diff --git a/decrypt.py b/decrypt.py
deleted file mode 100755
index 5010209..0000000
--- a/decrypt.py
+++ /dev/null
@@ -1,27 +0,0 @@
-#! /usr/bin/python3
-
-import sys
-from base58 import b58decode
-from base64 import b64decode
-from libnacl import crypto_sign_ed25519_sk_to_curve25519 as private_sign2crypt
-from libnacl import crypto_sign_ed25519_pk_to_curve25519 as public_sign2crypt
-from libnacl.sign import Signer, Verifier
-from libnacl.public import SecretKey, PublicKey, Box
-
-sender_pub = sys.argv[1]
-recip_seed = sys.argv[2]
-nonce = sys.argv[3]
-title = sys.argv[4]
-content = sys.argv[5]
-
-signer = Signer(b58decode(recip_seed))
-sk = SecretKey(private_sign2crypt(signer.sk))
-
-verifier = Verifier(b58decode(sender_pub).hex())
-pk = PublicKey(public_sign2crypt(verifier.vk))
-
-box = Box(sk.sk, pk.pk)
-
-print("Objet: " + box.decrypt(b64decode(nonce) + b64decode(title)).decode('utf-8'))
-print("\n" + box.decrypt(b64decode(nonce) + b64decode(content)).decode('utf-8'))
-
diff --git a/natools.py b/natools.py
index c69cb22..18f06d1 100755
--- a/natools.py
+++ b/natools.py
@@ -17,9 +17,9 @@
along with this program. If not, see .
"""
-__version__ = "1.2.2"
+__version__ = "1.3.1"
-import os, sys, duniterpy.key, libnacl, libnacl.sign, base58, base64, getpass
+import os, sys, duniterpy.key, libnacl, base58, base64, getpass
def getargv(arg:str, default:str="", n:int=1, args:list=sys.argv) -> str:
if arg in args and len(args) > args.index(arg)+n:
@@ -30,7 +30,7 @@ def getargv(arg:str, default:str="", n:int=1, args:list=sys.argv) -> str:
def read_data(data_path, b=True):
if data_path == "-":
if b:
- return sys.stdin.read().encode()
+ return sys.stdin.buffer.read()
else:
return sys.stdin.read()
else:
@@ -48,6 +48,23 @@ def encrypt(data, pubkey):
def decrypt(data, privkey):
return privkey.decrypt_seal(data)
+def box_encrypt(data, privkey, pubkey, nonce=None, attach_nonce=False):
+ signer = libnacl.sign.Signer(privkey.seed)
+ sk = libnacl.public.SecretKey(libnacl.crypto_sign_ed25519_sk_to_curve25519(signer.sk))
+ verifier = libnacl.sign.Verifier(base58.b58decode(pubkey).hex())
+ pk = libnacl.public.PublicKey(libnacl.crypto_sign_ed25519_pk_to_curve25519(verifier.vk))
+ box = libnacl.public.Box(sk.sk, pk.pk)
+ data = box.encrypt(data, nonce) if nonce else box.encrypt(data)
+ return data if attach_nonce else data[24:]
+
+def box_decrypt(data, privkey, pubkey, nonce=None):
+ signer = libnacl.sign.Signer(privkey.seed)
+ sk = libnacl.public.SecretKey(libnacl.crypto_sign_ed25519_sk_to_curve25519(signer.sk))
+ verifier = libnacl.sign.Verifier(base58.b58decode(pubkey).hex())
+ pk = libnacl.public.PublicKey(libnacl.crypto_sign_ed25519_pk_to_curve25519(verifier.vk))
+ box = libnacl.public.Box(sk.sk, pk.pk)
+ return box.decrypt(data, nonce) if nonce else box.decrypt(data)
+
def sign(data, privkey):
return privkey.sign(data)
@@ -131,24 +148,38 @@ fmt = {
"85": lambda data: base64.b85encode(data),
}
+defmt = {
+ "raw": lambda data: data,
+ "16": lambda data: bytes.fromhex(data),
+ "32": lambda data: base64.b32decode(data),
+ "58": lambda data: base58.b58decode(data),
+ "64": lambda data: base64.b64decode(data),
+ "85": lambda data: base64.b85decode(data),
+}
+
def show_help():
print("""Usage:
python3 natools.py [options]
Commands:
- encrypt Encrypt data
- decrypt Decrypt data
- sign Sign data
- verify Verify data
- pubkey Display pubkey
- pk Display b58 pubkey shorthand
+ encrypt Encrypt data
+ decrypt Decrypt data
+ box-encrypt Encrypt data (NaCl box)
+ box-decrypt Decrypt data (NaCl box)
+ sign Sign data
+ verify Verify data
+ pubkey Display pubkey
+ pk Display b58 pubkey shorthand
Options:
-c Display pubkey checksum
-f Private key format (default: cred)
key cred pubsec seedh ssb wif wifh
-i Input file path (default: -)
+ -I Input format: raw 16 32 58 64 85 (default: raw)
-k Privkey file path (* for auto) (default: *)
+ -n Nonce (b64, 24 bytes) (for NaCl box)
+ -N Attach nonce to output (for NaCl box encryption)
--noinc Do not include msg after signature
-o Output file path (default: -)
-O Output format: raw 16 32 58 64 64u 85 (default: raw)
@@ -177,6 +208,7 @@ if __name__ == "__main__":
pubkey = getargv("-p")
result_path = getargv("-o", "-")
output_format = getargv("-O", "raw")
+ input_format = getargv("-I", "raw")
if pubkey:
pubkey, len_deprecated = check_pubkey(pubkey)
@@ -194,13 +226,32 @@ if __name__ == "__main__":
if not pubkey:
print("Please provide pubkey!")
exit(1)
- write_data(fmt[output_format](encrypt(read_data(data_path), pubkey)), result_path)
+ write_data(fmt[output_format](encrypt(defmt[input_format](read_data(data_path)), pubkey)), result_path)
elif sys.argv[1] == "decrypt":
- write_data(fmt[output_format](decrypt(read_data(data_path), get_privkey(privkey_path, privkey_format))), result_path)
+ write_data(fmt[output_format](decrypt(defmt[input_format](read_data(data_path)), get_privkey(privkey_path, privkey_format))), result_path)
+
+ elif sys.argv[1] == "box-encrypt":
+ if not pubkey:
+ print("Please provide pubkey!")
+ exit(1)
+ nonce = getargv("-n", None)
+ if nonce:
+ nonce = base64.b64decode(nonce)
+ attach_nonce = "-N" in sys.argv
+ write_data(fmt[output_format](box_encrypt(defmt[input_format](read_data(data_path)), get_privkey(privkey_path, privkey_format), pubkey, nonce, attach_nonce)), result_path)
+
+ elif sys.argv[1] == "box-decrypt":
+ if not pubkey:
+ print("Please provide pubkey!")
+ exit(1)
+ nonce = getargv("-n", None)
+ if nonce:
+ nonce = base64.b64decode(nonce)
+ write_data(fmt[output_format](box_decrypt(defmt[input_format](read_data(data_path)), get_privkey(privkey_path, privkey_format), pubkey, nonce)), result_path)
elif sys.argv[1] == "sign":
- data = read_data(data_path)
+ data = defmt[input_format](read_data(data_path))
signed = sign(data, get_privkey(privkey_path, privkey_format))
if "--noinc" in sys.argv:
@@ -212,7 +263,7 @@ if __name__ == "__main__":
if not pubkey:
print("Please provide pubkey!")
exit(1)
- write_data(fmt[output_format](verify(read_data(data_path), pubkey)), result_path)
+ write_data(fmt[output_format](verify(defmt[input_format](read_data(data_path)), pubkey)), result_path)
elif sys.argv[1] == "pubkey":
if pubkey:
diff --git a/readmsg.sh b/readmsg.sh
index b77de0e..50a3e89 100755
--- a/readmsg.sh
+++ b/readmsg.sh
@@ -52,9 +52,6 @@ fi
[[ -z $(grep -Eo $REGEX_PUBKEYS <<<$recipient) ]] && echo "Le format de la clé publique du destinataire est invalide." && exit 1
-times=$(date -u +'%s')
-nonce=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)
-
document="{\"sort\":{\"time\":\"desc\"},\"from\":0,\"size\":$nbrRaw,\"_source\":[\"issuer\",\"recipient\",\"title\",\"content\",\"time\",\"nonce\",\"read_signature\"],\"query\":{\"bool\":{\"filter\":{\"term\":{\"recipient\":\"$recipient\"}}}}}"
# Envoi du document
@@ -64,7 +61,6 @@ msgContent=$(curl -s -X POST "https://g1.data.duniter.fr/message/$type/_search"
n=0
for i in $msgContent; do
echo -e "=== $n ===\n"
- #totalMsg='{'$(jq -r .total <<<"$i")'}'
dataObj=($(jq -r '.issuer,.recipient,.nonce,.title,.content,.time' <<<"$i"))
issuer="${dataObj[0]}"
recipient="${dataObj[1]}"
@@ -73,10 +69,10 @@ for i in $msgContent; do
content="${dataObj[4]}"
time="${dataObj[5]}"
- # python3 decrypt.py "$issuer" "$duniSeed" "$nonce" "$title" "$content"
- titleClear=$(./natools.py box-decrypt -p "$issuer" -n "$nonce" -f pubsec -k "$dunikey" <<<"$title")
+ titleClear=$(./natools.py box-decrypt -p $issuer -f pubsec -k $dunikey -n $nonce -I 64 <<< "${title}")
+ contentClear=$(./natools.py box-decrypt -p $issuer -f pubsec -k $dunikey -n $nonce -I 64 <<< "${content}")
echo "$titleClear"
+ echo "$contentClear"
echo "========="
((n++))
done
-
diff --git a/sendmsg.sh b/sendmsg.sh
index 1033784..1f44cc3 100755
--- a/sendmsg.sh
+++ b/sendmsg.sh
@@ -66,17 +66,15 @@ fi
[[ -z $(grep -Eo $REGEX_PUBKEYS <<<$issuer) ]] && echo "Le format de la clé publique de l'émetteur est invalide." && exit 1
# Récupération et chiffrement du titre et du message
-title=$(head -n1 <<<$message | ./natools.py encrypt --pubsec -p $recipient -O 58)
-content=$(tail -n+2 <<<$message | ./natools.py encrypt --pubsec -p $recipient -O 58)
-
-# title="78FPlouMe63I49IzyNY1B2Uh6s8mBBoBZA=="
-# content="78FPlouMe63I49IzyNY1B2Uh6s8mBBoBZA=="
+nonce=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)
+b58nonce=$(echo $nonce | base64 -d | base58)
+title=$(head -n1 <<<$message | ./natools.py box-encrypt -n $nonce -f pubsec -k $dunikey -p $recipient -O 64)
+content=$(tail -n+2 <<<$message | ./natools.py box-encrypt -n $nonce -f pubsec -k $dunikey -p $recipient -O 64)
times=$(date -u +'%s')
-nonce=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)
# Fabrication du hash
-hashBrut="{\"issuer\":\"$issuer\",\"recipient\":\"$recipient\",\"title\":\"$title\",\"content\":\"$content\",\"time\":$times,\"nonce\":\"$nonce\",\"version\":2}"
+hashBrut="{\"issuer\":\"$issuer\",\"recipient\":\"$recipient\",\"title\":\"$title\",\"content\":\"$content\",\"time\":$times,\"nonce\":\"$b58nonce\",\"version\":2}"
hash=$(echo -n "$hashBrut" | sha256sum | cut -d ' ' -f1 | awk '{ print toupper($0) }')
# Fabrication de la signature
@@ -88,14 +86,17 @@ jq . <<<$document
# Envoi du document
#curl -s -i -X OPTIONS "$pod/message/inbox?pubkey=$issuer" -d "pubkey=$issuer"
-msgID=$(curl -s -X POST "$pod/message/inbox?pubkey=$issuer" -d "$document")
+msgID=$(curl -s -X POST "$pod/message/inbox?pubkey=$recipient" -d "$document")
echo -e "\nMessage ID: $msgID"
+
+### Tests mode ###
+
# Delete the message 1 second later, just for test
-sleep 1 && ./deletemsg.sh -id $msgID
+#sleep 1 && ./deletemsg.sh -id $msgID
# To put the message in outbox too
-# curl -s -X POST "$pod/message/outbox?pubkey=$issuer" -d "$document"
+#curl -s -X POST "$pod/message/outbox?pubkey=$issuer" -d "$document"
-# To put the message as read
-# ,\"read_signature\":\"$signature\"
+# To put the message as read, ad this at the end of document
+#,\"read_signature\":\"$signature\"