret_bytes).decode('ascii')
+ except Exception as e:
+ log.error(f'Unable to get base58: {e}')
+ exit(2)
+ log.debug("key().public_base58=%s" % self.public_base58)
+ log.debug("key().secret_base58=%s" % self.secret_base58)
+
+ def to_base64(self):
+ log.debug("key().to_base64()")
+ try:
+ self.public_base64 = base64.b64encode(self.public_bytes).decode('ascii')
+ self.secret_base64 = base64.b64encode(self.secret_bytes).decode('ascii')
+ except Exception as e:
+ log.error(f'Unable to get base64: {e}')
+ exit(2)
+ log.debug("key().public_base64=%s" % self.public_base64)
+ log.debug("key().secret_base64=%s" % self.secret_base64)
+
+ def to_cidv1(self):
+ log.debug("key().to_cidv1()")
+ if not hasattr(self, 'public_libp2p') or not hasattr(self, 'secret_libp2p'):
+ self.to_libp2p()
+ try:
+ # \x01: multicodec cid prefix = CIDv1
+ # \x72: multicodec content prefix = libp2p-key
+ self.public_cidv1 = b'\x01\x72' + self.public_libp2p
+ self.secret_cidv1 = b'\x01\x72' + self.secret_libp2p
+ except Exception as e:
+ log.error(f'Unable to get cidv1: {e}')
+ exit(2)
+ log.debug("key().public_cidv1=%s" % self.public_cidv1)
+ log.debug("key().secret_cidv1=%s" % self.secret_cidv1)
+
+ def to_duniterpy(self):
+ log.debug("key().to_duniterpy()")
+ raise NotImplementedError(f"key().to_duniterpy() is not implemented for algorithm {self.algorithm}")
+
+ def to_file(self, output_file, file_format=None, password=None):
+ log.debug("key().to_file(%s, %s, %s)" % (output_file, file_format, password))
+ try:
+ if file_format == 'dewif':
+ if not hasattr(self, 'duniterpy'):
+ self.to_duniterpy()
+ if not password:
+ with pynentry.PynEntry() as p:
+ p.description = f"""Data in DEWIF file needs to be encrypted.
+ Please enter a password to encrypt seed.
+ """
+ p.prompt = 'Passphrase:'
+ try:
+ password = p.get_pin()
+ except pynentry.PinEntryCancelled:
+ log.warning('Cancelled! Goodbye.')
+ exit(1)
+ self.duniterpy.save_dewif_v1_file(output_file, password)
+ elif file_format == 'ewif':
+ if not hasattr(self, 'duniterpy'):
+ self.to_duniterpy()
+ if not password:
+ with pynentry.PynEntry() as p:
+ p.description = f"""Data in EWIF file needs to be encrypted.
+ Please enter a password to encrypt seed.
+ """
+ p.prompt = 'Passphrase:'
+ try:
+ password = p.get_pin()
+ except pynentry.PinEntryCancelled:
+ log.warning('Cancelled! Goodbye.')
+ exit(1)
+ self.duniterpy.save_ewif_file(output_file, password)
+ elif file_format == 'jwk':
+ if not hasattr(self, 'jwk'):
+ self.to_jwk()
+ with open(output_file, "w") as file:
+ file.write(self.jwk.export())
+ elif file_format == 'nacl':
+ if not hasattr(self, 'duniterpy'):
+ self.to_duniterpy()
+ self.duniterpy.save_private_key(output_file)
+ elif file_format == 'p2p':
+ if not hasattr(self, 'secret_libp2p'):
+ self.to_libp2p()
+ with open(output_file, "wb") as file:
+ file.write(self.secret_libp2p)
+ elif file_format == 'pubsec':
+ if not hasattr(self, 'duniterpy'):
+ self.to_duniterpy()
+ self.duniterpy.save_pubsec_file(output_file)
+ elif file_format == 'seed':
+ if not hasattr(self, 'duniterpy'):
+ self.to_duniterpy()
+ self.duniterpy.save_seedhex_file(output_file)
+ elif file_format == 'wif':
+ if not hasattr(self, 'duniterpy'):
+ self.to_duniterpy()
+ self.duniterpy.save_wif_file(output_file)
+ else:
+ if not hasattr(self, 'secret_pem_pkcs8'):
+ self.to_pem_pkcs8()
+ with open(output_file, "w") as file:
+ file.write(self.secret_pem_pkcs8)
+ except Exception as e:
+ log.error(f'Unable to write key to output file {output_file}: {e}')
+ exit(2)
+
+ def to_jwk(self):
+ log.debug("key().to_jwk()")
+ try:
+ if not hasattr(self, 'jwk'):
+ self.jwk = JWK.from_pyca(self.cryptography)
+ self.public_jwk = self.jwk.export_public()
+ self.secret_jwk = self.jwk.export_private()
+ except Exception as e:
+ log.error(f'Unable to get jwk: {e}')
+ exit(2)
+
+ def to_libp2p(self):
+ log.debug("key().to_libp2p()")
+ try:
+ if not hasattr(self, 'public_proto2') or not hasattr(self, 'secret_proto2'):
+ self.to_proto2()
+ # \x00: multihash prefix = raw id
+ # \x24: multihash length = 36 bytes
+ self.public_libp2p = b'\x00$' + self.public_proto2
+ self.secret_libp2p = self.secret_proto2
+ except Exception as e:
+ log.error(f'Unable to get libp2p: {e}')
+ exit(2)
+ log.debug("key().public_libp2p=%s" % self.public_libp2p)
+ log.debug("key().secret_libp2p=%s" % self.secret_libp2p)
+
+ def to_pem_pkcs8(self):
+ log.debug("key().to_pem_pkcs8()")
+ try:
+ self.secret_pem_pkcs8 = self.cryptography.private_bytes(
+ encoding=serialization.Encoding.PEM,
+ format=serialization.PrivateFormat.PKCS8,
+ encryption_algorithm=serialization.NoEncryption()
+ ).decode('ascii')
+ except Exception as e:
+ log.error(f'Unable to get pem pkcs8: {e}')
+ exit(2)
+ log.debug("key().secret_pem_pkcs8=%s" % self.secret_pem_pkcs8)
+
+ def to_proto2(self):
+ log.debug("key().to_proto2()")
+ raise NotImplementedError(f"key().to_proto2() is not implemented for algorithm {self.algorithm}")
+
diff --git a/vendors/keygen/key/__pycache__/__init__.cpython-38.pyc b/vendors/keygen/key/__pycache__/__init__.cpython-38.pyc
new file mode 100644
index 0000000..14c4b89
Binary files /dev/null and b/vendors/keygen/key/__pycache__/__init__.cpython-38.pyc differ
diff --git a/vendors/keygen/key/__pycache__/__init__.cpython-39.pyc b/vendors/keygen/key/__pycache__/__init__.cpython-39.pyc
new file mode 100644
index 0000000..5c2bc24
Binary files /dev/null and b/vendors/keygen/key/__pycache__/__init__.cpython-39.pyc differ
diff --git a/vendors/keygen/key/__pycache__/ed25519.cpython-38.pyc b/vendors/keygen/key/__pycache__/ed25519.cpython-38.pyc
new file mode 100644
index 0000000..eddc8e3
Binary files /dev/null and b/vendors/keygen/key/__pycache__/ed25519.cpython-38.pyc differ
diff --git a/vendors/keygen/key/__pycache__/ed25519.cpython-39.pyc b/vendors/keygen/key/__pycache__/ed25519.cpython-39.pyc
new file mode 100644
index 0000000..2462ddb
Binary files /dev/null and b/vendors/keygen/key/__pycache__/ed25519.cpython-39.pyc differ
diff --git a/vendors/keygen/key/ed25519.py b/vendors/keygen/key/ed25519.py
new file mode 100644
index 0000000..01adb21
--- /dev/null
+++ b/vendors/keygen/key/ed25519.py
@@ -0,0 +1,136 @@
+#!/usr/bin/env python3
+# link: https://git.p2p.legal/aya/dpgpid/
+# desc: dpgpid builds a decentralized gpg world of trust with did over ipfs
+
+# Copyleft 2022 Yann Autissier
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see .
+
+from . import key
+from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey
+from cryptography.hazmat.primitives import serialization
+from SecureBytes import clearmem
+import duniterpy.key
+import logging as log
+
+def from_duniterpy(duniterpy):
+ log.debug("ed25519.from_duniterpy(%s)" % duniterpy)
+ try:
+ return ed25519(duniterpy.sk[:32])
+ except Exception as e:
+ log.error(f'Unable to get ed25519 from duniterpy: {e}')
+ exit(2)
+
+def from_jwk(jwk):
+ log.debug("ed25519.from_jwk(%s)" % jwk)
+ try:
+ return ed25519(jwk._okp_pri().private_bytes(
+ encoding=serialization.Encoding.Raw,
+ format=serialization.PrivateFormat.Raw,
+ encryption_algorithm=serialization.NoEncryption()
+ ))
+ except Exception as e:
+ log.error(f'Unable to get ed25519 from jwk: {e}')
+ exit(2)
+
+def from_libp2p(libp2p):
+ log.debug("ed25519.from_libp2p(%s) % libp2p")
+ try:
+ return ed25519(libp2p.lstrip(b'\x08\x01\x12@')[:32])
+ except Exception as e:
+ log.error(f'Unable to get ed25519 from libp2p: {e}')
+ exit(2)
+
+def from_pem(pem):
+ log.debug("ed25519.from_pem(%s)" % pem)
+ try:
+ return ed25519(serialization.load_pem_private_key(pem, password=None).private_bytes(
+ encoding=serialization.Encoding.Raw,
+ format=serialization.PrivateFormat.Raw,
+ encryption_algorithm=serialization.NoEncryption()
+ ))
+ except Exception as e:
+ log.error(f'Unable to get ed25519 from pem: {e}')
+ exit(2)
+
+def from_pgpy(_pgpy):
+ log.debug("ed25519.from_pgpy(%s)" % _pgpy)
+ try:
+ if _pgpy.key_type == 'RSA':
+ log.debug("ed25519._pgpy._key.keymaterial.p=%s" % _pgpy._key.keymaterial.p)
+ log.debug("ed25519._pgpy._key.keymaterial.q=%s" % _pgpy._key.keymaterial.q)
+ # rsa custom seed: sha256 hash of (p + q), where + is a string concatenation
+ # self.ed25519_seed_bytes = nacl.bindings.crypto_hash_sha256((rsa_int).to_bytes(rsa_len,byteorder='big'))
+ rsa_int = int(str(_pgpy._key.keymaterial.p) + str(_pgpy._key.keymaterial.q))
+ rsa_len = (rsa_int.bit_length() + 7) // 8
+ from cryptography.hazmat.primitives import hashes
+ digest = hashes.Hash(hashes.SHA256())
+ digest.update((rsa_int).to_bytes(rsa_len,byteorder='big'))
+ seed = digest.finalize()
+ # seed_bytes = nacl.bindings.crypto_hash_sha256((rsa_int).to_bytes(rsa_len,byteorder='big'))
+ elif _pgpy.key_type in ('ECDSA', 'EdDSA', 'ECDH'):
+ log.debug("ed25519._pgpy._key.keymaterial.s=%s" % _pgpy._key.keymaterial.s)
+ seed = _pgpy._key.keymaterial.s.to_bytes(32, byteorder='big')
+ else:
+ raise NotImplementedError(f"getting seed from pgpy key type {_pgpy.key_type} is not implemented.")
+ return ed25519(seed)
+ except Exception as e:
+ log.error(f'Unable to get ed25519 from pgpy: {e}')
+ exit(2)
+
+class ed25519(key):
+ def __init__(self, seed: bytes):
+ log.debug("ed25519().__init__(%s)" % seed)
+ super().__init__()
+ self.algorithm = 'ed25519'
+ self.cryptography = Ed25519PrivateKey.from_private_bytes(seed)
+ self.public_bytes = self.cryptography.public_key().public_bytes(
+ encoding=serialization.Encoding.Raw,
+ format=serialization.PublicFormat.Raw,
+ )
+ self.secret_bytes = seed + self.public_bytes
+ self.seed_bytes = seed
+
+ def _cleanup(self):
+ log.debug("ed25519()._cleanup()")
+ if hasattr(self, 'secret_bytes') and self.secret_bytes:
+ clearmem(self.secret_bytes)
+ log.debug("cleared: ed25519().secret_bytes")
+ if hasattr(self, 'seed_bytes') and self.seed_bytes:
+ clearmem(self.seed_bytes)
+ log.debug("cleared: ed25519().seed_bytes")
+ super()._cleanup()
+
+ def to_duniterpy(self):
+ log.debug("ed25519().to_duniterpy()")
+ try:
+ if not hasattr(self, 'duniterpy'):
+ self.duniterpy = duniterpy.key.SigningKey(self.seed_bytes)
+ except Exception as e:
+ log.error(f'Unable to get duniterpy: {e}')
+ exit(2)
+ log.debug("ed25519().duniterpy.seed: %s" % self.duniterpy.seed)
+
+ def to_proto2(self):
+ log.debug("ed25519().to_proto2()")
+ try:
+ ## libp2p Protocol Buffer serialization
+ self.public_proto2 = b'\x08\x01\x12 ' + self.public_bytes
+ self.secret_proto2 = b'\x08\x01\x12@' + self.secret_bytes
+ except Exception as e:
+ log.error(f'Unable to get proto2: {e}')
+ exit(2)
+ log.debug("ed25519().public_proto2=%s" % self.public_proto2)
+ log.debug("ed25519().secret_proto2=%s" % self.secret_proto2)
+
diff --git a/vendors/keygen/keygen b/vendors/keygen/keygen
index d33e573..a4fea2c 100755
--- a/vendors/keygen/keygen
+++ b/vendors/keygen/keygen
@@ -1,14 +1,8 @@
#!/usr/bin/env python3
# link: https://git.p2p.legal/aya/dpgpid/
-# desc: generate ed25519 keys for duniter and ipfs from gpg
+# desc: dpgpid builds a decentralized gpg world of trust with did over ipfs
# Copyleft 2022 Yann Autissier
-# all crypto science belongs to Pascal Engélibert
-# coming from files available at https://git.p2p.legal/qo-op/Astroport.ONE/tools
-# gpgme stuff has been provided by Ben McGinnes
-# and comes from http://files.au.adversary.org/crypto/gpgme-python-howto.html
-# gpg key extraction is taken from work of Simon Vareille available at
-# https://gist.github.com/SimonVareille/fda49baf5f3e15b5c88e25560aeb2822
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
@@ -24,28 +18,13 @@
# along with this program. If not, see .
import argparse
-import base58
-import base64
import configparser
-from cryptography.hazmat.primitives.asymmetric import ed25519
-from cryptography.hazmat.primitives import serialization
-import duniterpy.key
-import gpg
-from jwcrypto import jwk
import logging as log
-import nacl.bindings
-import nacl.encoding
-import pgpy
-import pynentry
-from SecureBytes import clearmem
import os
-import re
-import struct
import sys
-import time
-import warnings
-__version__='0.0.5'
+from about import __version__
+import key
class keygen:
def __init__(self):
@@ -62,7 +41,7 @@ class keygen:
self.parser.add_argument(
"-f",
"--format",
- choices=['ewif', 'jwk', 'nacl','pb2','pem','pubsec','seed','wif'],
+ choices=['ewif', 'jwk', 'nacl','p2p','pem','pubsec','seed','wif'],
default=None,
dest="format",
help="output file format, default: pem (pkcs8)",
@@ -77,7 +56,7 @@ class keygen:
"-i",
"--input",
dest="input",
- help="read ed25519 key from file FILE, autodetect format: {credentials,ewif,jwk,nacl,mnemonic,pb2,pubsec,seed,wif}",
+ help="read ed25519 key from file FILE, autodetect format: {credentials,ewif,jwk,nacl,mnemonic,p2p,pem,pubsec,seed,wif}",
metavar='FILE',
)
self.parser.add_argument(
@@ -102,9 +81,9 @@ class keygen:
)
self.parser.add_argument(
"-p",
- "--prefix",
- action="store_true",
- help="prefix output text with key type",
+ "--password",
+ dest="password",
+ help="user password for duniter, gpg key and file encryption",
)
self.parser.add_argument(
"-q",
@@ -121,7 +100,7 @@ class keygen:
self.parser.add_argument(
"-t",
"--type",
- choices=['b58mh','b64mh','base58','base64','duniter','ipfs','jwk'],
+ choices=['b36mf', 'b58mf', 'b58mh','b64mh','base58','base64','duniter','ipfs','jwk'],
default="base58",
dest="type",
help="output text format, default: base58",
@@ -139,171 +118,16 @@ class keygen:
)
self.parser.add_argument(
'username',
- nargs="?",
- )
- self.parser.add_argument(
- 'password',
- nargs="?",
+ help="username, mnemonic or gpg key",
+ nargs="*",
)
def _check_args(self, args):
- log.debug("keygen._check_args(%s)" % args)
- if self.input is None and self.username is None:
+ log.debug("keygen()._check_args(%s)" % args)
+ if self.input is None and not len(self.username):
self.parser.error('keygen requires an input file or a username')
- def _cleanup(self):
- log.debug("keygen._cleanup()")
- if hasattr(self, 'duniterpy'):
- if hasattr(self.duniterpy, 'seed') and self.duniterpy.seed:
- clearmem(self.duniterpy.seed)
- log.debug("cleared: keygen.duniterpy.seed")
- if hasattr(self.duniterpy, 'sk') and self.duniterpy.sk:
- clearmem(self.duniterpy.sk)
- log.debug("cleared: keygen.duniterpy.sk")
- if hasattr(self, 'ed25519_secret_base58') and self.ed25519_secret_base58:
- clearmem(self.ed25519_secret_base58)
- log.debug("cleared: keygen.ed25519_secret_base58")
- if hasattr(self, 'ed25519_secret_base64') and self.ed25519_secret_base64:
- clearmem(self.ed25519_secret_base64)
- log.debug("cleared: keygen.ed25519_secret_base64")
- if hasattr(self, 'ed25519_secret_bytes') and self.ed25519_secret_bytes:
- clearmem(self.ed25519_secret_bytes)
- log.debug("cleared: keygen.ed25519_secret_bytes")
- if hasattr(self, 'ed25519_secret_pem_pkcs8') and self.ed25519_secret_pem_pkcs8:
- clearmem(self.ed25519_secret_pem_pkcs8)
- log.debug("cleared: keygen.ed25515_secret_pem_pkcs8")
- if hasattr(self, 'ed25519_secret_protobuf') and self.ed25519_secret_protobuf:
- clearmem(self.ed25519_secret_protobuf)
- log.debug("cleared: keygen.ed25515_secret_protobuf")
- if hasattr(self, 'ed25519_seed_bytes') and self.ed25519_seed_bytes:
- clearmem(self.ed25519_seed_bytes)
- log.debug("cleared: keygen.ed25519_seed_bytes")
- if hasattr(self, 'ipfs_privkey') and self.ipfs_privkey:
- clearmem(self.ipfs_privkey)
- log.debug("cleared: keygen.ipfs_privkey")
- if hasattr(self, 'jwk'):
- if hasattr(self.jwk, 'd') and self.jwk.d:
- clearmem(self.jwk.d)
- log.debug("cleared: keygen.jwk.d")
- if hasattr(self, 'password') and self.password:
- clearmem(self.password)
- log.debug("cleared: keygen.password")
- if hasattr(self, 'pgp_secret_armor') and self.pgp_secret_armor:
- clearmem(self.pgp_secret_armor)
- log.debug("cleared: keygen.pgp_secret_armor")
- if hasattr(self, 'pgpy'):
- if hasattr(self.pgpy._key.keymaterial, 'p') and self.pgpy._key.keymaterial.p and not isinstance(self.pgpy._key.keymaterial.p, pgpy.packet.fields.ECPoint):
- clearmem(self.pgpy._key.keymaterial.p)
- log.debug("cleared: keygen.pgpy._key.material.p")
- if hasattr(self.pgpy._key.keymaterial, 'q') and self.pgpy._key.keymaterial.q:
- clearmem(self.pgpy._key.keymaterial.q)
- log.debug("cleared: keygen.pgpy._key.material.q")
- if hasattr(self.pgpy._key.keymaterial, 's') and self.pgpy._key.keymaterial.s:
- clearmem(self.pgpy._key.keymaterial.s)
- log.debug("cleared: keygen.pgpy._key.material.s")
- if hasattr(self, 'username') and self.username:
- clearmem(self.username)
- log.debug("cleared: keygen.username")
-
- def _invalid_type(self):
- log.debug("keygen._invalid_type()")
- self.parser.error(f"type {self.type} is not valid.")
-
- def _load_config(self):
- log.debug("keygen._load_config()")
- self.config = configparser.RawConfigParser()
- config_dir = os.path.join(os.environ.get('XDG_CONFIG_HOME', os.path.expanduser('~/.config')), 'dpgpid')
- log.debug("config_dir=%s" % config_dir)
- self.config.read( [config_dir + '/keygen.conf'] )
-
- def _output(self, public_key, secret_key, public_key_prefix, secret_key_prefix):
- log.debug("keygen._output()")
- if self.output is None:
- self._output_text(public_key, secret_key, public_key_prefix, secret_key_prefix)
- else:
- self._output_file()
- os.chmod(self.output, 0o600)
- self._cleanup()
-
- def _output_file(self):
- log.debug("keygen._output_file()")
- try:
- if self.format == 'dewif':
- if not hasattr(self, 'duniterpy'):
- self.duniterpy_from_ed25519_seed_bytes()
- if not self.password:
- with pynentry.PynEntry() as p:
- p.description = f"""Data in DEWIF file needs to be encrypted.
- Please enter a password to encrypt seed.
- """
- p.prompt = 'Passphrase:'
- try:
- self.password = p.get_pin()
- except pynentry.PinEntryCancelled:
- log.warning('Cancelled! Goodbye.')
- self._cleanup()
- exit(1)
- self.duniterpy.save_dewif_v1_file(self.output, self.password)
- elif self.format == 'ewif':
- if not hasattr(self, 'duniterpy'):
- self.duniterpy_from_ed25519_seed_bytes()
- if not self.password:
- with pynentry.PynEntry() as p:
- p.description = f"""Data in EWIF file needs to be encrypted.
- Please enter a password to encrypt seed.
- """
- p.prompt = 'Passphrase:'
- try:
- self.password = p.get_pin()
- except pynentry.PinEntryCancelled:
- log.warning('Cancelled! Goodbye.')
- self._cleanup()
- exit(1)
- self.duniterpy.save_ewif_file(self.output, self.password)
- elif self.format == 'jwk':
- if not hasattr(self, 'jwk'):
- self.jwk_from_ed25519()
- with open(self.output, "w") as file:
- file.write(self.jwk.export())
- elif self.format == 'nacl':
- if not hasattr(self, 'duniterpy'):
- self.duniterpy_from_ed25519_seed_bytes()
- self.duniterpy.save_private_key(self.output)
- elif self.format == 'pb2':
- if not hasattr(self, 'ed25519_secret_protobuf'):
- self.protobuf_from_ed25519()
- with open(self.output, "wb") as file:
- file.write(self.ed25519_secret_protobuf)
- elif self.format == 'pubsec':
- if not hasattr(self, 'duniterpy'):
- self.duniterpy_from_ed25519_seed_bytes()
- self.duniterpy.save_pubsec_file(self.output)
- elif self.format == 'seed':
- if not hasattr(self, 'duniterpy'):
- self.duniterpy_from_ed25519_seed_bytes()
- self.duniterpy.save_seedhex_file(self.output)
- elif self.format == 'wif':
- if not hasattr(self, 'duniterpy'):
- self.duniterpy_from_ed25519_seed_bytes()
- self.duniterpy.save_wif_file(self.output)
- else:
- if not hasattr(self, 'ed25519_secret_pem_pkcs8'):
- self.pem_pkcs8_from_ed25519()
- with open(self.output, "w") as file:
- file.write(self.ed25519_secret_pem_pkcs8)
- except Exception as e:
- log.error(f'Unable to output file {self.output}: {e}')
- self._cleanup()
- exit(2)
-
- def _output_text(self, public_key, secret_key, public_key_prefix, secret_key_prefix):
- log.debug("keygen._output_text()")
- if self.keys or not self.secret:
- print("%s" % ''.join([self.prefix * public_key_prefix, public_key]))
- if self.keys or self.secret:
- print("%s" % ''.join([self.prefix * secret_key_prefix, secret_key]))
-
- def _run(self, argv):
+ def _cli(self, argv):
args = self.parser.parse_args(argv)
vars(self).update(vars(args))
@@ -324,573 +148,118 @@ class keygen:
else:
log_level='WARNING'
log.basicConfig(format=log_format, datefmt=log_datefmt, level=log_level)
- log.debug("keygen.run(%s)" % argv)
+ log.debug("keygen()._cli(%s)" % argv)
self._check_args(args)
self._load_config()
- self.gpg = gpg.Context(armor=True, offline=True)
- self.gpg.set_passphrase_cb(self.gpg_passphrase_cb)
- self.ed25519(args)
+ self.key = key.from_args(args, self.config)
method = getattr(self, f'do_{self.type}', self._invalid_type)
return method()
- def b58mh_from_protobuf(self):
- log.debug("keygen.b58mh_from_protobuf()")
- try:
- self.ed25519_public_b58mh = base58.b58encode(self.ed25519_public_protobuf).decode('ascii')
- self.ed25519_secret_b58mh = base58.b58encode(self.ed25519_secret_protobuf).decode('ascii')
- except Exception as e:
- log.error(f'Unable to get b58mh from protobuf: {e}')
- self._cleanup()
- exit(2)
- log.debug("keygen.ed25519_public_b58mh=%s" % self.ed25519_public_b58mh)
- log.debug("keygen.ed25519_secret_b58mh=%s" % self.ed25519_secret_b58mh)
+ def _invalid_type(self):
+ log.debug("keygen()._invalid_type()")
+ self.parser.error(f"type {self.type} is not valid.")
- def b64mh_from_protobuf(self):
- log.debug("keygen.b64mh_from_protobuf()")
- try:
- self.ed25519_public_b64mh = base64.b64encode(self.ed25519_public_protobuf).decode('ascii')
- self.ed25519_secret_b64mh = base64.b64encode(self.ed25519_secret_protobuf).decode('ascii')
- except Exception as e:
- log.error(f'Unable to get b64mh from protobuf: {e}')
- self._cleanup()
- exit(2)
- log.debug("keygen.ed25519_public_b64mh=%s" % self.ed25519_public_b64mh)
- log.debug("keygen.ed25519_secret_b64mh=%s" % self.ed25519_secret_b64mh)
+ def _load_config(self):
+ log.debug("keygen()._load_config()")
+ self.config = configparser.RawConfigParser()
+ config_dir = os.path.join(os.environ.get('XDG_CONFIG_HOME', os.path.expanduser('~/.config')), 'dpgpid')
+ log.debug("config_dir=%s" % config_dir)
+ self.config.read( [config_dir + '/keygen.conf'] )
- def base58_from_ed25519(self):
- log.debug("keygen.base58_from_ed25519()")
- try:
- self.ed25519_public_base58 = base58.b58encode(self.ed25519_public_bytes).decode('ascii')
- self.ed25519_secret_base58 = base58.b58encode(self.ed25519_secret_bytes).decode('ascii')
- except Exception as e:
- log.error(f'Unable to get base58 from ed25519: {e}')
- self._cleanup()
- exit(2)
- log.debug("keygen.ed25519_public_base58=%s" % self.ed25519_public_base58)
- log.debug("keygen.ed25519_secret_base58=%s" % self.ed25519_secret_base58)
+ def _output(self):
+ log.debug("keygen()._output()")
+ if self.output is None:
+ self._output_text()
+ else:
+ self._output_file()
+ os.chmod(self.output, 0o600)
- def base64_from_ed25519(self):
- log.debug("keygen.base64_from_ed25519()")
- try:
- self.ed25519_public_base64 = base64.b64encode(self.ed25519_public_bytes).decode('ascii')
- self.ed25519_secret_base64 = base64.b64encode(self.ed25519_secret_bytes).decode('ascii')
- except Exception as e:
- log.error(f'Unable to get base64 from ed25519: {e}')
- self._cleanup()
- exit(2)
- log.debug("keygen.ed25519_public_base64=%s" % self.ed25519_public_base64)
- log.debug("keygen.ed25519_secret_base64=%s" % self.ed25519_secret_base64)
+ def _output_file(self):
+ log.debug("keygen()._output_file()")
+ self.key.to_file(self.output, self.format, self.password)
+
+ def _output_text(self):
+ log.debug("keygen()._output_text()")
+ if self.keys or not self.secret:
+ print("%s" % self.public_key)
+ if self.keys or self.secret:
+ print("%s" % self.secret_key)
+
+ def do_b36mf(self):
+ log.debug("keygen().do_b36mf()")
+ self.key.to_b36mf()
+ self.public_key = self.key.public_b36mf
+ self.secret_key = self.key.secret_b36mf
+ self._output()
+
+ def do_b58mf(self):
+ log.debug("keygen().do_b58mf()")
+ self.key.to_b58mf()
+ self.public_key = self.key.public_b58mf
+ self.secret_key = self.key.secret_b58mf
+ self._output()
def do_b58mh(self):
- log.debug("keygen.do_b58mh()")
- self.protobuf_from_ed25519()
- self.b58mh_from_protobuf()
- self._output(self.ed25519_public_b58mh, self.ed25519_secret_b58mh, 'pub: ', 'sec: ')
+ log.debug("keygen().do_b58mh()")
+ self.key.to_b58mh()
+ self.public_key = self.key.public_b58mh
+ self.secret_key = self.key.secret_b58mh
+ self._output()
def do_b64mh(self):
- log.debug("keygen.do_b64mh()")
- self.protobuf_from_ed25519()
- self.b64mh_from_protobuf()
- self._output(self.ed25519_public_b64mh, self.ed25519_secret_b64mh, 'pub: ', 'sec: ')
+ log.debug("keygen().do_b64mh()")
+ self.key.to_b64mh()
+ self.public_key = self.key.public_b64mh
+ self.secret_key = self.key.secret_b64mh
+ self._output()
def do_base58(self):
- log.debug("keygen.do_base58()")
- self.base58_from_ed25519()
- self._output(self.ed25519_public_base58, self.ed25519_secret_base58, 'pub: ', 'sec: ')
+ log.debug("keygen().do_base58()")
+ self.key.to_base58()
+ self.public_key = self.key.public_base58
+ self.secret_key = self.key.secret_base58
+ self._output()
def do_base64(self):
- log.debug("keygen.do_base64()")
- self.base64_from_ed25519()
- self._output(self.ed25519_public_base64, self.ed25519_secret_base64, 'pub: ', 'sec: ')
+ log.debug("keygen().do_base64()")
+ self.key.to_base64()
+ self.public_key = self.key.public_base64
+ self.secret_key = self.key.secret_base64
+ self._output()
def do_duniter(self):
- log.debug("keygen.do_duniter()")
+ log.debug("keygen().do_duniter()")
if not self.format:
self.format = 'pubsec'
- self.base58_from_ed25519()
- self._output(self.ed25519_public_base58, self.ed25519_secret_base58, 'pub: ', 'sec: ')
+ self.key.to_base58()
+ self.public_key = self.key.public_base58
+ self.secret_key = self.key.secret_base58
+ self._output()
def do_ipfs(self):
- log.debug("keygen.do_ipfs()")
- self.protobuf_from_ed25519()
- self.b58mh_from_protobuf()
- self.b64mh_from_protobuf()
- self._output(self.ed25519_public_b58mh, self.ed25519_secret_b64mh, 'PeerID: ', 'PrivKEY: ')
+ log.debug("keygen().do_ipfs()")
+ self.key.to_b58mh()
+ self.key.to_b64mh()
+ self.public_key = self.key.public_b58mh
+ self.secret_key = self.key.secret_b64mh
+ self._output()
def do_jwk(self):
- log.debug("keygen.do_jwk()")
- self.jwk_from_ed25519()
- self._output(self.jwk.export_public(), self.jwk.export_private(), 'pub: ', 'sec: ')
-
- def duniterpy_from_credentials(self):
- log.debug("keygen.duniterpy_from_credentials()")
- try:
- scrypt_params = duniterpy.key.scrypt_params.ScryptParams(
- int(self.config.get('scrypt', 'n')) if self.config.has_option('scrypt', 'n') else 4096,
- int(self.config.get('scrypt', 'r')) if self.config.has_option('scrypt', 'r') else 16,
- int(self.config.get('scrypt', 'p')) if self.config.has_option('scrypt', 'p') else 1,
- int(self.config.get('scrypt', 'sl')) if self.config.has_option('scrypt', 'sl') else 32,
- )
- if not self.password:
- with pynentry.PynEntry() as p:
- p.description = f"""Please enter the passord for username "{self.username}"."""
- p.prompt = 'Passsord:'
- try:
- self.password = p.get_pin()
- except pynentry.PinEntryCancelled:
- log.warning('Cancelled! Goodbye.')
- self._cleanup()
- exit(1)
- self.duniterpy = duniterpy.key.SigningKey.from_credentials(
- self.username,
- self.password,
- scrypt_params
- )
- except Exception as e:
- log.error(f'Unable to get duniter from credentials: {e}')
- self._cleanup()
- exit(2)
- log.debug("keygen.duniterpy.seed: %s" % self.duniterpy.seed)
-
- def duniterpy_from_ed25519_seed_bytes(self):
- log.debug("keygen.duniterpy_from_ed25519_seed_bytes()")
- try:
- self.duniterpy = duniterpy.key.SigningKey(self.ed25519_seed_bytes)
- except Exception as e:
- log.error(f'Unable to get duniterpy from ed25519 seed bytes: {e}')
- self._cleanup()
- exit(2)
- log.debug("keygen.duniterpy.seed: %s" % self.duniterpy.seed)
-
- def duniterpy_from_file(self):
- log.debug("keygen.duniterpy_from_file()")
- try:
- with open(self.input, 'r') as file:
- lines = file.readlines()
- if len(lines) > 0:
- line = lines[0].strip()
- regex_ewif = re.compile('^Type: EWIF$')
- regex_jwk = re.compile('^\\s*{\\s*"crv":\\s*"Ed25519",\\s*"d":\\s*"(.)+",\\s*"kty":\\s*"OKP",\\s*"x":\\s*"(.)+"\\s*}')
- regex_nacl = re.compile('^\\s*{\\s*"priv":\\s*"[0-9a-fA-F]+",\\s*"verify":\\s*"[0-9a-fA-F]+",\\s*"sign":\\s*"[0-9a-fA-F]+"\\s*}')
- regex_pem = re.compile('^-----BEGIN PRIVATE KEY-----$')
- regex_pubsec = re.compile('^Type: PubSec$')
- regex_seed = re.compile('^[0-9a-fA-F]{64}$')
- regex_ssb = re.compile('\\s*{\\s*"curve":\\s*"ed25519",\\s*"public":\\s*"(.+)\\.ed25519",\\s*"private":\\s*"(.+)\\.ed25519",\\s*"id":\\s*"@(.+).ed25519"\\s*}')
- regex_wif = re.compile('^Type: WIF$')
- if re.search(regex_ewif, line):
- log.info("input file format detected: ewif")
- if not self.password:
- with pynentry.PynEntry() as p:
- p.description = f"""Data in EWIF file is encrypted.
- Please enter a password to decrypt seed.
- """
- p.prompt = 'Passphrase:'
- try:
- self.password = p.get_pin()
- except pynentry.PinEntryCancelled:
- log.warning('Cancelled! Goodbye.')
- self._cleanup()
- exit(1)
- self.duniterpy = duniterpy.key.SigningKey.from_ewif_file(self.input, self.password)
- elif re.search(regex_jwk, line):
- log.info("input file format detected: jwk")
- self.jwk_from_json(line)
- self.ed25519_seed_bytes_from_jwk()
- self.duniterpy_from_ed25519_seed_bytes()
- elif re.search(regex_nacl, line):
- log.info("input file format detected: nacl")
- self.duniterpy = duniterpy.key.SigningKey.from_private_key(self.input)
- elif re.search(regex_pem, line):
- log.info("input file format detected: pem")
- self.ed25519_seed_bytes_from_pem(''.join(lines).encode())
- self.duniterpy_from_ed25519_seed_bytes()
- elif re.search(regex_pubsec, line):
- log.info("input file format detected: pubsec")
- self.duniterpy = duniterpy.key.SigningKey.from_pubsec_file(self.input)
- elif re.search(regex_seed, line):
- log.info("input file format detected: seed")
- self.duniterpy = duniterpy.key.SigningKey.from_seedhex_file(self.input)
- elif re.search(regex_ssb, line):
- log.info("input file format detected: ssb")
- self.duniterpy = duniterpy.key.SigningKey.from_ssb_file(self.input)
- elif re.search(regex_wif, line):
- log.info("input file format detected: wif")
- self.duniterpy = duniterpy.key.SigningKey.from_wif_file(self.input)
- elif len(line.split(' ')) == 12:
- log.info("input file format detected: mnemonic")
- self.username = line
- self.duniterpy_from_mnemonic()
- elif len(lines) > 1:
- log.info("input file format detected: credentials")
- self.username = line
- self.password = lines[1].strip()
- self.duniterpy_from_credentials()
- else:
- raise NotImplementedError('unknown input file format.')
- else:
- raise NotImplementedError('empty file.')
- except UnicodeDecodeError as e:
- try:
- with open(self.input, 'rb') as file:
- lines = file.readlines()
- if len(lines) > 0:
- line = lines[0].strip()
- regex_dewif = re.compile(b'^\x00\x00\x00\x01\x00\x00\x00\x01')
- regex_pb2 = re.compile(b'^\x08\x01\x12@')
- if re.search(regex_dewif, line):
- log.info("input file format detected: dewif")
- if not self.password:
- with pynentry.PynEntry() as p:
- p.description = f"""Data in DEWIF file is encrypted.
- Please enter a password to decrypt seed.
- """
- p.prompt = 'Passphrase:'
- try:
- self.password = p.get_pin()
- except pynentry.PinEntryCancelled:
- log.warning('Cancelled! Goodbye.')
- self._cleanup()
- exit(1)
- self.duniterpy = duniterpy.key.SigningKey.from_dewif_file(self.input, self.password)
- if re.search(regex_pb2, line):
- log.info("input file format detected: pb2")
- self.ed25519_secret_protobuf = line
- self.ed25519_seed_bytes_from_protobuf()
- self.duniterpy_from_ed25519_seed_bytes()
- else:
- raise NotImplementedError('unknown input file format.')
- else:
- raise NotImplementedError('empty file.')
- except Exception as e:
- log.error(f'Unable to get duniterpy from file {self.input}: {e}')
- self._cleanup()
- exit(2)
- except Exception as e:
- log.error(f'Unable to get duniterpy from file {self.input}: {e}')
- self._cleanup()
- exit(2)
- log.debug("keygen.duniterpy.seed: %s" % self.duniterpy.seed)
-
- def duniterpy_from_mnemonic(self):
- log.debug("keygen.duniterpy_from_mnemonic()")
- try:
- scrypt_params = duniterpy.key.scrypt_params.ScryptParams(
- int(self.config.get('scrypt', 'n')) if self.config.has_option('scrypt', 'n') else 4096,
- int(self.config.get('scrypt', 'r')) if self.config.has_option('scrypt', 'r') else 16,
- int(self.config.get('scrypt', 'p')) if self.config.has_option('scrypt', 'p') else 1,
- int(self.config.get('scrypt', 'sl')) if self.config.has_option('scrypt', 'sl') else 32,
- )
- self.duniterpy = duniterpy.key.SigningKey.from_dubp_mnemonic(
- self.username,
- scrypt_params
- )
- except Exception as e:
- log.error(f'Unable to get duniterpy from mnemonic: {e}')
- self._cleanup()
- exit(2)
- log.debug("keygen.duniterpy.seed: %s" % self.duniterpy.seed)
-
- def ed25519(self, args):
- log.debug("keygen.ed25519(%s)" % args)
- if args.gpg:
- self.ed25519_from_gpg()
- else:
- if self.input:
- self.duniterpy_from_file()
- else:
- if self.mnemonic:
- self.duniterpy_from_mnemonic()
- else:
- self.duniterpy_from_credentials()
- self.ed25519_from_duniterpy()
-
- def ed25519_from_duniterpy(self):
- log.debug("keygen.ed25519_from_duniterpy()")
- try:
- self.ed25519_seed_bytes_from_duniterpy()
- self.ed25519_from_seed_bytes()
- except:
- log.error(f'Unable to get ed25519 from duniterpy: {e}')
- self._cleanup()
- exit(2)
-
- def ed25519_from_gpg(self):
- log.debug("keygen.ed25519_from_gpg()")
- try:
- self.pgpy_from_gpg()
- self.ed25519_from_pgpy()
- except Exception as e:
- log.error(f'Unable to get ed25519 from pgp: {e}')
- self._cleanup()
- exit(2)
-
- def ed25519_from_pgpy(self):
- log.debug("keygen.ed25519_from_pgpy()")
- try:
- log.debug("keygen.pgpy.fingerprint.keyid=%s" % self.pgpy.fingerprint.keyid)
- log.debug("keygen.pgpy.is_protected=%s" % self.pgpy.is_protected)
- if self.pgpy.is_protected:
- if not self.password:
- with pynentry.PynEntry() as p:
- p.description = f"""The exported pgp key id "{self.pgpy.fingerprint.keyid}" of user "{self.username}" is password protected.
- Please enter the passphrase again to unlock it.
- """
- p.prompt = 'Passphrase:'
- try:
- self.password = p.get_pin()
- except pynentry.PinEntryCancelled:
- log.warning('Cancelled! Goodbye.')
- self._cleanup()
- exit(1)
- try:
- with warnings.catch_warnings():
- # remove CryptographyDeprecationWarning about deprecated
- # SymmetricKeyAlgorithm IDEA, CAST5 and Blowfish (PGPy v0.5.4)
- warnings.simplefilter('ignore')
- with self.pgpy.unlock(self.password):
- assert self.pgpy.is_unlocked
- log.debug("keygen.pgpy.is_unlocked=%s" % self.pgpy.is_unlocked)
- self.ed25519_seed_bytes_from_pgpy()
- except Exception as e:
- log.error(f"""Unable to unlock pgp secret key id "{self.pgpy.fingerprint.keyid}" of user "{self.username}": {e}""")
- self._cleanup()
- exit(2)
- else:
- self.ed25519_seed_bytes_from_pgpy()
- self.ed25519_from_seed_bytes()
- except Exception as e:
- log.error(f'Unable to get ed25519 seed bytes from pgpy: {e}')
- self._cleanup()
- exit(2)
-
- def ed25519_from_seed_bytes(self):
- log.debug("keygen.ed25519_from_seed_bytes()")
- try:
- self.ed25519_public_bytes, self.ed25519_secret_bytes = nacl.bindings.crypto_sign_seed_keypair(self.ed25519_seed_bytes)
- self.ed25519 = ed25519.Ed25519PrivateKey.from_private_bytes(self.ed25519_seed_bytes)
- except Exception as e:
- log.error(f'Unable to get ed25519 from seed bytes: {e}')
- self._cleanup()
- exit(2)
- log.debug("keygen.ed25519_public_bytes=%s" % self.ed25519_public_bytes)
- log.debug("keygen.ed25519_secret_bytes=%s" % self.ed25519_secret_bytes)
-
- def ed25519_seed_bytes_from_duniterpy(self):
- log.debug("keygen.ed25519_seed_bytes_from_duniterpy()")
- try:
- self.ed25519_seed_bytes = self.duniterpy.sk[:32]
- except Exception as e:
- log.error(f'Unable to get ed25519 seed bytes from duniterpy: {e}')
- self._cleanup()
- exit(2)
- log.debug("keygen.ed25519_seed_bytes=%s" % self.ed25519_seed_bytes)
-
- def ed25519_seed_bytes_from_jwk(self):
- log.debug("keygen.ed25519_seed_bytes_from_jwk()")
- try:
- self.ed25519_seed_bytes = self.jwk._okp_pri().private_bytes(encoding=serialization.Encoding.Raw, format=serialization.PrivateFormat.Raw, encryption_algorithm=serialization.NoEncryption())
- except Exception as e:
- log.error(f'Unable to get ed25519 seed bytes from jwk: {e}')
- self._cleanup()
- exit(2)
-
- def ed25519_seed_bytes_from_pem(self, pem):
- log.debug("keygen.ed25519_seed_bytes_from_pem()")
- try:
- self.ed25519_seed_bytes = serialization.load_pem_private_key(pem, password=None).private_bytes(encoding=serialization.Encoding.Raw, format=serialization.PrivateFormat.Raw, encryption_algorithm=serialization.NoEncryption())
- except Exception as e:
- log.error(f'Unable to get ed25519 seed bytes from pem: {e}')
- self._cleanup()
- exit(2)
-
- def ed25519_seed_bytes_from_pgpy(self):
- log.debug("keygen.ed25519_seed_bytes_from_pgpy()")
- try:
- self.pgpy_key_type()
- if self.pgpy_key_type == 'RSA':
- log.debug("keygen.pgpy._key.keymaterial.p=%s" % self.pgpy._key.keymaterial.p)
- log.debug("keygen.pgpy._key.keymaterial.q=%s" % self.pgpy._key.keymaterial.q)
- # custom seed: use sha256 hash of (p + q)
- self.ed25519_seed_bytes = nacl.bindings.crypto_hash_sha256(long_to_bytes(self.pgpy._key.keymaterial.p + self.pgpy._key.keymaterial.q))
- elif self.pgpy_key_type in ('ECDSA', 'EdDSA', 'ECDH'):
- log.debug("keygen.pgpy._key.keymaterial.s=%s" % self.pgpy._key.keymaterial.s)
- self.ed25519_seed_bytes = long_to_bytes(self.pgpy._key.keymaterial.s)
- else:
- raise NotImplementedError(f"getting seed from {self.pgpy_key_type} key is not implemented")
- except Exception as e:
- log.error(f'Unable to get ed25519 seed bytes from pgpy: {e}')
- self._cleanup()
- exit(2)
- log.debug("keygen.ed25519_seed_bytes=%s" % self.ed25519_seed_bytes)
-
- def ed25519_seed_bytes_from_protobuf(self):
- log.debug("keygen.ed25519_seed_bytes_from_protobuf()")
- try:
- self.ed25519_seed_bytes = self.ed25519_secret_protobuf.lstrip(b'\x08\x01\x12@')[:32]
- except Exception as e:
- log.error(f'Unable to get ed25519 seed bytes from protobuf: {e}')
- self._cleanup()
- exit(2)
- log.debug("keygen.ed25519_seed_bytes=%s" % self.ed25519_seed_bytes)
-
- def gpg_passphrase_cb(self, uid_hint, passphrase_info, prev_was_bad):
- log.debug("keygen.gpg_passphrase_cb(%s, %s, %s)" % (uid_hint, passphrase_info, prev_was_bad))
- return self.password
-
- def jwk_from_ed25519(self):
- log.debug("keygen.jwk_from_ed25519()")
- try:
- self.jwk = jwk.JWK.from_pyca(self.ed25519)
- except Exception as e:
- log.error(f'Unable to get jwk from ed25519: {e}')
- self._cleanup()
- exit(2)
-
- def jwk_from_json(self, json):
- log.debug("keygen.jwk_from_json()")
- try:
- self.jwk = jwk.JWK.from_json(json)
- except Exception as e:
- log.error(f'Unable to get jwk from json: {e}')
- self._cleanup()
- exit(2)
-
- def pem_pkcs8_from_ed25519(self):
- log.debug("keygen.pem_pkcs8_from_ed25519()")
- try:
- self.ed25519_secret_pem_pkcs8 = self.ed25519.private_bytes(encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.PKCS8, encryption_algorithm=serialization.NoEncryption()).decode('ascii')
- except Exception as e:
- log.error(f'Unable to get pem pkcs8 from ed25519: {e}')
- self._cleanup()
- exit(2)
- log.debug("keygen.ed25519_secret_pem_pkcs8=%s" % self.ed25519_secret_pem_pkcs8)
-
- def pgpy_from_gpg(self):
- log.debug("keygen.pgpy_from_gpg()")
- try:
- self.gpg_seckeys = list(self.gpg.keylist(pattern=self.username, secret=True))
- log.debug("keygen.gpg_seckeys=%s" % self.gpg_seckeys)
- if not self.gpg_seckeys:
- log.warning(f"""Unable to find any key matching username "{self.username}".""")
- self._cleanup()
- exit(1)
- else:
- self.gpg_seckey = self.gpg_seckeys[0]
- log.info(f"""Found key id "{self.gpg_seckey.fpr}" matching username "{self.username}".""")
- log.debug("keygen.gpg_seckey.expired=%s" % self.gpg_seckey.expired)
- log.debug("keygen.gpg_seckey.fpr=%s" % self.gpg_seckey.fpr)
- log.debug("keygen.gpg_seckey.revoked=%s" % self.gpg_seckey.revoked)
- log.debug("keygen.gpg_seckey.uids=%s" % self.gpg_seckey.uids)
- log.debug("keygen.gpg_seckey.owner_trust=%s" % self.gpg_seckey.owner_trust)
- log.debug("keygen.gpg_seckey.last_update=%s" % self.gpg_seckey.last_update)
- if self.password:
- self.gpg.set_pinentry_mode(gpg.constants.PINENTRY_MODE_LOOPBACK)
- self.pgp_public_armor = self.gpg.key_export(self.gpg_seckey.fpr)
- self.pgp_secret_armor = self.gpg.key_export_secret(self.gpg_seckey.fpr)
- log.debug("keygen.pgp_secret_armor=%s" % self.pgp_secret_armor)
- if not self.pgp_secret_armor:
- log.error(f"""Unable to export gpg secret key id "{self.gpg_seckey.fpr}" of user "{self.username}". Please check your password!""")
- self._cleanup()
- exit(2)
- with warnings.catch_warnings():
- # remove CryptographyDeprecationWarning about deprecated
- # SymmetricKeyAlgorithm IDEA, CAST5 and Blowfish (PGPy v0.5.4)
- warnings.simplefilter('ignore')
- self.pgpy, _ = pgpy.PGPKey.from_blob(self.pgp_secret_armor)
- except Exception as e:
- log.error(f'Unable to get pgpy from gpg: {e}')
- self._cleanup()
- exit(2)
-
- def pgpy_key_type(self):
- log.debug("keygen.pgpy_key_type()")
- if isinstance(self.pgpy._key.keymaterial, pgpy.packet.fields.RSAPriv):
- self.pgpy_key_type = 'RSA'
- elif isinstance(self.pgpy._key.keymaterial, pgpy.packet.fields.DSAPriv):
- self.pgpy_key_type = 'DSA'
- elif isinstance(self.pgpy._key.keymaterial, pgpy.packet.fields.ElGPriv):
- self.pgpy_key_type = 'ElGamal'
- elif isinstance(self.pgpy._key.keymaterial, pgpy.packet.fields.ECDSAPriv):
- self.pgpy_key_type = 'ECDSA'
- elif isinstance(self.pgpy._key.keymaterial, pgpy.packet.fields.EdDSAPriv):
- self.pgpy_key_type = 'EdDSA'
- elif isinstance(self.pgpy._key.keymaterial, pgpy.packet.fields.ECDHPriv):
- self.pgpy_key_type = 'ECDH'
- else:
- self.pgpy_key_type = 'undefined'
- log.debug("keygen.pgpy_key_type=%s" % self.pgpy_key_type)
-
- def protobuf_from_ed25519(self):
- # libp2p protobuf version 2
- log.debug("keygen.protobuf_from_ed25519()")
- try:
- self.ed25519_public_protobuf = b'\x00$\x08\x01\x12 ' + self.ed25519_public_bytes
- self.ed25519_secret_protobuf = b'\x08\x01\x12@' + self.ed25519_secret_bytes
- except Exception as e:
- log.error(f'Unable to get protobuf from ed25519: {e}')
- self._cleanup()
- exit(2)
- log.debug("keygen.ed25519_public_protobuf=%s" % self.ed25519_public_protobuf)
- log.debug("keygen.ed25519_secret_protobuf=%s" % self.ed25519_secret_protobuf)
-
-##
-# long_to_bytes comes from PyCrypto, which is released into Public Domain
-# https://github.com/dlitz/pycrypto/blob/master/lib/Crypto/Util/number.py
-def bytes_to_long(s):
- """bytes_to_long(string) : long
- Convert a byte string to a long integer.
- This is (essentially) the inverse of long_to_bytes().
- """
- acc = 0
- unpack = struct.unpack
- length = len(s)
- if length % 4:
- extra = (4 - length % 4)
- s = b'\000' * extra + s
- length = length + extra
- for i in range(0, length, 4):
- acc = (acc << 32) + unpack('>I', s[i:i+4])[0]
- return acc
-
-def long_to_bytes(n, blocksize=0):
- """long_to_bytes(n:long, blocksize:int) : string
- Convert a long integer to a byte string.
- If optional blocksize is given and greater than zero, pad the front of the
- byte string with binary zeros so that the length is a multiple of
- blocksize.
- """
- # after much testing, this algorithm was deemed to be the fastest
- s = b''
- n = int(n)
- pack = struct.pack
- while n > 0:
- s = pack('>I', n & 0xffffffff) + s
- n = n >> 32
- # strip off leading zeros
- for i in range(len(s)):
- if s[i] != b'\000'[0]:
- break
- else:
- # only happens when n == 0
- s = b'\000'
- i = 0
- s = s[i:]
- # add back some pad bytes. this could be done more efficiently w.r.t. the
- # de-padding being done above, but sigh...
- if blocksize > 0 and len(s) % blocksize:
- s = (blocksize - len(s) % blocksize) * b'\000' + s
- return s
+ log.debug("keygen().do_jwk()")
+ self.key.to_jwk()
+ self.public_key = self.key.public_jwk
+ self.secret_key = self.key.secret_jwk
+ self._output()
def main(argv=None):
if argv is None:
argv = sys.argv[1:]
-
- cli = keygen()
- return cli._run(argv)
+ return keygen()._cli(argv)
def version(version=__version__):
print("%s v%s" % (sys.argv[0],version))
if __name__ == "__main__":
sys.exit(main())
+