This repository has been archived by the owner on May 13, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 119
/
Copy pathenc_wrapper.py
99 lines (79 loc) · 2.4 KB
/
enc_wrapper.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
from __future__ import absolute_import, print_function
# A wrapper for public key
# authenticated encryption
# using Diffie Hellman key
# exchange to set up a
# symmetric encryption.
import binascii
import base64
import string
import random
from libnacl import public
class NaclError(Exception):
pass
def init_keypair(fname=None):
"""Create a new encryption
keypair; stored in file fname
if provided. The keypair object
is returned.
"""
kp = public.SecretKey()
if fname:
# Note: handles correct file permissions
kp.save(fname)
return kp
# the next two functions are useful
# for exchaging pubkeys with counterparty
def get_pubkey(kp, as_hex=False):
"""Given a keypair object,
return its public key,
optionally in hex."""
if not isinstance(kp, public.SecretKey):
raise NaclError("Object is not a nacl keypair")
return kp.hex_pk() if as_hex else kp.pk
def init_pubkey(hexpk, fname=None):
"""Create a pubkey object from a
hex formatted string.
Save to file fname if specified.
"""
try:
bin_pk = binascii.unhexlify(hexpk)
except TypeError:
raise NaclError("Invalid hex")
if not len(bin_pk) == 32:
raise NaclError("Public key must be 32 bytes")
pk = public.PublicKey(binascii.unhexlify(hexpk))
if fname:
pk.save(fname)
return pk
def as_init_encryption(kp, c_pk):
"""Given an initialised
keypair kp and a counterparty
pubkey c_pk, create a Box
ready for encryption/decryption.
"""
if not isinstance(c_pk, public.PublicKey):
raise NaclError("Object is not a public key")
if not isinstance(kp, public.SecretKey):
raise NaclError("Object is not a nacl keypair")
return public.Box(kp.sk, c_pk)
'''
After initialisation, it's possible
to use the box object returned from
as_init_encryption to directly change
from plaintext to ciphertext:
ciphertext = box.encrypt(plaintext)
plaintext = box.decrypt(ciphertext)
Notes:
1. use binary format for ctext/ptext
2. Nonce is handled at the implementation layer.
'''
# TODO: Sign, verify. At the moment we are using
# bitcoin signatures so it isn't necessary.
# encoding for passing over the wire
def encrypt_encode(msg, box):
encrypted = box.encrypt(msg)
return base64.b64encode(encrypted)
def decode_decrypt(msg, box):
decoded = base64.b64decode(msg)
return box.decrypt(decoded)