mirror of
https://github.com/PurpleI2P/pyseeder
synced 2025-03-13 05:41:23 +00:00
Added --no-encryption option. Disables local private key encryption.
This commit is contained in:
parent
462bed826d
commit
716aa44d2e
@ -25,6 +25,8 @@ def main():
|
||||
help="RSA private key (default: data/priv_key.pem)")
|
||||
kg_parser.add_argument("--cert", default=None,
|
||||
help="Certificate (example: data/user_at_mail.i2p.crt)")
|
||||
kg_parser.add_argument("--no-encryption", action="store_true",
|
||||
help="Disable private key encryption")
|
||||
kg_parser.set_defaults(func=pyseeder.actions.keygen)
|
||||
|
||||
|
||||
@ -44,6 +46,8 @@ echo $YOUR_PASSWORD | %(prog)s --netdb /path/to/netDb \\
|
||||
help="Output file (default: output/i2pseeds.su3)")
|
||||
rs_parser.add_argument("--netdb", required=True,
|
||||
help="Path to netDb folder (example: ~/.i2pd/netDb)")
|
||||
rs_parser.add_argument("--no-encryption", action="store_true",
|
||||
help="Disable private key encryption")
|
||||
rs_parser.set_defaults(func=pyseeder.actions.reseed)
|
||||
|
||||
|
||||
|
@ -11,9 +11,14 @@ def keygen(args):
|
||||
for f in [args.cert, args.private_key]: check_writable(f)
|
||||
|
||||
from pyseeder.crypto import keygen
|
||||
from getpass import getpass
|
||||
priv_key_password = getpass("Set private key password: ").encode("utf-8")
|
||||
keygen(args.cert, args.private_key, priv_key_password, args.signer_id)
|
||||
|
||||
if args.no_encryption:
|
||||
priv_key_password = None
|
||||
else:
|
||||
from getpass import getpass
|
||||
priv_key_password = getpass("Set private key password: ").encode("utf-8")
|
||||
|
||||
keygen(args.cert, args.private_key, args.signer_id, priv_key_password)
|
||||
|
||||
def reseed(args):
|
||||
"""Sub-command to generate reseed file"""
|
||||
@ -21,7 +26,12 @@ def reseed(args):
|
||||
for f in [args.netdb, args.private_key]: check_readable(f)
|
||||
|
||||
from pyseeder.su3file import SU3File
|
||||
priv_key_password = input().encode("utf-8")
|
||||
|
||||
if args.no_encryption:
|
||||
priv_key_password = None
|
||||
else:
|
||||
priv_key_password = input().encode("utf-8")
|
||||
|
||||
su3file = SU3File(args.signer_id)
|
||||
su3file.reseed(args.netdb)
|
||||
su3file.write(args.outfile, args.private_key, priv_key_password)
|
||||
|
@ -13,19 +13,23 @@ from cryptography.x509.oid import NameOID
|
||||
from cryptography.hazmat.primitives import hashes
|
||||
from cryptography.hazmat.primitives.asymmetric import padding
|
||||
|
||||
def keygen(pub_key, priv_key, priv_key_password, user_id):
|
||||
def keygen(pub_key, priv_key, user_id, priv_key_password=None):
|
||||
"""Generate new private key and certificate RSA_SHA512_4096"""
|
||||
# Generate our key
|
||||
key = rsa.generate_private_key(public_exponent=65537, key_size=4096,
|
||||
backend=default_backend())
|
||||
|
||||
if priv_key_password:
|
||||
ea = serialization.BestAvailableEncryption(priv_key_password)
|
||||
else:
|
||||
ea = serialization.NoEncryption()
|
||||
|
||||
# Write our key to disk for safe keeping
|
||||
with open(priv_key, "wb") as f:
|
||||
f.write(key.private_bytes(
|
||||
encoding=serialization.Encoding.PEM,
|
||||
format=serialization.PrivateFormat.TraditionalOpenSSL,
|
||||
encryption_algorithm=serialization.BestAvailableEncryption(
|
||||
priv_key_password),
|
||||
encryption_algorithm=ea,
|
||||
))
|
||||
|
||||
# Various details about who we are. For a self-signed certificate the
|
||||
@ -57,7 +61,7 @@ def keygen(pub_key, priv_key, priv_key_password, user_id):
|
||||
f.write(cert.public_bytes(serialization.Encoding.PEM))
|
||||
|
||||
|
||||
def append_signature(target_file, priv_key, priv_key_password):
|
||||
def append_signature(target_file, priv_key, priv_key_password=None):
|
||||
"""Append signature to the end of file"""
|
||||
with open(target_file, "rb") as f:
|
||||
contents = f.read()
|
||||
|
@ -25,7 +25,7 @@ class SU3File:
|
||||
self.VERSION = str(int(time.time())).encode("utf-8")
|
||||
#self.keytype = "RSA_SHA512_4096"
|
||||
|
||||
def write(self, filename, priv_key, priv_key_password):
|
||||
def write(self, filename, priv_key, priv_key_password=None):
|
||||
"""Write file to disc"""
|
||||
nullbyte = bytes([0])
|
||||
with open(filename, "wb") as f:
|
||||
|
Loading…
x
Reference in New Issue
Block a user