Now kraken-fetch.py has signatures both ways. Maybe adding ECDH to the messaging at some point.

This commit is contained in:
kalzu 2022-12-29 22:09:26 +02:00
parent 0454d945c1
commit ae14376b13
3 changed files with 66 additions and 9 deletions

View File

@ -1,9 +1,10 @@
#!/usr/bin/python3
import krakenex, math
import json, sqlite3, rsa
import json, sqlite3, binascii
import requests, os, time
import threading, ecdsa
from Cryptodome.Cipher import AES
from hashlib import sha256
from flask import Flask, jsonify, request
@ -12,13 +13,16 @@ app = Flask(__name__)
## Add your public key here
user_publickeys = {
"kalzu": 'f1debc13fb21fe0eee54525aa4f8aae5733b201c755edaa55f8893c90aa375b261a62eaa3110651ac5d7705d402581256a37508b0a1ca28bd919ea44710d9c88'
"user1": 'f1debc13fb21fe0eee54525aa4f8aae5733b201c755edaa55f8893c90aa375b261a62eaa3110651ac5d7705d402581256a37508b0a1ca28bd919ea44710d9c88'
}
## Generate the RSA keys for this instance
print("Generating RSA keys for this instance... just wait a bit...")
(server_public_key, server_private_key) = rsa.newkeys(4096)
server_public_key_string = server_public_key.save_pkcs1().decode('utf-8')
## Generate the ECDSA keys for this instance
print("Generating ECDSA keys for this instance... just wait a bit...")
server_private_key = ecdsa.SigningKey.generate(curve=ecdsa.SECP256k1)
server_public_key = server_private_key.get_verifying_key()
# We need the hexadecimal form for sharing over http/json
server_public_key_hex = binascii.hexlify(server_public_key.to_string()).decode('utf-8')
database_lock = threading.Lock()
@ -248,6 +252,7 @@ def check_auth(text, signature):
try:
vk.verify(sig_bytes, bytes(text, 'utf-8'))
print('user is', key)
return True
except ecdsa.BadSignatureError:
return False
@ -284,24 +289,27 @@ def get_data():
updated_data = {"shasum": data_shasum}
updated_data.update(data)
data = updated_data
# sign the response
signature = server_private_key.sign(json.dumps(data).encode('utf-8'))
signature_hex = binascii.hexlify(signature).decode('utf-8')
data['signature'] = signature_hex
if query_pretty:
response = json.dumps(data, indent=2, separators=(';\n', ' :'))
else:
response = json.dumps(data)
return response, 200, {'Content-Type': 'application/json'}
@app.route('/serverkey')
def give_serverkey():
## This endpoint also under Authentication?
signature = request.headers.get('auth')
get_url = request.url
if not check_auth(get_url, signature):
return 'Access denied! Check your keys, maybe.', 403
return jsonify({'public_key': server_public_key_string})
return jsonify({'public_key': server_public_key_hex})
if __name__ == '__main__':
# Make sanity checks for the database

41
letters/two-key-pairs.py Executable file
View File

@ -0,0 +1,41 @@
#!/usr/bin/python3
import ecdsa
from cryptography.fernet import Fernet
# Generate a signing key pair for the server
server_signing_private_key = ecdsa.SigningKey.generate(curve=ecdsa.SECP256k1)
server_signing_public_key = server_signing_private_key.get_verifying_key()
# Generate an encryption key pair for the server
server_ecdh = ecdsa.ECDH(curve=ecdsa.SECP256k1)
server_encryption_private_key = server_ecdh.generate_private_key()
server_encryption_public_key = server_ecdh.public_key(server_encryption_private_key)
# Generate a signing key pair for the client
client_signing_private_key = ecdsa.SigningKey.generate(curve=ecdsa.SECP256k1)
client_signing_public_key = client_signing_private_key.get_verifying_key()
# Generate an encryption key pair for the client
client_ecdh = ecdsa.ECDH(curve=ecdsa.SECP256k1)
client_encryption_private_key = client_ecdh.generate_private_key()
client_encryption_public_key = client_encryption_private_key.public_key()
# Exchange public keys between the server and the client
server_shared_secret = server_encryption_private_key.exchange(client_encryption_public_key)
client_shared_secret = client_encryption_private_key.exchange(server_encryption_public_key)
# Use the shared secret to create a Fernet object for encrypting/decrypting messages
server_fernet = Fernet(server_shared_secret)
client_fernet = Fernet(client_shared_secret)
# Sign and encrypt a message from the server to the client
message = "Hello, client!"
signed_message = server_signing_private_key.sign(message.encode())
encrypted_message = server_fernet.encrypt(signed_message)
# Verify and decrypt the message on the client side
verified_message = client_signing_public_key.verify(encrypted_message, signed_message)
decrypted_message = client_fernet.decrypt(verified_message)
print(decrypted_message) # "Hello, client!"

8
python3-ecdsa-ecdh-tests.py Executable file
View File

@ -0,0 +1,8 @@
#!/usr/bin/python3
import ecdsa
ecdh = ecdsa.ECDH(curve=ecdsa.SECP256k1)
private_key = ecdh.generate_private_key()
print(str(private_key))