How to use the pysodium.crypto_sign_open function in pysodium
To help you get started, we’ve selected a few pysodium examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
stef / pysodium / test / test_pysodium.py View on Github 
def test_crypto_sign_open(self):
pk, sk = pysodium.crypto_sign_keypair()
signed = pysodium.crypto_sign(b'howdy', sk)
changed = signed[:pysodium.crypto_sign_BYTES] + b'0' + signed[pysodium.crypto_sign_BYTES + 1:]
pysodium.crypto_sign_open(signed, pk)
self.assertRaises(ValueError, pysodium.crypto_sign_open, changed, pk)def delete(self, data):
# needs id, sig(id)
# returns ok | fail
try:
pk = self.getpk(data)
except:
return b'fail'
try:
data = pysodium.crypto_sign_open(data, pk)
except ValueError:
print('invalid signature')
return b'fail'
id = data[1:33]
tdir = os.path.expanduser(datadir+binascii.hexlify(id).decode())
shutil.rmtree(tdir)
return b'ok'def verify(msg, master=False, basedir=None):
for keys in get_public_keys(basedir=basedir or pbp.defaultbase):
try:
verifying_key = keys.mp if master else keys.sp
return keys.name, nacl.crypto_sign_open(msg, verifying_key)
except ValueError: passdef loadkey(self, type):
if type in ['mp','cp','sp', 'created', 'valid']:
with open(get_pk_filename(self.basedir, self.name), 'r') as fd:
tmp=fd.read()
mk=tmp[nacl.crypto_sign_BYTES:nacl.crypto_sign_BYTES+nacl.crypto_sign_PUBLICKEYBYTES]
tmp = nacl.crypto_sign_open(tmp, mk)
if type == 'mp': self.mp=mk
i=nacl.crypto_sign_PUBLICKEYBYTES
if type == 'sp': self.sp=tmp[i:i+nacl.crypto_sign_PUBLICKEYBYTES]
i+=nacl.crypto_sign_PUBLICKEYBYTES
if type == 'cp': self.cp=tmp[i:i+nacl.crypto_box_PUBLICKEYBYTES]
i+=nacl.crypto_box_PUBLICKEYBYTES
self.created = parse_isodatetime(tmp[i:i + 32])
self.valid = parse_isodatetime(tmp[i + 32:i + 64])
elif type in ['cs', 'ss']:
tmp = get_sk_filename(self.basedir, self.name)
if os.path.exists(tmp):
tmp = self.decrypt_with_user_pw(tmp, '%s subkey' % ('signing' if type == 'ss' else 'encryption'))
if type == 'ss': self.ss = tmp[:nacl.crypto_sign_SECRETKEYBYTES]
if type == 'cs': self.cs = tmp[nacl.crypto_sign_SECRETKEYBYTES:]
else:def verify(msg, master=False, basedir=None):
for keys in get_public_keys(basedir=basedir or pbp.defaultbase):
try:
verifying_key = keys.mp if master else keys.sp
return keys.name, nacl.crypto_sign_open(msg, verifying_key)
except ValueError: passdef proof_open(team, proof):
assert isinstance(proof, bytes)
proof = b64decode(proof)
claimed_chall_id = proof[2*64:].decode('utf-8')
claimed_chall = Challenge(claimed_chall_id)
chall_pk = claimed_chall['pk']
team_pk = team['sign_pk']
membership_proof = pysodium.crypto_sign_open(proof, chall_pk)
chall_id = pysodium.crypto_sign_open(membership_proof,
team_pk).decode('utf-8')
if claimed_chall_id != chall_id:
raise ValueError('invalid proof')
return claimed_challdef loadkey(self, type):
if type in ['mp','cp','sp', 'created', 'valid']:
with open(get_pk_filename(self.basedir, self.name), 'r') as fd:
tmp=fd.read()
mk=tmp[nacl.crypto_sign_BYTES:nacl.crypto_sign_BYTES+nacl.crypto_sign_PUBLICKEYBYTES]
tmp = nacl.crypto_sign_open(tmp, mk)
if type == 'mp': self.mp=mk
i=nacl.crypto_sign_PUBLICKEYBYTES
if type == 'sp': self.sp=tmp[i:i+nacl.crypto_sign_PUBLICKEYBYTES]
i+=nacl.crypto_sign_PUBLICKEYBYTES
if type == 'cp': self.cp=tmp[i:i+nacl.crypto_box_PUBLICKEYBYTES]
i+=nacl.crypto_box_PUBLICKEYBYTES
self.created = parse_isodatetime(tmp[i:i + 32])
self.valid = parse_isodatetime(tmp[i + 32:i + 64])
elif type in ['cs', 'ss']:
tmp = get_sk_filename(self.basedir, self.name)
if os.path.exists(tmp):
tmp = self.decrypt_with_user_pw(tmp, 'subkeys')
if type == 'ss': self.ss = tmp[:nacl.crypto_sign_SECRETKEYBYTES]
if type == 'cs': self.cs = tmp[nacl.crypto_sign_SECRETKEYBYTES:]def data_received(self, data):
if verbose: print('Data received: {!r}'.format(repr(data).encode()))
try:
data = pysodium.crypto_sign_open(data, self.handler.getserverkey())
except ValueError:
raise ValueError('invalid signature.\nabort')
if data == b'fail':
raise ValueError('fail')
if not self.b:
self.cb()
return
rwd=sphinxlib.finish(self.b, data)
rule = self.handler.getrule()
if not rule:
raise ValueError("no password rule defined for this password.")
rule, size = ruledef import_handler(infile=None, basedir=None):
# imports ascii armored key from infile or stdin to basedir
if not infile:
b85 = sys.stdin.readline().strip()
else:
with file(infile) as fd:
b85 = fd.readline().strip()
pkt = b85decode(b85)
mp = pkt[nacl.crypto_sign_BYTES:nacl.crypto_sign_BYTES+nacl.crypto_sign_PUBLICKEYBYTES]
keys = nacl.crypto_sign_open(pkt, mp)
if not keys:
return
name = keys[(nacl.crypto_sign_PUBLICKEYBYTES*3)+2*32:]
kfile = publickey.get_pk_filename(basedir, name)
if os.path.exists(kfile):
bkp = kfile+'.old'
print >>sys.stderr, "backing up existing key to %s" % bkp
os.rename(kfile,bkp)
with open(kfile, 'w') as fd:
fd.write(pkt)
# TODO check if key exists, then ask for confirmation of pk overwrite
return namedef verify(self, msg, master=False):
try:
return nacl.crypto_sign_open(msg, self.mp if master else self.sp)
except ValueError:
return
Popular pysodium functions
- pysodium.crypto_box
- pysodium.crypto_box_keypair
- pysodium.crypto_box_NONCEBYTES
- pysodium.crypto_box_open
- pysodium.crypto_generichash
- pysodium.crypto_scalarmult_curve25519
- pysodium.crypto_scalarmult_curve25519_base
- pysodium.crypto_scalarmult_curve25519_BYTES
- pysodium.crypto_secretbox
- pysodium.crypto_secretbox_KEYBYTES
- pysodium.crypto_secretbox_NONCEBYTES
- pysodium.crypto_secretbox_open
- pysodium.crypto_secretstream_xchacha20poly1305_init_push
- pysodium.crypto_secretstream_xchacha20poly1305_keygen
- pysodium.crypto_secretstream_xchacha20poly1305_push
- pysodium.crypto_sign
- pysodium.crypto_sign_keypair
- pysodium.crypto_sign_open
- pysodium.randombytes
- pysodium.sodium_version_check