Added --no-encryption option. Disables local private key encryption.

pyseeder.py

@@ -25,6 +25,8 @@ def main():
             help="RSA private key (default: data/priv_key.pem)")
     kg_parser.add_argument("--cert", default=None,
             help="Certificate (example: data/user_at_mail.i2p.crt)")
+    kg_parser.add_argument("--no-encryption", action="store_true",
+            help="Disable private key encryption")
     kg_parser.set_defaults(func=pyseeder.actions.keygen)
 
 
@@ -44,6 +46,8 @@ echo $YOUR_PASSWORD | %(prog)s --netdb /path/to/netDb \\
             help="Output file (default: output/i2pseeds.su3)")
     rs_parser.add_argument("--netdb", required=True, 
             help="Path to netDb folder (example: ~/.i2pd/netDb)")
+    rs_parser.add_argument("--no-encryption", action="store_true",
+            help="Disable private key encryption")
     rs_parser.set_defaults(func=pyseeder.actions.reseed)
 
 

pyseeder/actions.py

@@ -11,9 +11,14 @@ def keygen(args):
     for f in [args.cert, args.private_key]: check_writable(f)
 
     from pyseeder.crypto import keygen
-    from getpass import getpass
+
-    priv_key_password = getpass("Set private key password: ").encode("utf-8")
+    if args.no_encryption:
-    keygen(args.cert, args.private_key, priv_key_password, args.signer_id)
+        priv_key_password = None
+    else:
+        from getpass import getpass
+        priv_key_password = getpass("Set private key password: ").encode("utf-8")
+
+    keygen(args.cert, args.private_key, args.signer_id, priv_key_password)
 
 def reseed(args):
     """Sub-command to generate reseed file"""
@@ -21,7 +26,12 @@ def reseed(args):
     for f in [args.netdb, args.private_key]: check_readable(f)
 
     from pyseeder.su3file import SU3File
-    priv_key_password = input().encode("utf-8")
+
+    if args.no_encryption:
+        priv_key_password = None
+    else:
+        priv_key_password = input().encode("utf-8")
+
     su3file = SU3File(args.signer_id)
     su3file.reseed(args.netdb)
     su3file.write(args.outfile, args.private_key, priv_key_password)

pyseeder/crypto.py

@@ -13,19 +13,23 @@ from cryptography.x509.oid import NameOID
 from cryptography.hazmat.primitives import hashes
 from cryptography.hazmat.primitives.asymmetric import padding
 
-def keygen(pub_key, priv_key, priv_key_password, user_id):
+def keygen(pub_key, priv_key, user_id, priv_key_password=None):
     """Generate new private key and certificate RSA_SHA512_4096"""
     # Generate our key
     key = rsa.generate_private_key(public_exponent=65537, key_size=4096,
                                             backend=default_backend())
 
+    if priv_key_password:
+        ea = serialization.BestAvailableEncryption(priv_key_password)
+    else:
+        ea = serialization.NoEncryption()
+
     # Write our key to disk for safe keeping
     with open(priv_key, "wb") as f:
         f.write(key.private_bytes(
             encoding=serialization.Encoding.PEM,
             format=serialization.PrivateFormat.TraditionalOpenSSL,
-            encryption_algorithm=serialization.BestAvailableEncryption(
+            encryption_algorithm=ea,
-                                                            priv_key_password),
         ))
 
     # Various details about who we are. For a self-signed certificate the
@@ -57,7 +61,7 @@ def keygen(pub_key, priv_key, priv_key_password, user_id):
         f.write(cert.public_bytes(serialization.Encoding.PEM))
 
 
-def append_signature(target_file, priv_key, priv_key_password):
+def append_signature(target_file, priv_key, priv_key_password=None):
     """Append signature to the end of file"""
     with open(target_file, "rb") as f:
         contents = f.read()

pyseeder/su3file.py

@@ -25,7 +25,7 @@ class SU3File:
         self.VERSION = str(int(time.time())).encode("utf-8")
         #self.keytype = "RSA_SHA512_4096"
 
-    def write(self, filename, priv_key, priv_key_password):
+    def write(self, filename, priv_key, priv_key_password=None):
         """Write file to disc"""
         nullbyte = bytes([0])
         with open(filename, "wb") as f: