Now kraken-fetch.py has signatures both ways. Maybe adding ECDH to the messaging at some point.
This commit is contained in:
kalzu
parent
0454d945c1
commit
ae14376b13
|
|
@ -1,9 +1,10 @@
|
|||
#!/usr/bin/python3
|
||||
|
||||
import krakenex, math
|
||||
import json, sqlite3, rsa
|
||||
import json, sqlite3, binascii
|
||||
import requests, os, time
|
||||
import threading, ecdsa
|
||||
from Cryptodome.Cipher import AES
|
||||
from hashlib import sha256
|
||||
from flask import Flask, jsonify, request
|
||||
|
||||
|
|
@ -12,13 +13,16 @@ app = Flask(__name__)
|
|||
|
||||
## Add your public key here
|
||||
user_publickeys = {
|
||||
"kalzu": 'f1debc13fb21fe0eee54525aa4f8aae5733b201c755edaa55f8893c90aa375b261a62eaa3110651ac5d7705d402581256a37508b0a1ca28bd919ea44710d9c88'
|
||||
"user1": 'f1debc13fb21fe0eee54525aa4f8aae5733b201c755edaa55f8893c90aa375b261a62eaa3110651ac5d7705d402581256a37508b0a1ca28bd919ea44710d9c88'
|
||||
}
|
||||
|
||||
## Generate the RSA keys for this instance
|
||||
print("Generating RSA keys for this instance... just wait a bit...")
|
||||
(server_public_key, server_private_key) = rsa.newkeys(4096)
|
||||
server_public_key_string = server_public_key.save_pkcs1().decode('utf-8')
|
||||
## Generate the ECDSA keys for this instance
|
||||
print("Generating ECDSA keys for this instance... just wait a bit...")
|
||||
server_private_key = ecdsa.SigningKey.generate(curve=ecdsa.SECP256k1)
|
||||
server_public_key = server_private_key.get_verifying_key()
|
||||
# We need the hexadecimal form for sharing over http/json
|
||||
server_public_key_hex = binascii.hexlify(server_public_key.to_string()).decode('utf-8')
|
||||
|
||||
|
||||
database_lock = threading.Lock()
|
||||
|
||||
|
|
@ -248,6 +252,7 @@ def check_auth(text, signature):
|
|||
try:
|
||||
vk.verify(sig_bytes, bytes(text, 'utf-8'))
|
||||
print('user is', key)
|
||||
|
||||
return True
|
||||
except ecdsa.BadSignatureError:
|
||||
return False
|
||||
|
|
@ -284,24 +289,27 @@ def get_data():
|
|||
updated_data = {"shasum": data_shasum}
|
||||
updated_data.update(data)
|
||||
data = updated_data
|
||||
|
||||
# sign the response
|
||||
signature = server_private_key.sign(json.dumps(data).encode('utf-8'))
|
||||
signature_hex = binascii.hexlify(signature).decode('utf-8')
|
||||
data['signature'] = signature_hex
|
||||
|
||||
if query_pretty:
|
||||
response = json.dumps(data, indent=2, separators=(';\n', ' :'))
|
||||
else:
|
||||
response = json.dumps(data)
|
||||
|
||||
return response, 200, {'Content-Type': 'application/json'}
|
||||
|
||||
@app.route('/serverkey')
|
||||
def give_serverkey():
|
||||
|
||||
## This endpoint also under Authentication?
|
||||
signature = request.headers.get('auth')
|
||||
get_url = request.url
|
||||
if not check_auth(get_url, signature):
|
||||
return 'Access denied! Check your keys, maybe.', 403
|
||||
|
||||
return jsonify({'public_key': server_public_key_string})
|
||||
return jsonify({'public_key': server_public_key_hex})
|
||||
|
||||
if __name__ == '__main__':
|
||||
# Make sanity checks for the database
|
||||
|
|
|
|||
|
|
@ -0,0 +1,41 @@
|
|||
#!/usr/bin/python3
|
||||
import ecdsa
|
||||
from cryptography.fernet import Fernet
|
||||
|
||||
# Generate a signing key pair for the server
|
||||
server_signing_private_key = ecdsa.SigningKey.generate(curve=ecdsa.SECP256k1)
|
||||
server_signing_public_key = server_signing_private_key.get_verifying_key()
|
||||
|
||||
# Generate an encryption key pair for the server
|
||||
server_ecdh = ecdsa.ECDH(curve=ecdsa.SECP256k1)
|
||||
server_encryption_private_key = server_ecdh.generate_private_key()
|
||||
server_encryption_public_key = server_ecdh.public_key(server_encryption_private_key)
|
||||
|
||||
|
||||
# Generate a signing key pair for the client
|
||||
client_signing_private_key = ecdsa.SigningKey.generate(curve=ecdsa.SECP256k1)
|
||||
client_signing_public_key = client_signing_private_key.get_verifying_key()
|
||||
|
||||
# Generate an encryption key pair for the client
|
||||
client_ecdh = ecdsa.ECDH(curve=ecdsa.SECP256k1)
|
||||
client_encryption_private_key = client_ecdh.generate_private_key()
|
||||
client_encryption_public_key = client_encryption_private_key.public_key()
|
||||
|
||||
# Exchange public keys between the server and the client
|
||||
server_shared_secret = server_encryption_private_key.exchange(client_encryption_public_key)
|
||||
client_shared_secret = client_encryption_private_key.exchange(server_encryption_public_key)
|
||||
|
||||
# Use the shared secret to create a Fernet object for encrypting/decrypting messages
|
||||
server_fernet = Fernet(server_shared_secret)
|
||||
client_fernet = Fernet(client_shared_secret)
|
||||
|
||||
# Sign and encrypt a message from the server to the client
|
||||
message = "Hello, client!"
|
||||
signed_message = server_signing_private_key.sign(message.encode())
|
||||
encrypted_message = server_fernet.encrypt(signed_message)
|
||||
|
||||
# Verify and decrypt the message on the client side
|
||||
verified_message = client_signing_public_key.verify(encrypted_message, signed_message)
|
||||
decrypted_message = client_fernet.decrypt(verified_message)
|
||||
print(decrypted_message) # "Hello, client!"
|
||||
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
#!/usr/bin/python3
|
||||
|
||||
import ecdsa
|
||||
|
||||
ecdh = ecdsa.ECDH(curve=ecdsa.SECP256k1)
|
||||
private_key = ecdh.generate_private_key()
|
||||
|
||||
print(str(private_key))
|
||||
Loading…
Reference in New Issue