Compare commits

..

2 Commits

4 changed files with 121 additions and 50 deletions

View File

@ -4,17 +4,26 @@ import krakenex, math
import json, sqlite3, binascii
import requests, os, time
import threading, ecdsa
from Cryptodome.Cipher import AES
from hashlib import sha256
from flask import Flask, request
from flask import Flask, jsonify, request
database = "btc_ohlc.db"
app = Flask(__name__)
## Add your public key here
user_publickeys = {
"kalzu": 'f1debc13fb21fe0eee54525aa4f8aae5733b201c755edaa55f8893c90aa375b261a62eaa3110651ac5d7705d402581256a37508b0a1ca28bd919ea44710d9c88'
"user1": 'f1debc13fb21fe0eee54525aa4f8aae5733b201c755edaa55f8893c90aa375b261a62eaa3110651ac5d7705d402581256a37508b0a1ca28bd919ea44710d9c88'
}
## Generate the ECDSA keys for this instance
print("Generating ECDSA keys for this instance... just wait a bit...")
server_private_key = ecdsa.SigningKey.generate(curve=ecdsa.SECP256k1)
server_public_key = server_private_key.get_verifying_key()
# We need the hexadecimal form for sharing over http/json
server_public_key_hex = binascii.hexlify(server_public_key.to_string()).decode('utf-8')
database_lock = threading.Lock()
# Empty response json
@ -232,21 +241,21 @@ def get_the_data():
time.sleep(290)
def check_auth(text, signature):
print(text)
print(signature)
## Make bytes-object from given signature
sig_bytes = bytes.fromhex(signature)
access_granted = 0
## We will iterate over all user keys to determ who is we are talking to and should they have access
for key, value in user_publickeys.items():
## What f*ck even is this?
vk = ecdsa.VerifyingKey.from_string(sig_bytes.fromhex(value), curve=ecdsa.SECP256k1)
if vk.verify(sig_bytes, text):
## Create bytes-object from the public in 'value' variable
## and use it to create VerifyingKey (vk)
public_key_bytes = bytes.fromhex(value)
vk = ecdsa.VerifyingKey.from_string(public_key_bytes, curve=ecdsa.SECP256k1)
try:
vk.verify(sig_bytes, bytes(text, 'utf-8'))
print('user is', key)
access_granted = 1
if access_granted != 0:
return True
else:
return False
return True
except ecdsa.BadSignatureError:
return False
@app.route('/')
def get_data():
@ -259,7 +268,7 @@ def get_data():
signature = request.headers.get('auth')
get_url = request.url
if not check_auth(get_url, signature):
return 'Error with Authentication', 403
return 'Access denied! Check your keys, maybe.', 403
database_lock.acquire()
db = sqlite3.connect(database)
@ -281,13 +290,27 @@ def get_data():
updated_data.update(data)
data = updated_data
# sign the response
signature = server_private_key.sign(json.dumps(data).encode('utf-8'))
signature_hex = binascii.hexlify(signature).decode('utf-8')
data['signature'] = signature_hex
if query_pretty:
response = json.dumps(data, indent=2, separators=(';\n', ' :'))
else:
response = json.dumps(data)
return response, 200, {'Content-Type': 'application/json'}
@app.route('/serverkey')
def give_serverkey():
## This endpoint also under Authentication?
signature = request.headers.get('auth')
get_url = request.url
if not check_auth(get_url, signature):
return 'Access denied! Check your keys, maybe.', 403
return jsonify({'public_key': server_public_key_hex})
if __name__ == '__main__':
# Make sanity checks for the database
Checkthedatabase()

View File

@ -4,57 +4,56 @@ import requests
from hashlib import sha256
import ecdsa
private_key = '03486537091ceb021fb313e5cf3eb04d44ca2f19f72112a1'
# we need to send server:
# the question: domain.tld/get/<id>
# the checksum: ?sum=sha256
# the signed data: header 'auth'
id = 123
url = 'localhost:5000/get/'
url_id = url + str(id)
sum = sha256(url_id.encode('ascii')).hexdigest()
reg_url = 'http://' + url_id + '?sum=' + sum
unsigned_data = url_id + '?' + 'sum=' + sum
#private_key = '03486537091ceb021fb313e5cf3eb04d44ca2f19f72112a1'
private_key = '039e1c137aa296d7af0cd55b468018ad1020949c2731e5141d032b8371490f48'
# Generate SK from the private key
private_key_int = int(private_key, 16)
sk = ecdsa.SigningKey.from_secret_exponent(private_key_int, curve=ecdsa.SECP256k1)
## Get the server public key
url = 'http://localhost:5000/serverkey'
# sign the message
signature = sk.sign(unsigned_data.encode('utf-8'))
signature = sk.sign(url.encode('utf-8'))
signature_hex = signature.hex()
print('we signed: ', unsigned_data)
print('We will send:')
print('to: ', reg_url)
print('sum: ', sum)
print('auth: ', signature_hex)
print('------------------------')
response = requests.get(reg_url, headers={"auth":signature_hex})
response = requests.get(url, headers={"auth":signature_hex})
print('>>> ', response.status_code)
print('>>> ', response.content)
#ecdsa_public_key = '8716c78c09a4e4571a3112eca1c7ddce41289e20da446894b621f2a11ba91bc963f2e9fb9ddd5552c26faf814bc582b4'
ecdsa_public_key = '068716c78c09a4e4571a3112eca1c7ddce41289e20da446894b621f2a11ba91bc963f2e9fb9ddd5552c26faf814bc582b4'
bytes_public_key = bytes.fromhex(ecdsa_public_key)
bytes_signed_data = signature_hex.encode('utf-8')
vk = ecdsa.VerifyingKey.from_string(bytes_public_key, curve=ecdsa.SECP256k1)
if vk.verify(signature_hex, unsigned_data):
response = "YES"
else:
response = "NO"
## Get some kline data from the server
url = 'http://localhost:5000/?t=1672259440'
# sign the message
signature = sk.sign(url.encode('utf-8'))
signature_hex = signature.hex()
print('we signed: ', url)
print('We will send:')
print('to: ', url)
print('auth: ', signature_hex)
print('------------------------')
response = requests.get(url, headers={"auth":signature_hex})
print('>>> ', response.status_code)
print('>>> ', response.content)
##
##bytes_public_key = bytes.fromhex(ecdsa_public_key)
##
##bytes_signed_data = signature_hex.encode('utf-8')
##
##
##vk = ecdsa.VerifyingKey.from_string(bytes_public_key, curve=ecdsa.SECP256k1)
##
##if vk.verify(signature_hex, unsigned_data):
## response = "YES"
##else:
## response = "NO"
##
##
exit(0)

41
letters/two-key-pairs.py Executable file
View File

@ -0,0 +1,41 @@
#!/usr/bin/python3
import ecdsa
from cryptography.fernet import Fernet
# Generate a signing key pair for the server
server_signing_private_key = ecdsa.SigningKey.generate(curve=ecdsa.SECP256k1)
server_signing_public_key = server_signing_private_key.get_verifying_key()
# Generate an encryption key pair for the server
server_ecdh = ecdsa.ECDH(curve=ecdsa.SECP256k1)
server_encryption_private_key = server_ecdh.generate_private_key()
server_encryption_public_key = server_ecdh.public_key(server_encryption_private_key)
# Generate a signing key pair for the client
client_signing_private_key = ecdsa.SigningKey.generate(curve=ecdsa.SECP256k1)
client_signing_public_key = client_signing_private_key.get_verifying_key()
# Generate an encryption key pair for the client
client_ecdh = ecdsa.ECDH(curve=ecdsa.SECP256k1)
client_encryption_private_key = client_ecdh.generate_private_key()
client_encryption_public_key = client_encryption_private_key.public_key()
# Exchange public keys between the server and the client
server_shared_secret = server_encryption_private_key.exchange(client_encryption_public_key)
client_shared_secret = client_encryption_private_key.exchange(server_encryption_public_key)
# Use the shared secret to create a Fernet object for encrypting/decrypting messages
server_fernet = Fernet(server_shared_secret)
client_fernet = Fernet(client_shared_secret)
# Sign and encrypt a message from the server to the client
message = "Hello, client!"
signed_message = server_signing_private_key.sign(message.encode())
encrypted_message = server_fernet.encrypt(signed_message)
# Verify and decrypt the message on the client side
verified_message = client_signing_public_key.verify(encrypted_message, signed_message)
decrypted_message = client_fernet.decrypt(verified_message)
print(decrypted_message) # "Hello, client!"

8
python3-ecdsa-ecdh-tests.py Executable file
View File

@ -0,0 +1,8 @@
#!/usr/bin/python3
import ecdsa
ecdh = ecdsa.ECDH(curve=ecdsa.SECP256k1)
private_key = ecdh.generate_private_key()
print(str(private_key))