forked from aya/dpgpid
remove securebytes
This commit is contained in:
parent
c84b59e2cf
commit
c79f7f0915
123
keygen
123
keygen
|
@ -37,7 +37,6 @@ import nacl.bindings
|
|||
import nacl.encoding
|
||||
import pgpy
|
||||
import pynentry
|
||||
from SecureBytes import clearmem
|
||||
import os
|
||||
import re
|
||||
import struct
|
||||
|
@ -151,60 +150,6 @@ class keygen:
|
|||
if self.input is None and self.username is None:
|
||||
self.parser.error('keygen requires an input file or a username')
|
||||
|
||||
def _cleanup(self):
|
||||
log.debug("keygen._cleanup()")
|
||||
if hasattr(self, 'duniterpy'):
|
||||
if hasattr(self.duniterpy, 'seed') and self.duniterpy.seed:
|
||||
clearmem(self.duniterpy.seed)
|
||||
log.debug("cleared: keygen.duniterpy.seed")
|
||||
if hasattr(self.duniterpy, 'sk') and self.duniterpy.sk:
|
||||
clearmem(self.duniterpy.sk)
|
||||
log.debug("cleared: keygen.duniterpy.sk")
|
||||
if hasattr(self, 'ed25519_secret_base58') and self.ed25519_secret_base58:
|
||||
clearmem(self.ed25519_secret_base58)
|
||||
log.debug("cleared: keygen.ed25519_secret_base58")
|
||||
if hasattr(self, 'ed25519_secret_base64') and self.ed25519_secret_base64:
|
||||
clearmem(self.ed25519_secret_base64)
|
||||
log.debug("cleared: keygen.ed25519_secret_base64")
|
||||
if hasattr(self, 'ed25519_secret_bytes') and self.ed25519_secret_bytes:
|
||||
clearmem(self.ed25519_secret_bytes)
|
||||
log.debug("cleared: keygen.ed25519_secret_bytes")
|
||||
if hasattr(self, 'ed25519_secret_pem_pkcs8') and self.ed25519_secret_pem_pkcs8:
|
||||
clearmem(self.ed25519_secret_pem_pkcs8)
|
||||
log.debug("cleared: keygen.ed25515_secret_pem_pkcs8")
|
||||
if hasattr(self, 'ed25519_secret_protobuf') and self.ed25519_secret_protobuf:
|
||||
clearmem(self.ed25519_secret_protobuf)
|
||||
log.debug("cleared: keygen.ed25515_secret_protobuf")
|
||||
if hasattr(self, 'ed25519_seed_bytes') and self.ed25519_seed_bytes:
|
||||
clearmem(self.ed25519_seed_bytes)
|
||||
log.debug("cleared: keygen.ed25519_seed_bytes")
|
||||
if hasattr(self, 'ipfs_privkey') and self.ipfs_privkey:
|
||||
clearmem(self.ipfs_privkey)
|
||||
log.debug("cleared: keygen.ipfs_privkey")
|
||||
if hasattr(self, 'jwk'):
|
||||
if hasattr(self.jwk, 'd') and self.jwk.d:
|
||||
clearmem(self.jwk.d)
|
||||
log.debug("cleared: keygen.jwk.d")
|
||||
if hasattr(self, 'password') and self.password:
|
||||
clearmem(self.password)
|
||||
log.debug("cleared: keygen.password")
|
||||
if hasattr(self, 'pgp_secret_armor') and self.pgp_secret_armor:
|
||||
clearmem(self.pgp_secret_armor)
|
||||
log.debug("cleared: keygen.pgp_secret_armor")
|
||||
if hasattr(self, 'pgpy'):
|
||||
if hasattr(self.pgpy._key.keymaterial, 'p') and self.pgpy._key.keymaterial.p and not isinstance(self.pgpy._key.keymaterial.p, pgpy.packet.fields.ECPoint):
|
||||
clearmem(self.pgpy._key.keymaterial.p)
|
||||
log.debug("cleared: keygen.pgpy._key.material.p")
|
||||
if hasattr(self.pgpy._key.keymaterial, 'q') and self.pgpy._key.keymaterial.q:
|
||||
clearmem(self.pgpy._key.keymaterial.q)
|
||||
log.debug("cleared: keygen.pgpy._key.material.q")
|
||||
if hasattr(self.pgpy._key.keymaterial, 's') and self.pgpy._key.keymaterial.s:
|
||||
clearmem(self.pgpy._key.keymaterial.s)
|
||||
log.debug("cleared: keygen.pgpy._key.material.s")
|
||||
if hasattr(self, 'username') and self.username:
|
||||
clearmem(self.username)
|
||||
log.debug("cleared: keygen.username")
|
||||
|
||||
def _invalid_type(self):
|
||||
log.debug("keygen._invalid_type()")
|
||||
self.parser.error(f"type {self.type} is not valid.")
|
||||
|
@ -223,7 +168,7 @@ class keygen:
|
|||
else:
|
||||
self._output_file()
|
||||
os.chmod(self.output, 0o600)
|
||||
self._cleanup()
|
||||
|
||||
|
||||
def _output_file(self):
|
||||
log.debug("keygen._output_file()")
|
||||
|
@ -241,7 +186,7 @@ class keygen:
|
|||
self.password = p.get_pin()
|
||||
except pynentry.PinEntryCancelled:
|
||||
log.warning('Cancelled! Goodbye.')
|
||||
self._cleanup()
|
||||
|
||||
exit(1)
|
||||
self.duniterpy.save_dewif_v1_file(self.output, self.password)
|
||||
elif self.format == 'ewif':
|
||||
|
@ -257,7 +202,7 @@ class keygen:
|
|||
self.password = p.get_pin()
|
||||
except pynentry.PinEntryCancelled:
|
||||
log.warning('Cancelled! Goodbye.')
|
||||
self._cleanup()
|
||||
|
||||
exit(1)
|
||||
self.duniterpy.save_ewif_file(self.output, self.password)
|
||||
elif self.format == 'jwk':
|
||||
|
@ -293,7 +238,7 @@ class keygen:
|
|||
file.write(self.ed25519_secret_pem_pkcs8)
|
||||
except Exception as e:
|
||||
log.error(f'Unable to output file {self.output}: {e}')
|
||||
self._cleanup()
|
||||
|
||||
exit(2)
|
||||
|
||||
def _output_text(self, public_key, secret_key, public_key_prefix, secret_key_prefix):
|
||||
|
@ -341,7 +286,7 @@ class keygen:
|
|||
self.ed25519_secret_b58mh = base58.b58encode(self.ed25519_secret_protobuf).decode('ascii')
|
||||
except Exception as e:
|
||||
log.error(f'Unable to get b58mh from protobuf: {e}')
|
||||
self._cleanup()
|
||||
|
||||
exit(2)
|
||||
log.debug("keygen.ed25519_public_b58mh=%s" % self.ed25519_public_b58mh)
|
||||
log.debug("keygen.ed25519_secret_b58mh=%s" % self.ed25519_secret_b58mh)
|
||||
|
@ -353,7 +298,7 @@ class keygen:
|
|||
self.ed25519_secret_b64mh = base64.b64encode(self.ed25519_secret_protobuf).decode('ascii')
|
||||
except Exception as e:
|
||||
log.error(f'Unable to get b64mh from protobuf: {e}')
|
||||
self._cleanup()
|
||||
|
||||
exit(2)
|
||||
log.debug("keygen.ed25519_public_b64mh=%s" % self.ed25519_public_b64mh)
|
||||
log.debug("keygen.ed25519_secret_b64mh=%s" % self.ed25519_secret_b64mh)
|
||||
|
@ -365,7 +310,7 @@ class keygen:
|
|||
self.ed25519_secret_base58 = base58.b58encode(self.ed25519_secret_bytes).decode('ascii')
|
||||
except Exception as e:
|
||||
log.error(f'Unable to get base58 from ed25519: {e}')
|
||||
self._cleanup()
|
||||
|
||||
exit(2)
|
||||
log.debug("keygen.ed25519_public_base58=%s" % self.ed25519_public_base58)
|
||||
log.debug("keygen.ed25519_secret_base58=%s" % self.ed25519_secret_base58)
|
||||
|
@ -377,7 +322,7 @@ class keygen:
|
|||
self.ed25519_secret_base64 = base64.b64encode(self.ed25519_secret_bytes).decode('ascii')
|
||||
except Exception as e:
|
||||
log.error(f'Unable to get base64 from ed25519: {e}')
|
||||
self._cleanup()
|
||||
|
||||
exit(2)
|
||||
log.debug("keygen.ed25519_public_base64=%s" % self.ed25519_public_base64)
|
||||
log.debug("keygen.ed25519_secret_base64=%s" % self.ed25519_secret_base64)
|
||||
|
@ -440,7 +385,7 @@ class keygen:
|
|||
self.password = p.get_pin()
|
||||
except pynentry.PinEntryCancelled:
|
||||
log.warning('Cancelled! Goodbye.')
|
||||
self._cleanup()
|
||||
|
||||
exit(1)
|
||||
self.duniterpy = duniterpy.key.SigningKey.from_credentials(
|
||||
self.username,
|
||||
|
@ -449,7 +394,7 @@ class keygen:
|
|||
)
|
||||
except Exception as e:
|
||||
log.error(f'Unable to get duniter from credentials: {e}')
|
||||
self._cleanup()
|
||||
|
||||
exit(2)
|
||||
log.debug("keygen.duniterpy.seed: %s" % self.duniterpy.seed)
|
||||
|
||||
|
@ -459,7 +404,7 @@ class keygen:
|
|||
self.duniterpy = duniterpy.key.SigningKey(self.ed25519_seed_bytes)
|
||||
except Exception as e:
|
||||
log.error(f'Unable to get duniterpy from ed25519 seed bytes: {e}')
|
||||
self._cleanup()
|
||||
|
||||
exit(2)
|
||||
log.debug("keygen.duniterpy.seed: %s" % self.duniterpy.seed)
|
||||
|
||||
|
@ -490,7 +435,7 @@ class keygen:
|
|||
self.password = p.get_pin()
|
||||
except pynentry.PinEntryCancelled:
|
||||
log.warning('Cancelled! Goodbye.')
|
||||
self._cleanup()
|
||||
|
||||
exit(1)
|
||||
self.duniterpy = duniterpy.key.SigningKey.from_ewif_file(self.input, self.password)
|
||||
elif re.search(regex_jwk, line):
|
||||
|
@ -550,7 +495,7 @@ class keygen:
|
|||
self.password = p.get_pin()
|
||||
except pynentry.PinEntryCancelled:
|
||||
log.warning('Cancelled! Goodbye.')
|
||||
self._cleanup()
|
||||
|
||||
exit(1)
|
||||
self.duniterpy = duniterpy.key.SigningKey.from_dewif_file(self.input, self.password)
|
||||
if re.search(regex_pb2, line):
|
||||
|
@ -564,11 +509,11 @@ class keygen:
|
|||
raise NotImplementedError('empty file.')
|
||||
except Exception as e:
|
||||
log.error(f'Unable to get duniterpy from file {self.input}: {e}')
|
||||
self._cleanup()
|
||||
|
||||
exit(2)
|
||||
except Exception as e:
|
||||
log.error(f'Unable to get duniterpy from file {self.input}: {e}')
|
||||
self._cleanup()
|
||||
|
||||
exit(2)
|
||||
log.debug("keygen.duniterpy.seed: %s" % self.duniterpy.seed)
|
||||
|
||||
|
@ -587,7 +532,7 @@ class keygen:
|
|||
)
|
||||
except Exception as e:
|
||||
log.error(f'Unable to get duniterpy from mnemonic: {e}')
|
||||
self._cleanup()
|
||||
|
||||
exit(2)
|
||||
log.debug("keygen.duniterpy.seed: %s" % self.duniterpy.seed)
|
||||
|
||||
|
@ -612,7 +557,7 @@ class keygen:
|
|||
self.ed25519_from_seed_bytes()
|
||||
except:
|
||||
log.error(f'Unable to get ed25519 from duniterpy: {e}')
|
||||
self._cleanup()
|
||||
|
||||
exit(2)
|
||||
|
||||
def ed25519_from_gpg(self):
|
||||
|
@ -622,7 +567,7 @@ class keygen:
|
|||
self.ed25519_from_pgpy()
|
||||
except Exception as e:
|
||||
log.error(f'Unable to get ed25519 from pgp: {e}')
|
||||
self._cleanup()
|
||||
|
||||
exit(2)
|
||||
|
||||
def ed25519_from_pgpy(self):
|
||||
|
@ -641,7 +586,7 @@ class keygen:
|
|||
self.password = p.get_pin()
|
||||
except pynentry.PinEntryCancelled:
|
||||
log.warning('Cancelled! Goodbye.')
|
||||
self._cleanup()
|
||||
|
||||
exit(1)
|
||||
try:
|
||||
with warnings.catch_warnings():
|
||||
|
@ -654,14 +599,14 @@ class keygen:
|
|||
self.ed25519_seed_bytes_from_pgpy()
|
||||
except Exception as e:
|
||||
log.error(f"""Unable to unlock pgp secret key id "{self.pgpy.fingerprint.keyid}" of user "{self.username}": {e}""")
|
||||
self._cleanup()
|
||||
|
||||
exit(2)
|
||||
else:
|
||||
self.ed25519_seed_bytes_from_pgpy()
|
||||
self.ed25519_from_seed_bytes()
|
||||
except Exception as e:
|
||||
log.error(f'Unable to get ed25519 seed bytes from pgpy: {e}')
|
||||
self._cleanup()
|
||||
|
||||
exit(2)
|
||||
|
||||
def ed25519_from_seed_bytes(self):
|
||||
|
@ -671,7 +616,7 @@ class keygen:
|
|||
self.ed25519 = ed25519.Ed25519PrivateKey.from_private_bytes(self.ed25519_seed_bytes)
|
||||
except Exception as e:
|
||||
log.error(f'Unable to get ed25519 from seed bytes: {e}')
|
||||
self._cleanup()
|
||||
|
||||
exit(2)
|
||||
log.debug("keygen.ed25519_public_bytes=%s" % self.ed25519_public_bytes)
|
||||
log.debug("keygen.ed25519_secret_bytes=%s" % self.ed25519_secret_bytes)
|
||||
|
@ -682,7 +627,7 @@ class keygen:
|
|||
self.ed25519_seed_bytes = self.duniterpy.sk[:32]
|
||||
except Exception as e:
|
||||
log.error(f'Unable to get ed25519 seed bytes from duniterpy: {e}')
|
||||
self._cleanup()
|
||||
|
||||
exit(2)
|
||||
log.debug("keygen.ed25519_seed_bytes=%s" % self.ed25519_seed_bytes)
|
||||
|
||||
|
@ -692,7 +637,7 @@ class keygen:
|
|||
self.ed25519_seed_bytes = self.jwk._okp_pri().private_bytes(encoding=serialization.Encoding.Raw, format=serialization.PrivateFormat.Raw, encryption_algorithm=serialization.NoEncryption())
|
||||
except Exception as e:
|
||||
log.error(f'Unable to get ed25519 seed bytes from jwk: {e}')
|
||||
self._cleanup()
|
||||
|
||||
exit(2)
|
||||
|
||||
def ed25519_seed_bytes_from_pem(self, pem):
|
||||
|
@ -701,7 +646,7 @@ class keygen:
|
|||
self.ed25519_seed_bytes = serialization.load_pem_private_key(pem, password=None).private_bytes(encoding=serialization.Encoding.Raw, format=serialization.PrivateFormat.Raw, encryption_algorithm=serialization.NoEncryption())
|
||||
except Exception as e:
|
||||
log.error(f'Unable to get ed25519 seed bytes from pem: {e}')
|
||||
self._cleanup()
|
||||
|
||||
exit(2)
|
||||
|
||||
def ed25519_seed_bytes_from_pgpy(self):
|
||||
|
@ -720,7 +665,7 @@ class keygen:
|
|||
raise NotImplementedError(f"getting seed from {self.pgpy_key_type} key is not implemented")
|
||||
except Exception as e:
|
||||
log.error(f'Unable to get ed25519 seed bytes from pgpy: {e}')
|
||||
self._cleanup()
|
||||
|
||||
exit(2)
|
||||
log.debug("keygen.ed25519_seed_bytes=%s" % self.ed25519_seed_bytes)
|
||||
|
||||
|
@ -730,7 +675,7 @@ class keygen:
|
|||
self.ed25519_seed_bytes = self.ed25519_secret_protobuf.lstrip(b'\x08\x01\x12@')[:32]
|
||||
except Exception as e:
|
||||
log.error(f'Unable to get ed25519 seed bytes from protobuf: {e}')
|
||||
self._cleanup()
|
||||
|
||||
exit(2)
|
||||
log.debug("keygen.ed25519_seed_bytes=%s" % self.ed25519_seed_bytes)
|
||||
|
||||
|
@ -744,7 +689,7 @@ class keygen:
|
|||
self.jwk = jwk.JWK.from_pyca(self.ed25519)
|
||||
except Exception as e:
|
||||
log.error(f'Unable to get jwk from ed25519: {e}')
|
||||
self._cleanup()
|
||||
|
||||
exit(2)
|
||||
|
||||
def jwk_from_json(self, json):
|
||||
|
@ -753,7 +698,7 @@ class keygen:
|
|||
self.jwk = jwk.JWK.from_json(json)
|
||||
except Exception as e:
|
||||
log.error(f'Unable to get jwk from json: {e}')
|
||||
self._cleanup()
|
||||
|
||||
exit(2)
|
||||
|
||||
def pem_pkcs8_from_ed25519(self):
|
||||
|
@ -762,7 +707,7 @@ class keygen:
|
|||
self.ed25519_secret_pem_pkcs8 = self.ed25519.private_bytes(encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.PKCS8, encryption_algorithm=serialization.NoEncryption()).decode('ascii')
|
||||
except Exception as e:
|
||||
log.error(f'Unable to get pem pkcs8 from ed25519: {e}')
|
||||
self._cleanup()
|
||||
|
||||
exit(2)
|
||||
log.debug("keygen.ed25519_secret_pem_pkcs8=%s" % self.ed25519_secret_pem_pkcs8)
|
||||
|
||||
|
@ -773,7 +718,7 @@ class keygen:
|
|||
log.debug("keygen.gpg_seckeys=%s" % self.gpg_seckeys)
|
||||
if not self.gpg_seckeys:
|
||||
log.warning(f"""Unable to find any key matching username "{self.username}".""")
|
||||
self._cleanup()
|
||||
|
||||
exit(1)
|
||||
else:
|
||||
self.gpg_seckey = self.gpg_seckeys[0]
|
||||
|
@ -791,7 +736,7 @@ class keygen:
|
|||
log.debug("keygen.pgp_secret_armor=%s" % self.pgp_secret_armor)
|
||||
if not self.pgp_secret_armor:
|
||||
log.error(f"""Unable to export gpg secret key id "{self.gpg_seckey.fpr}" of user "{self.username}". Please check your password!""")
|
||||
self._cleanup()
|
||||
|
||||
exit(2)
|
||||
with warnings.catch_warnings():
|
||||
# remove CryptographyDeprecationWarning about deprecated
|
||||
|
@ -800,7 +745,7 @@ class keygen:
|
|||
self.pgpy, _ = pgpy.PGPKey.from_blob(self.pgp_secret_armor)
|
||||
except Exception as e:
|
||||
log.error(f'Unable to get pgpy from gpg: {e}')
|
||||
self._cleanup()
|
||||
|
||||
exit(2)
|
||||
|
||||
def pgpy_key_type(self):
|
||||
|
@ -829,7 +774,7 @@ class keygen:
|
|||
self.ed25519_secret_protobuf = b'\x08\x01\x12@' + self.ed25519_secret_bytes
|
||||
except Exception as e:
|
||||
log.error(f'Unable to get protobuf from ed25519: {e}')
|
||||
self._cleanup()
|
||||
|
||||
exit(2)
|
||||
log.debug("keygen.ed25519_public_protobuf=%s" % self.ed25519_public_protobuf)
|
||||
log.debug("keygen.ed25519_secret_protobuf=%s" % self.ed25519_secret_protobuf)
|
||||
|
|
Loading…
Reference in New Issue