Skip to content

Commit

Permalink
encrypt private key with password
Browse files Browse the repository at this point in the history
  • Loading branch information
@dr-orlovsky
dr-orlovsky committed Apr 24, 2024
1 parent 3c16f3f commit 71e74c3
Show file tree
Hide file tree
Showing 4 changed files with 99 additions and 5 deletions.
54 changes: 54 additions & 0 deletions Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 4 additions & 1 deletion Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,11 @@ secp256k1 = { version = "0.29.0", features = ["rand", "global-context"] }
rand = "0.8.5"
clap = { version = "4.5.4", features = ["derive"], optional = true }
shellexpand = { version = "3.1.0", optional = true }
sha2 = "0.10.8"
rpassword = { version = "7.3.1", optional = true }
aes = { version = "0.8.4", optional = true }
crossbeam-channel = { version = "0.5.12", optional = true }

[features]
default = ["cli"]
cli = ["clap", "crossbeam-channel", "shellexpand"]
cli = ["clap", "crossbeam-channel", "shellexpand", "rpassword", "aes"]
37 changes: 34 additions & 3 deletions src/lib.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,11 +24,16 @@ extern crate amplify;

use std::fmt;
use std::fmt::{Display, Formatter};
use std::hash::Hash;
use std::str::FromStr;

use aes::cipher::generic_array::GenericArray;
use aes::cipher::{BlockDecrypt, BlockEncrypt, KeyInit};
use aes::{Aes256, Block};
use amplify::{Bytes, Display};
use baid58::{Baid58ParseError, Chunking, FromBaid58, ToBaid58, CHUNKING_32};
use secp256k1::SECP256K1;
use sha2::{Digest, Sha256};

#[derive(Copy, Clone, Eq, PartialEq, Ord, PartialOrd, Hash, Debug, Display, Default)]
#[non_exhaustive]
Expand Down Expand Up @@ -223,7 +228,7 @@ impl SsiSecret {
use rand::thread_rng;
loop {
let sk = secp256k1::SecretKey::new(&mut thread_rng());
let (pk, _) = sk.x_only_public_key(&SECP256K1);
let (pk, _) = sk.x_only_public_key(SECP256K1);
let data = pk.serialize();
if data[30] == u8::from(Algo::Bip340) && data[31] == u8::from(chain) {
let mut key = [0u8; 30];
Expand Down Expand Up @@ -252,10 +257,36 @@ impl SsiSecret {
rx.recv().expect("threading failed")
}

pub fn encrypt(&mut self, passwd: impl AsRef<str>) {
let key = Sha256::digest(passwd.as_ref().as_bytes());
let key = GenericArray::from_slice(key.as_slice());
let cipher = Aes256::new(key);

let mut source = self.0.secret_bytes().to_vec();
for chunk in source.chunks_mut(16) {
let block = Block::from_mut_slice(chunk);
cipher.encrypt_block(block);
}
self.0 = secp256k1::SecretKey::from_slice(&source).expect("same size")
}

pub fn decrypt(&mut self, passwd: impl AsRef<str>) {
let key = Sha256::digest(passwd.as_ref().as_bytes());
let key = GenericArray::from_slice(key.as_slice());
let cipher = Aes256::new(key);

let mut source = self.0.secret_bytes().to_vec();
for chunk in source.chunks_mut(16) {
let block = Block::from_mut_slice(chunk);
cipher.decrypt_block(block);
}
self.0 = secp256k1::SecretKey::from_slice(&source).expect("same size")
}

pub fn to_public(&self) -> Ssi {
let (pk, _) = self.0.x_only_public_key(&SECP256K1);
let (pk, _) = self.0.x_only_public_key(SECP256K1);
let data = pk.serialize();
return Ssi::from(data);
Ssi::from(data)
}

pub fn secret_bytes(&self) -> [u8; 32] { self.0.secret_bytes() }
Expand Down
8 changes: 7 additions & 1 deletion src/main.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,13 +72,19 @@ fn main() {
threads,
name,
} => {
let passwd = rpassword::prompt_password("Password for private key encryption: ")
.expect("unable to read password");

eprintln!("Generating new identity....");
let secret = match prefix {
let mut secret = match prefix {
Some(prefix) => SsiSecret::vanity(&prefix, chain, threads),
None => SsiSecret::new(chain),
};
let ssi = secret.to_public();
println!("{ssi}");

secret.encrypt(passwd);

let mut path = data_dir.clone();
path.push(name);
fs::write(&path, format!("{secret}")).expect("unable to save secret key");
Expand Down

0 comments on commit 71e74c3

Please sign in to comment.