How to use the libnacl.crypto_sign_open function in libnacl

To help you get started, we’ve selected a few libnacl examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github saltstack / libnacl / tests / unit / test_sign.py View on Github external
def test_open_rejects_wrong_key_lengths(self):
        """
        Too few bytes in a key passed through to libsodium will lead to bytes past the end
        of the string being read. We should be guarding against this dangerous case.
        """
        msg = b'The message does not matter.'
        good_key = b'This valid key is 32 bytes long.'
        for bad_key in (b'too short', b'too long' * 100):
            with self.assertRaises(ValueError) as context:
                libnacl.crypto_sign_open(msg, bad_key)
            self.assertEqual(context.exception.args, ('Invalid public key',))

        with self.assertRaises(ValueError) as context:
            libnacl.crypto_sign_open(msg, good_key)
        self.assertEqual(context.exception.args, ('Failed to validate message',))
github PowerDNS / pdns / regression-tests.dnsdist / dnscrypt.py View on Github external
def fromBinary(binary, providerFP):
        if len(binary) != 124:
            raise Exception("Invalid binary certificate")

        certMagic = binary[0:4]
        esVersion = binary[4:6]
        protocolMinVersion = binary[6:8]

        if certMagic != DNSCryptResolverCertificate.DNSCRYPT_CERT_MAGIC or esVersion != DNSCryptResolverCertificate.DNSCRYPT_ES_VERSION or protocolMinVersion != DNSCryptResolverCertificate.DNSCRYPT_PROTOCOL_MIN_VERSION:
            raise Exception("Invalid binary certificate")

        orig = libnacl.crypto_sign_open(binary[8:124], providerFP)

        resolverPK = orig[0:32]
        clientMagic = orig[32:40]
        serial = struct.unpack_from("I", orig[40:44])[0]
        validFrom = struct.unpack_from("!I", orig[44:48])[0]
        validUntil = struct.unpack_from("!I", orig[48:52])[0]
        return DNSCryptResolverCertificate(serial, validFrom, validUntil, resolverPK, clientMagic)
github hyperledger / indy-plenum / stp_core / crypto / nacl_wrappers.py View on Github external
signature and message concated together.
        :param signature: [:class:`bytes`] If an unsigned message is given for
            smessage then the detached signature must be provded.
        :param encoder: A class that is able to decode the secret message and
            signature.
        :rtype: :class:`bytes`
        """
        if signature is not None:
            # If we were given the message and signature separately, combine
            #   them.
            smessage = signature + smessage

        # Decode the signed message
        smessage = encoder.decode(smessage)

        return libnacl.crypto_sign_open(smessage, self._key)
github saltstack / libnacl / libnacl / sign.py View on Github external
def verify(self, msg):
        '''
        Verify the message with tis key
        '''
        return libnacl.crypto_sign_open(msg, self.vk)
github ronf / asyncssh / asyncssh / ed25519.py View on Github external
def verify_der(self, data, sig_algorithm, sig):
        """Verify a DER-encoded signature of the specified data"""

        # pylint: disable=unused-argument

        try:
            return libnacl.crypto_sign_open(sig + data, self._vk) == data
        except ValueError:
            return False
github saltstack / raet / raet / nacling.py View on Github external
signature and message concated together.
        :param signature: [:class:`bytes`] If an unsigned message is given for
            smessage then the detached signature must be provded.
        :param encoder: A class that is able to decode the secret message and
            signature.
        :rtype: :class:`bytes`
        """
        if signature is not None:
            # If we were given the message and signature separately, combine
            #   them.
            smessage = signature + smessage

        # Decode the signed message
        smessage = encoder.decode(smessage)

        return libnacl.crypto_sign_open(smessage, self._key)
github ronf / asyncssh / asyncssh / crypto / ed.py View on Github external
"""Verify the signature on a block of data"""

            try:
                return _ed25519_verify(sig + data, self._pub) == data
            except ValueError:
                return False

    try:
        import libnacl

        _ED25519_PUBLIC_BYTES = libnacl.crypto_sign_ed25519_PUBLICKEYBYTES

        _ed25519_construct_keypair = libnacl.crypto_sign_seed_keypair
        _ed25519_generate_keypair = libnacl.crypto_sign_keypair
        _ed25519_sign = libnacl.crypto_sign
        _ed25519_verify = libnacl.crypto_sign_open

        ed25519_available = True
    except (ImportError, OSError, AttributeError):
        pass


if curve25519_available: # pragma: no branch
    class Curve25519DH:
        """Curve25519 Diffie Hellman implementation based on PyCA"""

        def __init__(self):
            self._priv_key = x25519.X25519PrivateKey.generate()

        def get_public(self):
            """Return the public key to send in the handshake"""
github JoinMarket-Org / joinmarket / lib / libnacl / sign.py View on Github external
def verify(self, msg):
        '''
        Verify the message with tis key
        '''
        return libnacl.crypto_sign_open(msg, self.vk)