diff --git a/lbrynet/cryptstream/CryptStreamCreator.py b/lbrynet/cryptstream/CryptStreamCreator.py
index e39a50c1d..a3042ac61 100644
--- a/lbrynet/cryptstream/CryptStreamCreator.py
+++ b/lbrynet/cryptstream/CryptStreamCreator.py
@@ -1,12 +1,12 @@
"""
Utility for creating Crypt Streams, which are encrypted blobs and associated metadata.
"""
-
+import os
import logging
+
+from cryptography.hazmat.primitives.ciphers.algorithms import AES
from twisted.internet import interfaces, defer
from zope.interface import implements
-from Crypto import Random
-from Crypto.Cipher import AES
from lbrynet.cryptstream.CryptBlob import CryptStreamBlobMaker
@@ -101,13 +101,13 @@ class CryptStreamCreator(object):
@staticmethod
def random_iv_generator():
while 1:
- yield Random.new().read(AES.block_size)
+ yield os.urandom(AES.block_size / 8)
def setup(self):
"""Create the symmetric key if it wasn't provided"""
if self.key is None:
- self.key = Random.new().read(AES.block_size)
+ self.key = os.urandom(AES.block_size / 8)
return defer.succeed(True)
diff --git a/lbrynet/pointtraderclient/pointtraderclient.py b/lbrynet/pointtraderclient/pointtraderclient.py
index 4084ddc8a..030337185 100644
--- a/lbrynet/pointtraderclient/pointtraderclient.py
+++ b/lbrynet/pointtraderclient/pointtraderclient.py
@@ -1,16 +1,40 @@
+from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives import serialization, hashes
+from cryptography.hazmat.primitives.asymmetric import rsa, padding, utils
+
from lbrynet import conf
from twisted.web.client import Agent, FileBodyProducer, Headers, ResponseDone
from twisted.internet import threads, defer, protocol
-from Crypto.Hash import SHA
-from Crypto.PublicKey import RSA
-from Crypto.Signature import PKCS1_PSS
+from hashlib import sha1
from StringIO import StringIO
import time
import json
import binascii
+def gen_rsa_key(bits):
+ PUBLIC_EXPOENT = 65537 # http://www.daemonology.net/blog/2009-06-11-cryptographic-right-answers.html
+ return rsa.generate_private_key(public_exponent=PUBLIC_EXPOENT,
+ key_size=4096, backend=default_backend())
+
+
+def sign(private_key, recipient_public_key=None, amount=None):
+ encoded_public_key = private_key.public_key().public_bytes(serialization.Encoding.PEM,
+ serialization.PublicFormat.PKCS1)
+ timestamp = time.time()
+ h = sha1()
+ h.update(encoded_public_key)
+ if amount and recipient_public_key:
+ h.update(recipient_public_key)
+ h.update(str(amount))
+ h.update(str(timestamp))
+ signature = private_key.sign(h.digest(), padding.PSS(mgf=padding.MGF1(hashes.SHA1()),
+ salt_length=padding.PSS.MAX_LENGTH),
+ utils.Prehashed(hashes.SHA1()))
+ return encoded_public_key, timestamp, binascii.hexlify(signature)
+
+
class BeginningPrinter(protocol.Protocol):
def __init__(self, finished):
self.finished = finished
@@ -64,7 +88,9 @@ def print_error(err):
def register_new_account(private_key):
data = {}
- data['pub_key'] = private_key.publickey().exportKey()
+ encoded_public_key = private_key.public_key().public_bytes(serialization.Encoding.PEM,
+ serialization.PublicFormat.PKCS1)
+ data['pub_key'] = encoded_public_key
def get_success_from_body(body):
r = json.loads(body)
@@ -79,15 +105,7 @@ def register_new_account(private_key):
def send_points(private_key, recipient_public_key, amount):
- encoded_public_key = private_key.publickey().exportKey()
- timestamp = time.time()
- h = SHA.new()
- h.update(encoded_public_key)
- h.update(recipient_public_key)
- h.update(str(amount))
- h.update(str(timestamp))
- signer = PKCS1_PSS.new(private_key)
- signature = binascii.hexlify(signer.sign(h))
+ encoded_public_key, timestamp, signature = sign(private_key, recipient_public_key, amount)
data = {}
data['sender_pub_key'] = encoded_public_key
@@ -110,13 +128,7 @@ def send_points(private_key, recipient_public_key, amount):
def get_recent_transactions(private_key):
- encoded_public_key = private_key.publickey().exportKey()
- timestamp = time.time()
- h = SHA.new()
- h.update(encoded_public_key)
- h.update(str(timestamp))
- signer = PKCS1_PSS.new(private_key)
- signature = binascii.hexlify(signer.sign(h))
+ encoded_public_key, timestamp, signature = sign(private_key)
data = {}
data['pub_key'] = encoded_public_key
@@ -140,13 +152,7 @@ def get_recent_transactions(private_key):
def get_balance(private_key):
- encoded_public_key = private_key.publickey().exportKey()
- timestamp = time.time()
- h = SHA.new()
- h.update(encoded_public_key)
- h.update(str(timestamp))
- signer = PKCS1_PSS.new(private_key)
- signature = binascii.hexlify(signer.sign(h))
+ encoded_public_key, timestamp, signature = sign(private_key)
data = {}
data['pub_key'] = encoded_public_key
@@ -203,13 +209,15 @@ def run_full_test():
return dl
def do_transfer(unused, amount):
- d = send_points(keys[0], keys[1].publickey().exportKey(), amount)
+ encoded_public_key = keys[1].public_key().public_bytes(serialization.Encoding.PEM,
+ serialization.PublicFormat.PKCS1)
+ d = send_points(keys[0], encoded_public_key, amount)
return d
- d1 = threads.deferToThread(RSA.generate, 4096)
+ d1 = threads.deferToThread(gen_rsa_key, 4096)
d1.addCallback(save_key)
d1.addCallback(register_new_account)
- d2 = threads.deferToThread(RSA.generate, 4096)
+ d2 = threads.deferToThread(gen_rsa_key, 4096)
d2.addCallback(save_key)
d2.addCallback(register_new_account)
dlist = defer.DeferredList([d1, d2])
@@ -222,6 +230,7 @@ def run_full_test():
if __name__ == "__main__":
+ conf.initialize_settings()
from twisted.internet import reactor