From 716aa44d2eccde4b2762b6991e3d04ec7ab0549e Mon Sep 17 00:00:00 2001 From: l-n-s Date: Sun, 25 Jun 2017 07:08:46 -0400 Subject: [PATCH] Added --no-encryption option. Disables local private key encryption. --- pyseeder.py | 4 ++++ pyseeder/actions.py | 18 ++++++++++++++---- pyseeder/crypto.py | 12 ++++++++---- pyseeder/su3file.py | 2 +- 4 files changed, 27 insertions(+), 9 deletions(-) diff --git a/pyseeder.py b/pyseeder.py index bc9a3e1..f5b526b 100755 --- a/pyseeder.py +++ b/pyseeder.py @@ -25,6 +25,8 @@ def main(): help="RSA private key (default: data/priv_key.pem)") kg_parser.add_argument("--cert", default=None, help="Certificate (example: data/user_at_mail.i2p.crt)") + kg_parser.add_argument("--no-encryption", action="store_true", + help="Disable private key encryption") kg_parser.set_defaults(func=pyseeder.actions.keygen) @@ -44,6 +46,8 @@ echo $YOUR_PASSWORD | %(prog)s --netdb /path/to/netDb \\ help="Output file (default: output/i2pseeds.su3)") rs_parser.add_argument("--netdb", required=True, help="Path to netDb folder (example: ~/.i2pd/netDb)") + rs_parser.add_argument("--no-encryption", action="store_true", + help="Disable private key encryption") rs_parser.set_defaults(func=pyseeder.actions.reseed) diff --git a/pyseeder/actions.py b/pyseeder/actions.py index b87f935..c3ab90a 100644 --- a/pyseeder/actions.py +++ b/pyseeder/actions.py @@ -11,9 +11,14 @@ def keygen(args): for f in [args.cert, args.private_key]: check_writable(f) from pyseeder.crypto import keygen - from getpass import getpass - priv_key_password = getpass("Set private key password: ").encode("utf-8") - keygen(args.cert, args.private_key, priv_key_password, args.signer_id) + + if args.no_encryption: + priv_key_password = None + else: + from getpass import getpass + priv_key_password = getpass("Set private key password: ").encode("utf-8") + + keygen(args.cert, args.private_key, args.signer_id, priv_key_password) def reseed(args): """Sub-command to generate reseed file""" @@ -21,7 +26,12 @@ def reseed(args): for f in [args.netdb, args.private_key]: check_readable(f) from pyseeder.su3file import SU3File - priv_key_password = input().encode("utf-8") + + if args.no_encryption: + priv_key_password = None + else: + priv_key_password = input().encode("utf-8") + su3file = SU3File(args.signer_id) su3file.reseed(args.netdb) su3file.write(args.outfile, args.private_key, priv_key_password) diff --git a/pyseeder/crypto.py b/pyseeder/crypto.py index 3a9e8eb..c544ac2 100644 --- a/pyseeder/crypto.py +++ b/pyseeder/crypto.py @@ -13,19 +13,23 @@ from cryptography.x509.oid import NameOID from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives.asymmetric import padding -def keygen(pub_key, priv_key, priv_key_password, user_id): +def keygen(pub_key, priv_key, user_id, priv_key_password=None): """Generate new private key and certificate RSA_SHA512_4096""" # Generate our key key = rsa.generate_private_key(public_exponent=65537, key_size=4096, backend=default_backend()) + if priv_key_password: + ea = serialization.BestAvailableEncryption(priv_key_password) + else: + ea = serialization.NoEncryption() + # Write our key to disk for safe keeping with open(priv_key, "wb") as f: f.write(key.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.TraditionalOpenSSL, - encryption_algorithm=serialization.BestAvailableEncryption( - priv_key_password), + encryption_algorithm=ea, )) # Various details about who we are. For a self-signed certificate the @@ -57,7 +61,7 @@ def keygen(pub_key, priv_key, priv_key_password, user_id): f.write(cert.public_bytes(serialization.Encoding.PEM)) -def append_signature(target_file, priv_key, priv_key_password): +def append_signature(target_file, priv_key, priv_key_password=None): """Append signature to the end of file""" with open(target_file, "rb") as f: contents = f.read() diff --git a/pyseeder/su3file.py b/pyseeder/su3file.py index af57847..95694f6 100644 --- a/pyseeder/su3file.py +++ b/pyseeder/su3file.py @@ -25,7 +25,7 @@ class SU3File: self.VERSION = str(int(time.time())).encode("utf-8") #self.keytype = "RSA_SHA512_4096" - def write(self, filename, priv_key, priv_key_password): + def write(self, filename, priv_key, priv_key_password=None): """Write file to disc""" nullbyte = bytes([0]) with open(filename, "wb") as f: