当前位置: 首页>>代码示例>>Python>>正文


Python SigningKey.encode方法代码示例

本文整理汇总了Python中nacl.signing.SigningKey.encode方法的典型用法代码示例。如果您正苦于以下问题:Python SigningKey.encode方法的具体用法?Python SigningKey.encode怎么用?Python SigningKey.encode使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在nacl.signing.SigningKey的用法示例。


在下文中一共展示了SigningKey.encode方法的5个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: maybe_generate_key

# 需要导入模块: from nacl.signing import SigningKey [as 别名]
# 或者: from nacl.signing.SigningKey import encode [as 别名]
    def maybe_generate_key(self, cbdir, privkey_path=u'key.priv', pubkey_path=u'key.pub'):

        privkey_path = os.path.join(cbdir, privkey_path)
        pubkey_path = os.path.join(cbdir, pubkey_path)

        if os.path.exists(privkey_path):

            # node private key seems to exist already .. check!

            priv_tags = _parse_keyfile(privkey_path, private=True)
            for tag in [u'creator', u'created-at', u'machine-id', u'public-key-ed25519', u'private-key-ed25519']:
                if tag not in priv_tags:
                    raise Exception("Corrupt node private key file {} - {} tag not found".format(privkey_path, tag))

            privkey_hex = priv_tags[u'private-key-ed25519']
            privkey = SigningKey(privkey_hex, encoder=HexEncoder)
            pubkey = privkey.verify_key
            pubkey_hex = pubkey.encode(encoder=HexEncoder).decode('ascii')

            if priv_tags[u'public-key-ed25519'] != pubkey_hex:
                raise Exception(
                    ("Inconsistent node private key file {} - public-key-ed25519 doesn't"
                     " correspond to private-key-ed25519").format(pubkey_path)
                )

            if os.path.exists(pubkey_path):
                pub_tags = _parse_keyfile(pubkey_path, private=False)
                for tag in [u'creator', u'created-at', u'machine-id', u'public-key-ed25519']:
                    if tag not in pub_tags:
                        raise Exception("Corrupt node public key file {} - {} tag not found".format(pubkey_path, tag))

                if pub_tags[u'public-key-ed25519'] != pubkey_hex:
                    raise Exception(
                        ("Inconsistent node public key file {} - public-key-ed25519 doesn't"
                         " correspond to private-key-ed25519").format(pubkey_path)
                    )
            else:
                self.log.info(
                    "Node public key file {pub_path} not found - re-creating from node private key file {priv_path}",
                    pub_path=pubkey_path,
                    priv_path=privkey_path,
                )
                pub_tags = OrderedDict([
                    (u'creator', priv_tags[u'creator']),
                    (u'created-at', priv_tags[u'created-at']),
                    (u'machine-id', priv_tags[u'machine-id']),
                    (u'public-key-ed25519', pubkey_hex),
                ])
                msg = u'Crossbar.io node public key\n\n'
                _write_node_key(pubkey_path, pub_tags, msg)

            self.log.debug("Node key already exists (public key: {hex})", hex=pubkey_hex)

        else:
            # node private key does not yet exist: generate one

            privkey = SigningKey.generate()
            privkey_hex = privkey.encode(encoder=HexEncoder).decode('ascii')
            pubkey = privkey.verify_key
            pubkey_hex = pubkey.encode(encoder=HexEncoder).decode('ascii')

            # first, write the public file
            tags = OrderedDict([
                (u'creator', _creator()),
                (u'created-at', utcnow()),
                (u'machine-id', _machine_id()),
                (u'public-key-ed25519', pubkey_hex),
            ])
            msg = u'Crossbar.io node public key\n\n'
            _write_node_key(pubkey_path, tags, msg)

            # now, add the private key and write the private file
            tags[u'private-key-ed25519'] = privkey_hex
            msg = u'Crossbar.io node private key - KEEP THIS SAFE!\n\n'
            _write_node_key(privkey_path, tags, msg)

            self.log.info("New node key pair generated!")

        # fix file permissions on node public/private key files
        # note: we use decimals instead of octals as octal literals have changed between Py2/3
        #
        if os.stat(pubkey_path).st_mode & 511 != 420:  # 420 (decimal) == 0644 (octal)
            os.chmod(pubkey_path, 420)
            self.log.info("File permissions on node public key fixed!")

        if os.stat(privkey_path).st_mode & 511 != 384:  # 384 (decimal) == 0600 (octal)
            os.chmod(privkey_path, 384)
            self.log.info("File permissions on node private key fixed!")

        self._node_key = cryptosign.SigningKey(privkey)

        return pubkey_hex
开发者ID:NinjaMSP,项目名称:crossbar,代码行数:94,代码来源:node.py

示例2: _prepare_node_keys

# 需要导入模块: from nacl.signing import SigningKey [as 别名]
# 或者: from nacl.signing.SigningKey import encode [as 别名]
    def _prepare_node_keys(self):
        from nacl.signing import SigningKey
        from nacl.encoding import HexEncoder

        # make sure CBDIR/.cdc exists
        #
        cdc_dir = os.path.join(self._cbdir, '.cdc')
        if os.path.isdir(cdc_dir):
            pass
        elif os.path.exists(cdc_dir):
            raise Exception(".cdc exists, but isn't a directory")
        else:
            os.mkdir(cdc_dir)
            self.log.info("CDC directory created")

        # load node ID, either from .cdc/node.id or from CDC_NODE_ID
        #
        def split_nid(nid_s):
            nid_c = nid_s.strip().split('@')
            if len(nid_c) != 2:
                raise Exception("illegal node principal '{}' - must follow the form <node id>@<management realm>".format(nid_s))
            node_id, realm = nid_c
            # FIXME: regex check node_id and realm
            return node_id, realm

        nid_file = os.path.join(cdc_dir, 'node.id')
        node_id, realm = None, None
        if os.path.isfile(nid_file):
            with open(nid_file, 'r') as f:
                node_id, realm = split_nid(f.read())
        elif os.path.exists(nid_file):
            raise Exception("{} exists, but isn't a file".format(nid_file))
        else:
            if 'CDC_NODE_ID' in os.environ:
                node_id, realm = split_nid(os.environ['CDC_NODE_ID'])
            else:
                raise Exception("Neither node ID file {} exists nor CDC_NODE_ID environment variable set".format(nid_file))

        # Load the node key, either from .cdc/node.key or from CDC_NODE_KEY.
        # The node key is a Ed25519 key in either raw format (32 bytes) or in
        # hex-encoded form (64 characters).
        #
        # Actually, what's loaded is not the secret Ed25519 key, but the _seed_
        # for that key. Private keys are derived from this 32-byte (256-bit)
        # random seed value. It is thus the seed value which is sensitive and
        # must be protected.
        #
        skey_file = os.path.join(cdc_dir, 'node.key')
        skey = None
        if os.path.isfile(skey_file):
            # FIXME: check file permissions are 0600!

            # This value is read in here.
            skey_len = os.path.getsize(skey_file)
            if skey_len in (32, 64):
                with open(skey_file, 'r') as f:
                    skey_seed = f.read()
                    encoder = None
                    if skey_len == 64:
                        encoder = HexEncoder
                    skey = SigningKey(skey_seed, encoder=encoder)
                self.log.info("Existing CDC node key loaded from {skey_file}.", skey_file=skey_file)
            else:
                raise Exception("invalid node key length {} (key must either be 32 raw bytes or hex encoded 32 bytes, hence 64 byte char length)")
        elif os.path.exists(skey_file):
            raise Exception("{} exists, but isn't a file".format(skey_file))
        else:
            skey = SigningKey.generate()
            skey_seed = skey.encode(encoder=HexEncoder)
            with open(skey_file, 'w') as f:
                f.write(skey_seed)

            # set file mode to read only for owner
            # 384 (decimal) == 0600 (octal) - we use that for Py2/3 reasons
            os.chmod(skey_file, 384)
            self.log.info("New CDC node key {skey_file} generated.", skey_file=skey_file)

        return realm, node_id, skey
开发者ID:FirefighterBlu3,项目名称:crossbar,代码行数:80,代码来源:node.py

示例3: maybe_generate_key

# 需要导入模块: from nacl.signing import SigningKey [as 别名]
# 或者: from nacl.signing.SigningKey import encode [as 别名]
def maybe_generate_key(log, cbdir, privkey_path=u'node.key'):
    if not HAS_NACL:
        log.warn("Skipping node key generation - NaCl package not installed!")
        return

    from nacl.signing import SigningKey
    from nacl.encoding import HexEncoder

    privkey = None
    privkey_path = os.path.join(cbdir, privkey_path)

    if os.path.exists(privkey_path):
        # node private key seems to exist already .. check!
        if os.path.isfile(privkey_path):
            with open(privkey_path, 'r') as privkey_file:
                privkey = None
                # parse key file lines, looking for tag "ed25519-privkey"
                got_blankline = False
                for line in privkey_file.read().splitlines():
                    if line.strip() == '':
                        got_blankline = True
                    elif got_blankline:
                        tag, value = line.split(':', 1)
                        tag = tag.strip().lower()
                        value = value.strip()
                        if tag not in [u'private-key-ed25519', u'public-key-ed25519', u'machine-id', u'created-at', u'creator']:
                            raise Exception("Invalid tag '{}' in node private key file {}".format(tag, privkey_path))
                        if tag == u'private-key-ed25519':
                            privkey = value
                            break

                if not privkey:
                    raise Exception("Node private key file lacks a 'ed25519-privkey' tag!")

                # recreate a signing key from the base64 encoding
                privkey_obj = SigningKey(privkey, encoder=HexEncoder)
                pubkey = privkey_obj.verify_key.encode(encoder=HexEncoder).decode('ascii')

            log.debug("Node key already exists (public key: {})".format(pubkey))
        else:
            raise Exception("Node private key path '{}' exists, but isn't a file".format(privkey_path))
    else:
        # node private key does NOT yet exist: generate one
        privkey_obj = SigningKey.generate()
        privkey = privkey_obj.encode(encoder=HexEncoder).decode('ascii')
        privkey_created_at = utcnow()

        pubkey = privkey_obj.verify_key.encode(encoder=HexEncoder).decode('ascii')

        # for informational purposes, try to get a machine unique id thing ..
        machine_id = None
        try:
            # why this? see: http://0pointer.de/blog/projects/ids.html
            with open('/var/lib/dbus/machine-id', 'r') as f:
                machine_id = f.read().strip()
        except:
            pass

        # for informational purposes, try to identify the creator ([email protected])
        creator = None
        try:
            creator = u'{}@{}'.format(getpass.getuser(), socket.gethostname())
        except:
            pass

        # write out the private key file
        with open(privkey_path, 'w') as privkey_file:
            privkey_file.write(u'Crossbar.io private key for node authentication - KEEP THIS SAFE!\n\n')
            if creator:
                privkey_file.write(u'creator: {}\n'.format(creator))
            privkey_file.write(u'created-at: {}\n'.format(privkey_created_at))
            if machine_id:
                privkey_file.write(u'machine-id: {}\n'.format(machine_id))
            privkey_file.write(u'public-key-ed25519: {}\n'.format(pubkey))
            privkey_file.write(u'private-key-ed25519: {}\n'.format(privkey))

        # set file mode to read only for owner
        # 384 (decimal) == 0600 (octal) - we use that for Py2/3 reasons
        os.chmod(privkey_path, 384)

        log.info("New node key generated!")

    return pubkey
开发者ID:yegorich,项目名称:crossbar,代码行数:85,代码来源:node.py

示例4: maybe_generate_key

# 需要导入模块: from nacl.signing import SigningKey [as 别名]
# 或者: from nacl.signing.SigningKey import encode [as 别名]
def maybe_generate_key(log, cbdir, privkey_path=u'key.priv', pubkey_path=u'key.pub'):
    if not HAS_NACL:
        log.warn("Skipping node key generation - NaCl package not installed!")
        return

    from nacl.signing import SigningKey
    from nacl.encoding import HexEncoder

    privkey = None
    pubkey = None
    privkey_path = os.path.join(cbdir, privkey_path)
    pubkey_path = os.path.join(cbdir, pubkey_path)

    if os.path.exists(privkey_path):
        # node private key seems to exist already .. check!
        tags = _parse_keyfile(privkey_path, private=True)
        if u'private-key-ed25519' not in tags:
            raise Exception("Node private key file lacks a 'private-key-ed25519' tag!")

        privkey = tags[u'private-key-ed25519']
        # recreate a signing key from the base64 encoding
        privkey_obj = SigningKey(privkey, encoder=HexEncoder)
        pubkey = privkey_obj.verify_key.encode(encoder=HexEncoder).decode('ascii')

        # confirm we have the public key in the file, and that it is
        # correct
        if u'public-key-ed25519' in tags:
            if tags[u'public-key-ed25519'] != pubkey:
                raise Exception(
                    ("Inconsistent key file '{}': 'public-key-ed25519' doesn't"
                     " correspond to private-key-ed25519").format(privkey_path)
                )
        log.debug("Node key already exists (public key: {})".format(pubkey))

        if os.path.exists(pubkey_path):
            pubtags = _parse_keyfile(pubkey_path, private=False)
            if u'public-key-ed25519' not in pubtags:
                raise Exception(
                    ("Pubkey file '{}' exists but lacks 'public-key-ed25519'"
                     " tag").format(pubkey_path)
                )
            if pubtags[u'public-key-ed25519'] != pubkey:
                raise Exception(
                    ("Inconsistent key file '{}': 'public-key-ed25519' doesn't"
                     " correspond to private-key-ed25519").format(pubkey_path)
                )
        else:
            log.info("'{}' not found; re-creating from '{}'".format(pubkey_path, privkey_path))
            tags = OrderedDict([
                (u'creator', _creator()),
                (u'created-at', utcnow()),
                (u'machine-id', _machine_id()),
                (u'public-key-ed25519', pubkey),
            ])
            msg = u'Crossbar.io public key for node authentication\n\n'
            _write_node_key(pubkey_path, tags, msg)

    else:
        # node private key does NOT yet exist: generate one
        privkey_obj = SigningKey.generate()
        privkey = privkey_obj.encode(encoder=HexEncoder).decode('ascii')
        pubkey = privkey_obj.verify_key.encode(encoder=HexEncoder).decode('ascii')

        # first, write the public file
        tags = OrderedDict([
            (u'creator', _creator()),
            (u'created-at', utcnow()),
            (u'machine-id', _machine_id()),
            (u'public-key-ed25519', pubkey),
        ])
        msg = u'Crossbar.io public key for node authentication\n\n'
        _write_node_key(pubkey_path, tags, msg)

        # now, add the private key and write the private file
        tags[u'private-key-ed25519'] = privkey
        msg = u'Crossbar.io private key for node authentication - KEEP THIS SAFE!\n\n'
        _write_node_key(privkey_path, tags, msg)

        log.info("New node key generated!")

    return pubkey
开发者ID:FirefighterBlu3,项目名称:crossbar,代码行数:83,代码来源:node.py

示例5: PrivateKeyProvider

# 需要导入模块: from nacl.signing import SigningKey [as 别名]
# 或者: from nacl.signing.SigningKey import encode [as 别名]
class PrivateKeyProvider(object):
    """
    Decrypts private keys.
    """

    def __init__(self, key, passphrase: bytes):
        self.key = key
        # Secure!
        self.passphrase = passphrase

        self.sign = None
        self.encrypt = None

    def __enter__(self) -> typing.Tuple[PrivateKey, PrivateKey]:
        """
        Provides a pair of private keys.
        """
        # Derive the key from the passphrase.
        derived = util.derive_passphrase(self.passphrase)

        sign_box = SecretBox(derived)
        enc_box = SecretBox(derived)

        # Decrypt, using the two nonces.
        s_d = sign_box.decrypt(self.key._private_signing_seed, self.key._private_signing_nonce)
        e_d = enc_box.decrypt(self.key._private_key_raw, self.key._private_nonce)

        # Generate a SigningKey out of the seed.
        self.sign = SigningKey(s_d)
        self.encrypt = PrivateKey(e_d)

        # Update the key's public keys.
        if self.key._public_key is None:
            self.key._public_key = self.encrypt.public_key

        if self.key._public_signing_key is None:
            self.key._public_signing_key = self.sign.verify_key

        return self.encrypt, self.sign

    def __exit__(self, exc_type, exc_val, exc_tb):
        """
        Re-encrypt.
        """
        # Derive the key from the passphrase.
        derived = util.derive_passphrase(self.passphrase)

        # Generate two random nonces.
        nonce1 = random(SecretBox.NONCE_SIZE)
        nonce2 = random(SecretBox.NONCE_SIZE)

        sign_box = SecretBox(derived)
        enc_box = SecretBox(derived)

        s_p = self.sign.encode()
        e_p = self.encrypt.encode()

        s_e = sign_box.encrypt(s_p, nonce1)
        e_e = enc_box.encrypt(e_p, nonce2)

        # Update `self.key`.
        self.key._private_key_raw = e_e.ciphertext
        self.key._private_signing_key_raw = s_e.ciphertext

        # Bit of a mixed up name.
        self.key._private_nonce = e_e.nonce
        self.key._private_signing_nonce = s_e.nonce

        if exc_type is not None:
            raise exc_type(exc_val)
开发者ID:SunDwarf,项目名称:Gluino,代码行数:72,代码来源:private.py


注:本文中的nacl.signing.SigningKey.encode方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。