-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathkey_monkey.py
executable file
·63 lines (53 loc) · 2.23 KB
/
key_monkey.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
#!/usr/bin/python3
import os, os.path, sys
import zmq
import zmq.auth
# KeyMonkey uses an OpenSSH-like key storage directory: ~/.curve/
#
# Your public key is stored in the ~/.curve/id_curve.key file.
# Your private key is stored in the ~/.curve/id_curve.key_secret file.
#
# Remote servers you want to connect to as a client will require the server's key to be in:
#
# ~/.curve/servername.key
#
# ...and you will need to specify "servername" in your setupClient call:
# self.async = key_monkey.setupClient(self.async, "tcp://127.0.0.1:5000", "servername")
#
# At this point, assuming the server has just done a similar call to setupServer(), you will
# be able to communicate with the remote server.
# It is also possible to improve security even further! To do this, you will need to set up
# an ZAP 'authenticator' thread on the server side, which will ensure that you will only allow
# connections from authorized clients. This is NOT set up by default.
#
# Clients that you want to authorize to connect to your server should have their public keys
# stored in:
#
# ~/.curve/authorized_clients/clientname.key
class KeyMonkey(object):
def __init__(self,myid="id_curve"):
self.myid = myid
self.curvedir = os.path.expanduser("~") + "/.curve"
self.public_key = self.curvedir + "/%s.key" % self.myid
self.private_key = self.curvedir + "/%s.key_secret" % self.myid
self.authorized_clients_dir = self.curvedir + "/authorized_clients"
def setupServer(self, server, endpoint):
try:
foo, bar = zmq.auth.load_certificate(self.private_key)
server.curve_publickey = foo
server.curve_secretkey = bar
except IOError:
print("Couldn't load private key: %s" % self.private_key)
return None
server.curve_server = True
print("Set up server listening on %s using curve key '%s'." % (endpoint, self.myid))
return server
def setupClient(self, client, endpoint, servername):
foo, bar = zmq.auth.load_certificate(self.private_key)
client.curve_publickey = foo
client.curve_secretkey = bar
foo, _ = zmq.auth.load_certificate(self.curvedir + "/" + servername + ".key" )
client.curve_serverkey = foo
print("Set up client connecting to %s (key '%s') using curve key '%s'." % (endpoint, servername, self.myid))
return client
# vim: ts=4 sw=4 noet