Browse Source

Added --no-encryption option. Disables local private key encryption.

pull/4/head
l-n-s 7 years ago
parent
commit
716aa44d2e
  1. 4
      pyseeder.py
  2. 18
      pyseeder/actions.py
  3. 12
      pyseeder/crypto.py
  4. 2
      pyseeder/su3file.py

4
pyseeder.py

@ -25,6 +25,8 @@ def main(): @@ -25,6 +25,8 @@ def main():
help="RSA private key (default: data/priv_key.pem)")
kg_parser.add_argument("--cert", default=None,
help="Certificate (example: data/user_at_mail.i2p.crt)")
kg_parser.add_argument("--no-encryption", action="store_true",
help="Disable private key encryption")
kg_parser.set_defaults(func=pyseeder.actions.keygen)
@ -44,6 +46,8 @@ echo $YOUR_PASSWORD | %(prog)s --netdb /path/to/netDb \\ @@ -44,6 +46,8 @@ echo $YOUR_PASSWORD | %(prog)s --netdb /path/to/netDb \\
help="Output file (default: output/i2pseeds.su3)")
rs_parser.add_argument("--netdb", required=True,
help="Path to netDb folder (example: ~/.i2pd/netDb)")
rs_parser.add_argument("--no-encryption", action="store_true",
help="Disable private key encryption")
rs_parser.set_defaults(func=pyseeder.actions.reseed)

18
pyseeder/actions.py

@ -11,9 +11,14 @@ def keygen(args): @@ -11,9 +11,14 @@ def keygen(args):
for f in [args.cert, args.private_key]: check_writable(f)
from pyseeder.crypto import keygen
from getpass import getpass
priv_key_password = getpass("Set private key password: ").encode("utf-8")
keygen(args.cert, args.private_key, priv_key_password, args.signer_id)
if args.no_encryption:
priv_key_password = None
else:
from getpass import getpass
priv_key_password = getpass("Set private key password: ").encode("utf-8")
keygen(args.cert, args.private_key, args.signer_id, priv_key_password)
def reseed(args):
"""Sub-command to generate reseed file"""
@ -21,7 +26,12 @@ def reseed(args): @@ -21,7 +26,12 @@ def reseed(args):
for f in [args.netdb, args.private_key]: check_readable(f)
from pyseeder.su3file import SU3File
priv_key_password = input().encode("utf-8")
if args.no_encryption:
priv_key_password = None
else:
priv_key_password = input().encode("utf-8")
su3file = SU3File(args.signer_id)
su3file.reseed(args.netdb)
su3file.write(args.outfile, args.private_key, priv_key_password)

12
pyseeder/crypto.py

@ -13,19 +13,23 @@ from cryptography.x509.oid import NameOID @@ -13,19 +13,23 @@ from cryptography.x509.oid import NameOID
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import padding
def keygen(pub_key, priv_key, priv_key_password, user_id):
def keygen(pub_key, priv_key, user_id, priv_key_password=None):
"""Generate new private key and certificate RSA_SHA512_4096"""
# Generate our key
key = rsa.generate_private_key(public_exponent=65537, key_size=4096,
backend=default_backend())
if priv_key_password:
ea = serialization.BestAvailableEncryption(priv_key_password)
else:
ea = serialization.NoEncryption()
# Write our key to disk for safe keeping
with open(priv_key, "wb") as f:
f.write(key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=serialization.BestAvailableEncryption(
priv_key_password),
encryption_algorithm=ea,
))
# Various details about who we are. For a self-signed certificate the
@ -57,7 +61,7 @@ def keygen(pub_key, priv_key, priv_key_password, user_id): @@ -57,7 +61,7 @@ def keygen(pub_key, priv_key, priv_key_password, user_id):
f.write(cert.public_bytes(serialization.Encoding.PEM))
def append_signature(target_file, priv_key, priv_key_password):
def append_signature(target_file, priv_key, priv_key_password=None):
"""Append signature to the end of file"""
with open(target_file, "rb") as f:
contents = f.read()

2
pyseeder/su3file.py

@ -25,7 +25,7 @@ class SU3File: @@ -25,7 +25,7 @@ class SU3File:
self.VERSION = str(int(time.time())).encode("utf-8")
#self.keytype = "RSA_SHA512_4096"
def write(self, filename, priv_key, priv_key_password):
def write(self, filename, priv_key, priv_key_password=None):
"""Write file to disc"""
nullbyte = bytes([0])
with open(filename, "wb") as f:

Loading…
Cancel
Save