Now kraken-fetch.py has signatures both ways. Maybe adding ECDH to the messaging at some point.

This commit is contained in:
kalzu 2022-12-29 22:09:26 +02:00
parent 0454d945c1
commit ae14376b13
3 changed files with 66 additions and 9 deletions

View File

@ -1,9 +1,10 @@
#!/usr/bin/python3 #!/usr/bin/python3
import krakenex, math import krakenex, math
import json, sqlite3, rsa import json, sqlite3, binascii
import requests, os, time import requests, os, time
import threading, ecdsa import threading, ecdsa
from Cryptodome.Cipher import AES
from hashlib import sha256 from hashlib import sha256
from flask import Flask, jsonify, request from flask import Flask, jsonify, request
@ -12,13 +13,16 @@ app = Flask(__name__)
## Add your public key here ## Add your public key here
user_publickeys = { user_publickeys = {
"kalzu": 'f1debc13fb21fe0eee54525aa4f8aae5733b201c755edaa55f8893c90aa375b261a62eaa3110651ac5d7705d402581256a37508b0a1ca28bd919ea44710d9c88' "user1": 'f1debc13fb21fe0eee54525aa4f8aae5733b201c755edaa55f8893c90aa375b261a62eaa3110651ac5d7705d402581256a37508b0a1ca28bd919ea44710d9c88'
} }
## Generate the RSA keys for this instance ## Generate the ECDSA keys for this instance
print("Generating RSA keys for this instance... just wait a bit...") print("Generating ECDSA keys for this instance... just wait a bit...")
(server_public_key, server_private_key) = rsa.newkeys(4096) server_private_key = ecdsa.SigningKey.generate(curve=ecdsa.SECP256k1)
server_public_key_string = server_public_key.save_pkcs1().decode('utf-8') server_public_key = server_private_key.get_verifying_key()
# We need the hexadecimal form for sharing over http/json
server_public_key_hex = binascii.hexlify(server_public_key.to_string()).decode('utf-8')
database_lock = threading.Lock() database_lock = threading.Lock()
@ -248,6 +252,7 @@ def check_auth(text, signature):
try: try:
vk.verify(sig_bytes, bytes(text, 'utf-8')) vk.verify(sig_bytes, bytes(text, 'utf-8'))
print('user is', key) print('user is', key)
return True return True
except ecdsa.BadSignatureError: except ecdsa.BadSignatureError:
return False return False
@ -284,24 +289,27 @@ def get_data():
updated_data = {"shasum": data_shasum} updated_data = {"shasum": data_shasum}
updated_data.update(data) updated_data.update(data)
data = updated_data data = updated_data
# sign the response
signature = server_private_key.sign(json.dumps(data).encode('utf-8'))
signature_hex = binascii.hexlify(signature).decode('utf-8')
data['signature'] = signature_hex
if query_pretty: if query_pretty:
response = json.dumps(data, indent=2, separators=(';\n', ' :')) response = json.dumps(data, indent=2, separators=(';\n', ' :'))
else: else:
response = json.dumps(data) response = json.dumps(data)
return response, 200, {'Content-Type': 'application/json'} return response, 200, {'Content-Type': 'application/json'}
@app.route('/serverkey') @app.route('/serverkey')
def give_serverkey(): def give_serverkey():
## This endpoint also under Authentication? ## This endpoint also under Authentication?
signature = request.headers.get('auth') signature = request.headers.get('auth')
get_url = request.url get_url = request.url
if not check_auth(get_url, signature): if not check_auth(get_url, signature):
return 'Access denied! Check your keys, maybe.', 403 return 'Access denied! Check your keys, maybe.', 403
return jsonify({'public_key': server_public_key_string}) return jsonify({'public_key': server_public_key_hex})
if __name__ == '__main__': if __name__ == '__main__':
# Make sanity checks for the database # Make sanity checks for the database

41
letters/two-key-pairs.py Executable file
View File

@ -0,0 +1,41 @@
#!/usr/bin/python3
import ecdsa
from cryptography.fernet import Fernet
# Generate a signing key pair for the server
server_signing_private_key = ecdsa.SigningKey.generate(curve=ecdsa.SECP256k1)
server_signing_public_key = server_signing_private_key.get_verifying_key()
# Generate an encryption key pair for the server
server_ecdh = ecdsa.ECDH(curve=ecdsa.SECP256k1)
server_encryption_private_key = server_ecdh.generate_private_key()
server_encryption_public_key = server_ecdh.public_key(server_encryption_private_key)
# Generate a signing key pair for the client
client_signing_private_key = ecdsa.SigningKey.generate(curve=ecdsa.SECP256k1)
client_signing_public_key = client_signing_private_key.get_verifying_key()
# Generate an encryption key pair for the client
client_ecdh = ecdsa.ECDH(curve=ecdsa.SECP256k1)
client_encryption_private_key = client_ecdh.generate_private_key()
client_encryption_public_key = client_encryption_private_key.public_key()
# Exchange public keys between the server and the client
server_shared_secret = server_encryption_private_key.exchange(client_encryption_public_key)
client_shared_secret = client_encryption_private_key.exchange(server_encryption_public_key)
# Use the shared secret to create a Fernet object for encrypting/decrypting messages
server_fernet = Fernet(server_shared_secret)
client_fernet = Fernet(client_shared_secret)
# Sign and encrypt a message from the server to the client
message = "Hello, client!"
signed_message = server_signing_private_key.sign(message.encode())
encrypted_message = server_fernet.encrypt(signed_message)
# Verify and decrypt the message on the client side
verified_message = client_signing_public_key.verify(encrypted_message, signed_message)
decrypted_message = client_fernet.decrypt(verified_message)
print(decrypted_message) # "Hello, client!"

8
python3-ecdsa-ecdh-tests.py Executable file
View File

@ -0,0 +1,8 @@
#!/usr/bin/python3
import ecdsa
ecdh = ecdsa.ECDH(curve=ecdsa.SECP256k1)
private_key = ecdh.generate_private_key()
print(str(private_key))