forked from axiom-team/jaklis
Eureka ! Read/Send OK !
This commit is contained in:
parent
506963ed40
commit
3cf3c8b8f2
27
decrypt.py
27
decrypt.py
|
@ -1,27 +0,0 @@
|
||||||
#! /usr/bin/python3
|
|
||||||
|
|
||||||
import sys
|
|
||||||
from base58 import b58decode
|
|
||||||
from base64 import b64decode
|
|
||||||
from libnacl import crypto_sign_ed25519_sk_to_curve25519 as private_sign2crypt
|
|
||||||
from libnacl import crypto_sign_ed25519_pk_to_curve25519 as public_sign2crypt
|
|
||||||
from libnacl.sign import Signer, Verifier
|
|
||||||
from libnacl.public import SecretKey, PublicKey, Box
|
|
||||||
|
|
||||||
sender_pub = sys.argv[1]
|
|
||||||
recip_seed = sys.argv[2]
|
|
||||||
nonce = sys.argv[3]
|
|
||||||
title = sys.argv[4]
|
|
||||||
content = sys.argv[5]
|
|
||||||
|
|
||||||
signer = Signer(b58decode(recip_seed))
|
|
||||||
sk = SecretKey(private_sign2crypt(signer.sk))
|
|
||||||
|
|
||||||
verifier = Verifier(b58decode(sender_pub).hex())
|
|
||||||
pk = PublicKey(public_sign2crypt(verifier.vk))
|
|
||||||
|
|
||||||
box = Box(sk.sk, pk.pk)
|
|
||||||
|
|
||||||
print("Objet: " + box.decrypt(b64decode(nonce) + b64decode(title)).decode('utf-8'))
|
|
||||||
print("\n" + box.decrypt(b64decode(nonce) + b64decode(content)).decode('utf-8'))
|
|
||||||
|
|
77
natools.py
77
natools.py
|
@ -17,9 +17,9 @@
|
||||||
along with this program. If not, see <https://www.gnu.org/licenses/>.
|
along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
__version__ = "1.2.2"
|
__version__ = "1.3.1"
|
||||||
|
|
||||||
import os, sys, duniterpy.key, libnacl, libnacl.sign, base58, base64, getpass
|
import os, sys, duniterpy.key, libnacl, base58, base64, getpass
|
||||||
|
|
||||||
def getargv(arg:str, default:str="", n:int=1, args:list=sys.argv) -> str:
|
def getargv(arg:str, default:str="", n:int=1, args:list=sys.argv) -> str:
|
||||||
if arg in args and len(args) > args.index(arg)+n:
|
if arg in args and len(args) > args.index(arg)+n:
|
||||||
|
@ -30,7 +30,7 @@ def getargv(arg:str, default:str="", n:int=1, args:list=sys.argv) -> str:
|
||||||
def read_data(data_path, b=True):
|
def read_data(data_path, b=True):
|
||||||
if data_path == "-":
|
if data_path == "-":
|
||||||
if b:
|
if b:
|
||||||
return sys.stdin.read().encode()
|
return sys.stdin.buffer.read()
|
||||||
else:
|
else:
|
||||||
return sys.stdin.read()
|
return sys.stdin.read()
|
||||||
else:
|
else:
|
||||||
|
@ -48,6 +48,23 @@ def encrypt(data, pubkey):
|
||||||
def decrypt(data, privkey):
|
def decrypt(data, privkey):
|
||||||
return privkey.decrypt_seal(data)
|
return privkey.decrypt_seal(data)
|
||||||
|
|
||||||
|
def box_encrypt(data, privkey, pubkey, nonce=None, attach_nonce=False):
|
||||||
|
signer = libnacl.sign.Signer(privkey.seed)
|
||||||
|
sk = libnacl.public.SecretKey(libnacl.crypto_sign_ed25519_sk_to_curve25519(signer.sk))
|
||||||
|
verifier = libnacl.sign.Verifier(base58.b58decode(pubkey).hex())
|
||||||
|
pk = libnacl.public.PublicKey(libnacl.crypto_sign_ed25519_pk_to_curve25519(verifier.vk))
|
||||||
|
box = libnacl.public.Box(sk.sk, pk.pk)
|
||||||
|
data = box.encrypt(data, nonce) if nonce else box.encrypt(data)
|
||||||
|
return data if attach_nonce else data[24:]
|
||||||
|
|
||||||
|
def box_decrypt(data, privkey, pubkey, nonce=None):
|
||||||
|
signer = libnacl.sign.Signer(privkey.seed)
|
||||||
|
sk = libnacl.public.SecretKey(libnacl.crypto_sign_ed25519_sk_to_curve25519(signer.sk))
|
||||||
|
verifier = libnacl.sign.Verifier(base58.b58decode(pubkey).hex())
|
||||||
|
pk = libnacl.public.PublicKey(libnacl.crypto_sign_ed25519_pk_to_curve25519(verifier.vk))
|
||||||
|
box = libnacl.public.Box(sk.sk, pk.pk)
|
||||||
|
return box.decrypt(data, nonce) if nonce else box.decrypt(data)
|
||||||
|
|
||||||
def sign(data, privkey):
|
def sign(data, privkey):
|
||||||
return privkey.sign(data)
|
return privkey.sign(data)
|
||||||
|
|
||||||
|
@ -131,24 +148,38 @@ fmt = {
|
||||||
"85": lambda data: base64.b85encode(data),
|
"85": lambda data: base64.b85encode(data),
|
||||||
}
|
}
|
||||||
|
|
||||||
|
defmt = {
|
||||||
|
"raw": lambda data: data,
|
||||||
|
"16": lambda data: bytes.fromhex(data),
|
||||||
|
"32": lambda data: base64.b32decode(data),
|
||||||
|
"58": lambda data: base58.b58decode(data),
|
||||||
|
"64": lambda data: base64.b64decode(data),
|
||||||
|
"85": lambda data: base64.b85decode(data),
|
||||||
|
}
|
||||||
|
|
||||||
def show_help():
|
def show_help():
|
||||||
print("""Usage:
|
print("""Usage:
|
||||||
python3 natools.py <command> [options]
|
python3 natools.py <command> [options]
|
||||||
|
|
||||||
Commands:
|
Commands:
|
||||||
encrypt Encrypt data
|
encrypt Encrypt data
|
||||||
decrypt Decrypt data
|
decrypt Decrypt data
|
||||||
sign Sign data
|
box-encrypt Encrypt data (NaCl box)
|
||||||
verify Verify data
|
box-decrypt Decrypt data (NaCl box)
|
||||||
pubkey Display pubkey
|
sign Sign data
|
||||||
pk Display b58 pubkey shorthand
|
verify Verify data
|
||||||
|
pubkey Display pubkey
|
||||||
|
pk Display b58 pubkey shorthand
|
||||||
|
|
||||||
Options:
|
Options:
|
||||||
-c Display pubkey checksum
|
-c Display pubkey checksum
|
||||||
-f <fmt> Private key format (default: cred)
|
-f <fmt> Private key format (default: cred)
|
||||||
key cred pubsec seedh ssb wif wifh
|
key cred pubsec seedh ssb wif wifh
|
||||||
-i <path> Input file path (default: -)
|
-i <path> Input file path (default: -)
|
||||||
|
-I <fmt> Input format: raw 16 32 58 64 85 (default: raw)
|
||||||
-k <path> Privkey file path (* for auto) (default: *)
|
-k <path> Privkey file path (* for auto) (default: *)
|
||||||
|
-n <nonce> Nonce (b64, 24 bytes) (for NaCl box)
|
||||||
|
-N Attach nonce to output (for NaCl box encryption)
|
||||||
--noinc Do not include msg after signature
|
--noinc Do not include msg after signature
|
||||||
-o <path> Output file path (default: -)
|
-o <path> Output file path (default: -)
|
||||||
-O <fmt> Output format: raw 16 32 58 64 64u 85 (default: raw)
|
-O <fmt> Output format: raw 16 32 58 64 64u 85 (default: raw)
|
||||||
|
@ -177,6 +208,7 @@ if __name__ == "__main__":
|
||||||
pubkey = getargv("-p")
|
pubkey = getargv("-p")
|
||||||
result_path = getargv("-o", "-")
|
result_path = getargv("-o", "-")
|
||||||
output_format = getargv("-O", "raw")
|
output_format = getargv("-O", "raw")
|
||||||
|
input_format = getargv("-I", "raw")
|
||||||
|
|
||||||
if pubkey:
|
if pubkey:
|
||||||
pubkey, len_deprecated = check_pubkey(pubkey)
|
pubkey, len_deprecated = check_pubkey(pubkey)
|
||||||
|
@ -194,13 +226,32 @@ if __name__ == "__main__":
|
||||||
if not pubkey:
|
if not pubkey:
|
||||||
print("Please provide pubkey!")
|
print("Please provide pubkey!")
|
||||||
exit(1)
|
exit(1)
|
||||||
write_data(fmt[output_format](encrypt(read_data(data_path), pubkey)), result_path)
|
write_data(fmt[output_format](encrypt(defmt[input_format](read_data(data_path)), pubkey)), result_path)
|
||||||
|
|
||||||
elif sys.argv[1] == "decrypt":
|
elif sys.argv[1] == "decrypt":
|
||||||
write_data(fmt[output_format](decrypt(read_data(data_path), get_privkey(privkey_path, privkey_format))), result_path)
|
write_data(fmt[output_format](decrypt(defmt[input_format](read_data(data_path)), get_privkey(privkey_path, privkey_format))), result_path)
|
||||||
|
|
||||||
|
elif sys.argv[1] == "box-encrypt":
|
||||||
|
if not pubkey:
|
||||||
|
print("Please provide pubkey!")
|
||||||
|
exit(1)
|
||||||
|
nonce = getargv("-n", None)
|
||||||
|
if nonce:
|
||||||
|
nonce = base64.b64decode(nonce)
|
||||||
|
attach_nonce = "-N" in sys.argv
|
||||||
|
write_data(fmt[output_format](box_encrypt(defmt[input_format](read_data(data_path)), get_privkey(privkey_path, privkey_format), pubkey, nonce, attach_nonce)), result_path)
|
||||||
|
|
||||||
|
elif sys.argv[1] == "box-decrypt":
|
||||||
|
if not pubkey:
|
||||||
|
print("Please provide pubkey!")
|
||||||
|
exit(1)
|
||||||
|
nonce = getargv("-n", None)
|
||||||
|
if nonce:
|
||||||
|
nonce = base64.b64decode(nonce)
|
||||||
|
write_data(fmt[output_format](box_decrypt(defmt[input_format](read_data(data_path)), get_privkey(privkey_path, privkey_format), pubkey, nonce)), result_path)
|
||||||
|
|
||||||
elif sys.argv[1] == "sign":
|
elif sys.argv[1] == "sign":
|
||||||
data = read_data(data_path)
|
data = defmt[input_format](read_data(data_path))
|
||||||
signed = sign(data, get_privkey(privkey_path, privkey_format))
|
signed = sign(data, get_privkey(privkey_path, privkey_format))
|
||||||
|
|
||||||
if "--noinc" in sys.argv:
|
if "--noinc" in sys.argv:
|
||||||
|
@ -212,7 +263,7 @@ if __name__ == "__main__":
|
||||||
if not pubkey:
|
if not pubkey:
|
||||||
print("Please provide pubkey!")
|
print("Please provide pubkey!")
|
||||||
exit(1)
|
exit(1)
|
||||||
write_data(fmt[output_format](verify(read_data(data_path), pubkey)), result_path)
|
write_data(fmt[output_format](verify(defmt[input_format](read_data(data_path)), pubkey)), result_path)
|
||||||
|
|
||||||
elif sys.argv[1] == "pubkey":
|
elif sys.argv[1] == "pubkey":
|
||||||
if pubkey:
|
if pubkey:
|
||||||
|
|
10
readmsg.sh
10
readmsg.sh
|
@ -52,9 +52,6 @@ fi
|
||||||
|
|
||||||
[[ -z $(grep -Eo $REGEX_PUBKEYS <<<$recipient) ]] && echo "Le format de la clé publique du destinataire est invalide." && exit 1
|
[[ -z $(grep -Eo $REGEX_PUBKEYS <<<$recipient) ]] && echo "Le format de la clé publique du destinataire est invalide." && exit 1
|
||||||
|
|
||||||
times=$(date -u +'%s')
|
|
||||||
nonce=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)
|
|
||||||
|
|
||||||
document="{\"sort\":{\"time\":\"desc\"},\"from\":0,\"size\":$nbrRaw,\"_source\":[\"issuer\",\"recipient\",\"title\",\"content\",\"time\",\"nonce\",\"read_signature\"],\"query\":{\"bool\":{\"filter\":{\"term\":{\"recipient\":\"$recipient\"}}}}}"
|
document="{\"sort\":{\"time\":\"desc\"},\"from\":0,\"size\":$nbrRaw,\"_source\":[\"issuer\",\"recipient\",\"title\",\"content\",\"time\",\"nonce\",\"read_signature\"],\"query\":{\"bool\":{\"filter\":{\"term\":{\"recipient\":\"$recipient\"}}}}}"
|
||||||
|
|
||||||
# Envoi du document
|
# Envoi du document
|
||||||
|
@ -64,7 +61,6 @@ msgContent=$(curl -s -X POST "https://g1.data.duniter.fr/message/$type/_search"
|
||||||
n=0
|
n=0
|
||||||
for i in $msgContent; do
|
for i in $msgContent; do
|
||||||
echo -e "=== $n ===\n"
|
echo -e "=== $n ===\n"
|
||||||
#totalMsg='{'$(jq -r .total <<<"$i")'}'
|
|
||||||
dataObj=($(jq -r '.issuer,.recipient,.nonce,.title,.content,.time' <<<"$i"))
|
dataObj=($(jq -r '.issuer,.recipient,.nonce,.title,.content,.time' <<<"$i"))
|
||||||
issuer="${dataObj[0]}"
|
issuer="${dataObj[0]}"
|
||||||
recipient="${dataObj[1]}"
|
recipient="${dataObj[1]}"
|
||||||
|
@ -73,10 +69,10 @@ for i in $msgContent; do
|
||||||
content="${dataObj[4]}"
|
content="${dataObj[4]}"
|
||||||
time="${dataObj[5]}"
|
time="${dataObj[5]}"
|
||||||
|
|
||||||
# python3 decrypt.py "$issuer" "$duniSeed" "$nonce" "$title" "$content"
|
titleClear=$(./natools.py box-decrypt -p $issuer -f pubsec -k $dunikey -n $nonce -I 64 <<< "${title}")
|
||||||
titleClear=$(./natools.py box-decrypt -p "$issuer" -n "$nonce" -f pubsec -k "$dunikey" <<<"$title")
|
contentClear=$(./natools.py box-decrypt -p $issuer -f pubsec -k $dunikey -n $nonce -I 64 <<< "${content}")
|
||||||
echo "$titleClear"
|
echo "$titleClear"
|
||||||
|
echo "$contentClear"
|
||||||
echo "========="
|
echo "========="
|
||||||
((n++))
|
((n++))
|
||||||
done
|
done
|
||||||
|
|
||||||
|
|
25
sendmsg.sh
25
sendmsg.sh
|
@ -66,17 +66,15 @@ fi
|
||||||
[[ -z $(grep -Eo $REGEX_PUBKEYS <<<$issuer) ]] && echo "Le format de la clé publique de l'émetteur est invalide." && exit 1
|
[[ -z $(grep -Eo $REGEX_PUBKEYS <<<$issuer) ]] && echo "Le format de la clé publique de l'émetteur est invalide." && exit 1
|
||||||
|
|
||||||
# Récupération et chiffrement du titre et du message
|
# Récupération et chiffrement du titre et du message
|
||||||
title=$(head -n1 <<<$message | ./natools.py encrypt --pubsec -p $recipient -O 58)
|
nonce=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)
|
||||||
content=$(tail -n+2 <<<$message | ./natools.py encrypt --pubsec -p $recipient -O 58)
|
b58nonce=$(echo $nonce | base64 -d | base58)
|
||||||
|
title=$(head -n1 <<<$message | ./natools.py box-encrypt -n $nonce -f pubsec -k $dunikey -p $recipient -O 64)
|
||||||
# title="78FPlouMe63I49IzyNY1B2Uh6s8mBBoBZA=="
|
content=$(tail -n+2 <<<$message | ./natools.py box-encrypt -n $nonce -f pubsec -k $dunikey -p $recipient -O 64)
|
||||||
# content="78FPlouMe63I49IzyNY1B2Uh6s8mBBoBZA=="
|
|
||||||
|
|
||||||
times=$(date -u +'%s')
|
times=$(date -u +'%s')
|
||||||
nonce=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)
|
|
||||||
|
|
||||||
# Fabrication du hash
|
# Fabrication du hash
|
||||||
hashBrut="{\"issuer\":\"$issuer\",\"recipient\":\"$recipient\",\"title\":\"$title\",\"content\":\"$content\",\"time\":$times,\"nonce\":\"$nonce\",\"version\":2}"
|
hashBrut="{\"issuer\":\"$issuer\",\"recipient\":\"$recipient\",\"title\":\"$title\",\"content\":\"$content\",\"time\":$times,\"nonce\":\"$b58nonce\",\"version\":2}"
|
||||||
hash=$(echo -n "$hashBrut" | sha256sum | cut -d ' ' -f1 | awk '{ print toupper($0) }')
|
hash=$(echo -n "$hashBrut" | sha256sum | cut -d ' ' -f1 | awk '{ print toupper($0) }')
|
||||||
|
|
||||||
# Fabrication de la signature
|
# Fabrication de la signature
|
||||||
|
@ -88,14 +86,17 @@ jq . <<<$document
|
||||||
|
|
||||||
# Envoi du document
|
# Envoi du document
|
||||||
#curl -s -i -X OPTIONS "$pod/message/inbox?pubkey=$issuer" -d "pubkey=$issuer"
|
#curl -s -i -X OPTIONS "$pod/message/inbox?pubkey=$issuer" -d "pubkey=$issuer"
|
||||||
msgID=$(curl -s -X POST "$pod/message/inbox?pubkey=$issuer" -d "$document")
|
msgID=$(curl -s -X POST "$pod/message/inbox?pubkey=$recipient" -d "$document")
|
||||||
echo -e "\nMessage ID: $msgID"
|
echo -e "\nMessage ID: $msgID"
|
||||||
|
|
||||||
|
|
||||||
|
### Tests mode ###
|
||||||
|
|
||||||
# Delete the message 1 second later, just for test
|
# Delete the message 1 second later, just for test
|
||||||
sleep 1 && ./deletemsg.sh -id $msgID
|
#sleep 1 && ./deletemsg.sh -id $msgID
|
||||||
|
|
||||||
# To put the message in outbox too
|
# To put the message in outbox too
|
||||||
# curl -s -X POST "$pod/message/outbox?pubkey=$issuer" -d "$document"
|
#curl -s -X POST "$pod/message/outbox?pubkey=$issuer" -d "$document"
|
||||||
|
|
||||||
# To put the message as read
|
# To put the message as read, ad this at the end of document
|
||||||
# ,\"read_signature\":\"$signature\"
|
#,\"read_signature\":\"$signature\"
|
||||||
|
|
Loading…
Reference in New Issue