common.cryptographer¶

class Cryptographer[source]¶

Bases: object

The Cryptographer is in charge of all the cryptography in the tower.

static check_data_key_format(data, secret)[source]¶

Checks that the data and secret that will be used to by encrypt / decrypt are properly formatted.

Parameters

data (str) – the data to be encrypted.
secret (str) – the secret used to derive the encryption key.

Raises

InvalidParameter – if either the key and/or data are not properly formatted.

static decrypt(encrypted_blob, secret)[source]¶

Decrypts a given encrypted_blob using CHACHA20POLY1305.

SHA256(secret) is used as key, and 0 (12-byte) as iv.

Parameters

encrypted_blob (str) – an encrypted blob of data potentially containing a penalty transaction.
secret (str) – a value used to derive the decryption key. Should be the dispute txid.

Returns

The decrypted data (hex-encoded).

Return type

str

Raises

InvalidParameter – if either the key and/or data are not properly formatted.
EncryptionError – if the data cannot be decrypted with the given key.

static encrypt(message, secret)[source]¶

Encrypts a given message data using CHACHA20POLY1305.

SHA256(secret) is used as key, and 0 (12-byte) as iv.

Parameters

message (str) – a message to be encrypted. Should be the hex-encoded commitment_tx.
secret (str) – a value to used to derive the encryption key. Should be the dispute txid.

Returns

The encrypted data (hex-encoded).

Return type

str

Raises

InvalidParameter – if either the key and/or data are not properly formatted.

static generate_key()[source]¶

Generates an ECDSA private key (over secp256k1).

Returns: A private key.
Return type: PrivateKey

static get_compressed_pk(pk)[source]¶

Computes a compressed, hex-encoded, public key given a PublicKey .

Parameters

pk (PublicKey) – a given public key.

Returns

A compressed, hex-encoded, public key (33-byte long) if it can be compressed.

Return type

str

Raises

InvalidParameter – if the value passed as public key is not a PublicKey object.
InvalidKey – if the public key has not been properly created.

static load_key_file(file_path)[source]¶

Loads a key from a key file.

Parameters

file_path (str) – the path to the key file to be loaded.

Returns

The key file data if the file can be found and read.

Return type

bytes

Raises

InvalidParameter – if the file_path has wrong format or cannot be found.
InvalidKey – if the key cannot be loaded from the file. It covers temporary I/O errors.

static load_private_key_der(sk_der)[source]¶

Creates a PrivateKey from a given DER encoded private key.

Parameters: sk_der (str) – a private key encoded in DER format.
Returns: A PrivateKey object if the private key can be loaded.
Return type: PrivateKey
Raises: InvalidKey – if a PrivateKey cannot be loaded from the given data.

static recover_pk(message, zb32_sig)[source]¶

Recovers an ECDSA public key from a given message and zbase32 signature.

Parameters

message (bytes) – original message from where the signature was generated.
zb32_sig (str) – the zbase32 signature of the message.

Returns

The public key if it can be recovered.

Return type

PublicKey

Raises

InvalidParameter – if the message and/or signature have a wrong value.
SignatureError – if a public key cannot be recovered from the given signature.

static save_key_file(key, name, data_dir)[source]¶

Saves a key to disk in DER format.

Parameters

key (bytes) – the key to be saved to disk.
name (str) – the name of the key file to be generated.
data_dir (str) – the data directory where the file will be saved.

Raises

InvalidParameter – If the given key is not bytes or the name or data_dir are not strings.

static sign(message, sk)[source]¶

Signs a given message with a given secret key using ECDSA over secp256k1.

Parameters

message (bytes) – the data to be signed.
sk (PrivateKey) – the ECDSA secret key to be used to sign the data.

Returns

The zbase32 signature of the given message is it can be signed.

Return type

str

Raises

InvalidParameter – if the message and/or secret key have a wrong value.
SignatureError – if there is an error during the signing process.

hash_160(message)[source]¶

Calculates the RIPEMD-160 hash of a given message.

Parameters: message (str) – the message to be hashed.
Returns: The ripemd160 hash of the given message.
Return type: str

sha256d(message)[source]¶

Computes the double sha256 of a given message.

Parameters: message (bytes) – the message to be used as input to the hash function.
Returns: The sha256d of the given message.
Return type: bytes

sigrec_decode(sigrec)[source]¶

Decodes a pk-recoverable signature in the format used by LN to be input to PublicKey.from_signature_and_message.

Parameters: sigrec (bytes) – the signature to be decoded.
Returns: The decoded signature.
Return type: bytes
Raises: ValueError – if the SigRec is not properly encoded (first byte is not 31 + recovery id)

sigrec_encode(rsig_rid)[source]¶

Encodes a pk-recoverable signature to be used in LN. rsig_rid can be obtained trough PrivateKey.sign_recoverable. The required format has the recovery id as the last byte, and for signing LN messages we need it as the first. From: https://twitter.com/rusty_twit/status/1182102005914800128

Parameters: rsig_rid (bytes) – the signature to be encoded.
Returns: The encoded signature.
Return type: bytes