Compare commits
2 Commits
ab3327464c
...
ae14376b13
Author | SHA1 | Date | |
---|---|---|---|
|
ae14376b13 | ||
|
0454d945c1 |
@ -4,17 +4,26 @@ import krakenex, math
|
|||||||
import json, sqlite3, binascii
|
import json, sqlite3, binascii
|
||||||
import requests, os, time
|
import requests, os, time
|
||||||
import threading, ecdsa
|
import threading, ecdsa
|
||||||
|
from Cryptodome.Cipher import AES
|
||||||
from hashlib import sha256
|
from hashlib import sha256
|
||||||
from flask import Flask, request
|
from flask import Flask, jsonify, request
|
||||||
|
|
||||||
database = "btc_ohlc.db"
|
database = "btc_ohlc.db"
|
||||||
app = Flask(__name__)
|
app = Flask(__name__)
|
||||||
|
|
||||||
## Add your public key here
|
## Add your public key here
|
||||||
user_publickeys = {
|
user_publickeys = {
|
||||||
"kalzu": 'f1debc13fb21fe0eee54525aa4f8aae5733b201c755edaa55f8893c90aa375b261a62eaa3110651ac5d7705d402581256a37508b0a1ca28bd919ea44710d9c88'
|
"user1": 'f1debc13fb21fe0eee54525aa4f8aae5733b201c755edaa55f8893c90aa375b261a62eaa3110651ac5d7705d402581256a37508b0a1ca28bd919ea44710d9c88'
|
||||||
}
|
}
|
||||||
|
|
||||||
|
## Generate the ECDSA keys for this instance
|
||||||
|
print("Generating ECDSA keys for this instance... just wait a bit...")
|
||||||
|
server_private_key = ecdsa.SigningKey.generate(curve=ecdsa.SECP256k1)
|
||||||
|
server_public_key = server_private_key.get_verifying_key()
|
||||||
|
# We need the hexadecimal form for sharing over http/json
|
||||||
|
server_public_key_hex = binascii.hexlify(server_public_key.to_string()).decode('utf-8')
|
||||||
|
|
||||||
|
|
||||||
database_lock = threading.Lock()
|
database_lock = threading.Lock()
|
||||||
|
|
||||||
# Empty response json
|
# Empty response json
|
||||||
@ -232,21 +241,21 @@ def get_the_data():
|
|||||||
time.sleep(290)
|
time.sleep(290)
|
||||||
|
|
||||||
def check_auth(text, signature):
|
def check_auth(text, signature):
|
||||||
print(text)
|
## Make bytes-object from given signature
|
||||||
print(signature)
|
|
||||||
sig_bytes = bytes.fromhex(signature)
|
sig_bytes = bytes.fromhex(signature)
|
||||||
access_granted = 0
|
|
||||||
## We will iterate over all user keys to determ who is we are talking to and should they have access
|
## We will iterate over all user keys to determ who is we are talking to and should they have access
|
||||||
for key, value in user_publickeys.items():
|
for key, value in user_publickeys.items():
|
||||||
## What f*ck even is this?
|
## Create bytes-object from the public in 'value' variable
|
||||||
vk = ecdsa.VerifyingKey.from_string(sig_bytes.fromhex(value), curve=ecdsa.SECP256k1)
|
## and use it to create VerifyingKey (vk)
|
||||||
if vk.verify(sig_bytes, text):
|
public_key_bytes = bytes.fromhex(value)
|
||||||
|
vk = ecdsa.VerifyingKey.from_string(public_key_bytes, curve=ecdsa.SECP256k1)
|
||||||
|
try:
|
||||||
|
vk.verify(sig_bytes, bytes(text, 'utf-8'))
|
||||||
print('user is', key)
|
print('user is', key)
|
||||||
access_granted = 1
|
|
||||||
if access_granted != 0:
|
return True
|
||||||
return True
|
except ecdsa.BadSignatureError:
|
||||||
else:
|
return False
|
||||||
return False
|
|
||||||
|
|
||||||
@app.route('/')
|
@app.route('/')
|
||||||
def get_data():
|
def get_data():
|
||||||
@ -259,7 +268,7 @@ def get_data():
|
|||||||
signature = request.headers.get('auth')
|
signature = request.headers.get('auth')
|
||||||
get_url = request.url
|
get_url = request.url
|
||||||
if not check_auth(get_url, signature):
|
if not check_auth(get_url, signature):
|
||||||
return 'Error with Authentication', 403
|
return 'Access denied! Check your keys, maybe.', 403
|
||||||
|
|
||||||
database_lock.acquire()
|
database_lock.acquire()
|
||||||
db = sqlite3.connect(database)
|
db = sqlite3.connect(database)
|
||||||
@ -281,13 +290,27 @@ def get_data():
|
|||||||
updated_data.update(data)
|
updated_data.update(data)
|
||||||
data = updated_data
|
data = updated_data
|
||||||
|
|
||||||
|
# sign the response
|
||||||
|
signature = server_private_key.sign(json.dumps(data).encode('utf-8'))
|
||||||
|
signature_hex = binascii.hexlify(signature).decode('utf-8')
|
||||||
|
data['signature'] = signature_hex
|
||||||
|
|
||||||
if query_pretty:
|
if query_pretty:
|
||||||
response = json.dumps(data, indent=2, separators=(';\n', ' :'))
|
response = json.dumps(data, indent=2, separators=(';\n', ' :'))
|
||||||
else:
|
else:
|
||||||
response = json.dumps(data)
|
response = json.dumps(data)
|
||||||
|
|
||||||
return response, 200, {'Content-Type': 'application/json'}
|
return response, 200, {'Content-Type': 'application/json'}
|
||||||
|
|
||||||
|
@app.route('/serverkey')
|
||||||
|
def give_serverkey():
|
||||||
|
## This endpoint also under Authentication?
|
||||||
|
signature = request.headers.get('auth')
|
||||||
|
get_url = request.url
|
||||||
|
if not check_auth(get_url, signature):
|
||||||
|
return 'Access denied! Check your keys, maybe.', 403
|
||||||
|
|
||||||
|
return jsonify({'public_key': server_public_key_hex})
|
||||||
|
|
||||||
if __name__ == '__main__':
|
if __name__ == '__main__':
|
||||||
# Make sanity checks for the database
|
# Make sanity checks for the database
|
||||||
Checkthedatabase()
|
Checkthedatabase()
|
||||||
|
@ -4,57 +4,56 @@ import requests
|
|||||||
from hashlib import sha256
|
from hashlib import sha256
|
||||||
import ecdsa
|
import ecdsa
|
||||||
|
|
||||||
private_key = '03486537091ceb021fb313e5cf3eb04d44ca2f19f72112a1'
|
#private_key = '03486537091ceb021fb313e5cf3eb04d44ca2f19f72112a1'
|
||||||
# we need to send server:
|
private_key = '039e1c137aa296d7af0cd55b468018ad1020949c2731e5141d032b8371490f48'
|
||||||
# the question: domain.tld/get/<id>
|
|
||||||
# the checksum: ?sum=sha256
|
|
||||||
# the signed data: header 'auth'
|
|
||||||
|
|
||||||
id = 123
|
|
||||||
url = 'localhost:5000/get/'
|
|
||||||
url_id = url + str(id)
|
|
||||||
sum = sha256(url_id.encode('ascii')).hexdigest()
|
|
||||||
reg_url = 'http://' + url_id + '?sum=' + sum
|
|
||||||
|
|
||||||
unsigned_data = url_id + '?' + 'sum=' + sum
|
|
||||||
|
|
||||||
# Generate SK from the private key
|
# Generate SK from the private key
|
||||||
private_key_int = int(private_key, 16)
|
private_key_int = int(private_key, 16)
|
||||||
sk = ecdsa.SigningKey.from_secret_exponent(private_key_int, curve=ecdsa.SECP256k1)
|
sk = ecdsa.SigningKey.from_secret_exponent(private_key_int, curve=ecdsa.SECP256k1)
|
||||||
|
|
||||||
|
## Get the server public key
|
||||||
|
url = 'http://localhost:5000/serverkey'
|
||||||
|
|
||||||
# sign the message
|
# sign the message
|
||||||
signature = sk.sign(unsigned_data.encode('utf-8'))
|
signature = sk.sign(url.encode('utf-8'))
|
||||||
signature_hex = signature.hex()
|
signature_hex = signature.hex()
|
||||||
|
|
||||||
print('we signed: ', unsigned_data)
|
response = requests.get(url, headers={"auth":signature_hex})
|
||||||
print('We will send:')
|
|
||||||
print('to: ', reg_url)
|
|
||||||
print('sum: ', sum)
|
|
||||||
print('auth: ', signature_hex)
|
|
||||||
print('------------------------')
|
|
||||||
|
|
||||||
response = requests.get(reg_url, headers={"auth":signature_hex})
|
|
||||||
print('>>> ', response.status_code)
|
print('>>> ', response.status_code)
|
||||||
print('>>> ', response.content)
|
print('>>> ', response.content)
|
||||||
|
|
||||||
#ecdsa_public_key = '8716c78c09a4e4571a3112eca1c7ddce41289e20da446894b621f2a11ba91bc963f2e9fb9ddd5552c26faf814bc582b4'
|
|
||||||
ecdsa_public_key = '068716c78c09a4e4571a3112eca1c7ddce41289e20da446894b621f2a11ba91bc963f2e9fb9ddd5552c26faf814bc582b4'
|
|
||||||
|
|
||||||
bytes_public_key = bytes.fromhex(ecdsa_public_key)
|
|
||||||
|
|
||||||
bytes_signed_data = signature_hex.encode('utf-8')
|
|
||||||
|
|
||||||
|
|
||||||
vk = ecdsa.VerifyingKey.from_string(bytes_public_key, curve=ecdsa.SECP256k1)
|
## Get some kline data from the server
|
||||||
|
url = 'http://localhost:5000/?t=1672259440'
|
||||||
if vk.verify(signature_hex, unsigned_data):
|
|
||||||
response = "YES"
|
|
||||||
else:
|
|
||||||
response = "NO"
|
|
||||||
|
|
||||||
|
|
||||||
|
# sign the message
|
||||||
|
signature = sk.sign(url.encode('utf-8'))
|
||||||
|
signature_hex = signature.hex()
|
||||||
|
|
||||||
|
print('we signed: ', url)
|
||||||
|
print('We will send:')
|
||||||
|
print('to: ', url)
|
||||||
|
print('auth: ', signature_hex)
|
||||||
|
print('------------------------')
|
||||||
|
|
||||||
|
response = requests.get(url, headers={"auth":signature_hex})
|
||||||
|
print('>>> ', response.status_code)
|
||||||
|
print('>>> ', response.content)
|
||||||
|
|
||||||
|
##
|
||||||
|
##bytes_public_key = bytes.fromhex(ecdsa_public_key)
|
||||||
|
##
|
||||||
|
##bytes_signed_data = signature_hex.encode('utf-8')
|
||||||
|
##
|
||||||
|
##
|
||||||
|
##vk = ecdsa.VerifyingKey.from_string(bytes_public_key, curve=ecdsa.SECP256k1)
|
||||||
|
##
|
||||||
|
##if vk.verify(signature_hex, unsigned_data):
|
||||||
|
## response = "YES"
|
||||||
|
##else:
|
||||||
|
## response = "NO"
|
||||||
|
##
|
||||||
|
##
|
||||||
|
|
||||||
exit(0)
|
exit(0)
|
||||||
|
41
letters/two-key-pairs.py
Executable file
41
letters/two-key-pairs.py
Executable file
@ -0,0 +1,41 @@
|
|||||||
|
#!/usr/bin/python3
|
||||||
|
import ecdsa
|
||||||
|
from cryptography.fernet import Fernet
|
||||||
|
|
||||||
|
# Generate a signing key pair for the server
|
||||||
|
server_signing_private_key = ecdsa.SigningKey.generate(curve=ecdsa.SECP256k1)
|
||||||
|
server_signing_public_key = server_signing_private_key.get_verifying_key()
|
||||||
|
|
||||||
|
# Generate an encryption key pair for the server
|
||||||
|
server_ecdh = ecdsa.ECDH(curve=ecdsa.SECP256k1)
|
||||||
|
server_encryption_private_key = server_ecdh.generate_private_key()
|
||||||
|
server_encryption_public_key = server_ecdh.public_key(server_encryption_private_key)
|
||||||
|
|
||||||
|
|
||||||
|
# Generate a signing key pair for the client
|
||||||
|
client_signing_private_key = ecdsa.SigningKey.generate(curve=ecdsa.SECP256k1)
|
||||||
|
client_signing_public_key = client_signing_private_key.get_verifying_key()
|
||||||
|
|
||||||
|
# Generate an encryption key pair for the client
|
||||||
|
client_ecdh = ecdsa.ECDH(curve=ecdsa.SECP256k1)
|
||||||
|
client_encryption_private_key = client_ecdh.generate_private_key()
|
||||||
|
client_encryption_public_key = client_encryption_private_key.public_key()
|
||||||
|
|
||||||
|
# Exchange public keys between the server and the client
|
||||||
|
server_shared_secret = server_encryption_private_key.exchange(client_encryption_public_key)
|
||||||
|
client_shared_secret = client_encryption_private_key.exchange(server_encryption_public_key)
|
||||||
|
|
||||||
|
# Use the shared secret to create a Fernet object for encrypting/decrypting messages
|
||||||
|
server_fernet = Fernet(server_shared_secret)
|
||||||
|
client_fernet = Fernet(client_shared_secret)
|
||||||
|
|
||||||
|
# Sign and encrypt a message from the server to the client
|
||||||
|
message = "Hello, client!"
|
||||||
|
signed_message = server_signing_private_key.sign(message.encode())
|
||||||
|
encrypted_message = server_fernet.encrypt(signed_message)
|
||||||
|
|
||||||
|
# Verify and decrypt the message on the client side
|
||||||
|
verified_message = client_signing_public_key.verify(encrypted_message, signed_message)
|
||||||
|
decrypted_message = client_fernet.decrypt(verified_message)
|
||||||
|
print(decrypted_message) # "Hello, client!"
|
||||||
|
|
8
python3-ecdsa-ecdh-tests.py
Executable file
8
python3-ecdsa-ecdh-tests.py
Executable file
@ -0,0 +1,8 @@
|
|||||||
|
#!/usr/bin/python3
|
||||||
|
|
||||||
|
import ecdsa
|
||||||
|
|
||||||
|
ecdh = ecdsa.ECDH(curve=ecdsa.SECP256k1)
|
||||||
|
private_key = ecdh.generate_private_key()
|
||||||
|
|
||||||
|
print(str(private_key))
|
Loading…
Reference in New Issue
Block a user