Skip to content

Commit

Permalink
Adds generate-tor-v3-keypairs script
Browse files Browse the repository at this point in the history
Also adds comment to explain why we need cryptography >= 2.5

This is to generate the key pairs for Tor v3 onion authenticated
services.
  • Loading branch information
kushaldas committed Aug 13, 2019
1 parent c9c1391 commit 78e524e
Show file tree
Hide file tree
Showing 2 changed files with 55 additions and 0 deletions.
4 changes: 4 additions & 0 deletions admin/requirements-ansible.in
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
ansible>2.6<2.7
# We need cryptography equal or higher than 2.5 to generate
# v3 authentication key pairs, the `private_bytes` method was introduced
# in 2.5 release.
# https://cryptography.io/en/latest/hazmat/primitives/asymmetric/x25519/?highlight=x25519#cryptography.hazmat.primitives.asymmetric.x25519.X25519PrivateKey.private_bytes
cryptography>=2.5
netaddr
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
#!/usr/bin/env python3
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import x25519


def generate_x25519_keypair():
"""This function generate new keys and returns them as tuple.
:returns: Tuple(public_key, private_key)
"""

private_key = x25519.X25519PrivateKey.generate()
private_bytes = private_key.private_bytes(
encoding=serialization.Encoding.Raw,
format=serialization.PrivateFormat.Raw,
encryption_algorithm=serialization.NoEncryption())
public_key = private_key.public_key()
public_bytes = public_key.public_bytes(
encoding=serialization.Encoding.Raw,
format=serialization.PublicFormat.Raw)

public = base64.b32encode(public_bytes)[:-4].decode("utf-8")
private = base64.b32encode(private_bytes)[:-4].decode("utf-8")
return public, private


def generate_new_tor_v3_keypairs():
"""
This method will either read the old keys or generate a new
public/private key pair.
"""
# No old keys, generate and store them first
app_journalist_public_key, app_journalist_private_key = generate_x25519_keypair()
# For app ssh service
app_ssh_public_key, app_ssh_private_key = generate_x25519_keypair()
# For mon ssh service
mon_ssh_public_key, mon_ssh_private_key = generate_x25519_keypair()
tor_v3_service_info = {
"app_journalist_public_key": app_journalist_public_key,
"app_journalist_private_key": app_journalist_private_key,
"app_ssh_public_key": app_ssh_public_key,
"app_ssh_private_key": app_ssh_private_key,
"mon_ssh_public_key": mon_ssh_public_key,
"mon_ssh_private_key": mon_ssh_private_key,
}
# Send results to stdout
print(json.dumps(tor_v3_service_info))


if __name__ == "__main__":
generate_new_tor_v3_keypairs()

0 comments on commit 78e524e

Please sign in to comment.