Now kraken-fetch.py has signatures both ways. Maybe adding ECDH to the messaging at some point.

2022-12-29 22:09:26 +02:00
parent 0454d945c1
commit ae14376b13
3 changed files with 66 additions and 9 deletions
--- a/btc_tracker/kraken_fetch.py
+++ b/btc_tracker/kraken_fetch.py
@ -1,9 +1,10 @@
 #!/usr/bin/python3

 import krakenex, math
-import json, sqlite3, rsa
+import json, sqlite3, binascii
 import requests, os, time
 import threading, ecdsa
+from Cryptodome.Cipher import AES
 from hashlib import sha256
 from flask import Flask, jsonify, request

@ -12,13 +13,16 @@ app = Flask(__name__)

 ## Add your public key here
 user_publickeys = {
-        "kalzu": 'f1debc13fb21fe0eee54525aa4f8aae5733b201c755edaa55f8893c90aa375b261a62eaa3110651ac5d7705d402581256a37508b0a1ca28bd919ea44710d9c88'
+        "user1": 'f1debc13fb21fe0eee54525aa4f8aae5733b201c755edaa55f8893c90aa375b261a62eaa3110651ac5d7705d402581256a37508b0a1ca28bd919ea44710d9c88'
        }

-## Generate the RSA keys for this instance
-print("Generating RSA keys for this instance... just wait a bit...")
-(server_public_key, server_private_key) = rsa.newkeys(4096)
-server_public_key_string = server_public_key.save_pkcs1().decode('utf-8')
+## Generate the ECDSA keys for this instance
+print("Generating ECDSA keys for this instance... just wait a bit...")
+server_private_key = ecdsa.SigningKey.generate(curve=ecdsa.SECP256k1)
+server_public_key = server_private_key.get_verifying_key()
+# We need the hexadecimal form for sharing over http/json
+server_public_key_hex = binascii.hexlify(server_public_key.to_string()).decode('utf-8')
+

 database_lock = threading.Lock()

@ -248,6 +252,7 @@ def check_auth(text, signature):
    try:
      vk.verify(sig_bytes, bytes(text, 'utf-8'))
      print('user is', key)
+
      return True
    except ecdsa.BadSignatureError:
      return False
@ -284,24 +289,27 @@ def get_data():
  updated_data = {"shasum": data_shasum}
  updated_data.update(data)
  data = updated_data
+  
+  # sign the response
+  signature = server_private_key.sign(json.dumps(data).encode('utf-8'))
+  signature_hex = binascii.hexlify(signature).decode('utf-8')
+  data['signature'] = signature_hex

  if query_pretty:
      response = json.dumps(data, indent=2, separators=(';\n', ' :'))
  else:
    response = json.dumps(data)
-  
  return response, 200, {'Content-Type': 'application/json'}

@app.route('/serverkey')
 def give_serverkey():
-
  ## This endpoint also under Authentication?
  signature = request.headers.get('auth')
  get_url = request.url
  if not check_auth(get_url, signature):
    return 'Access denied! Check your keys, maybe.', 403

-  return jsonify({'public_key': server_public_key_string})
+  return jsonify({'public_key': server_public_key_hex})

 if __name__ == '__main__':
  # Make sanity checks for the database