RE: Looking for help: how to verify if a Hive message is signed correctly in Python Beem. UPDATED!

avatar
(Edited)

You are viewing a single comment's thread:

.

0
0
0.000
7 comments
avatar

You are a wonder!

I've added this little bit which, if I'm doing this right, grabs the public key direct from Hive for this account and compares it to the one returned from the Keychain response in the client.

    acc = Account(acc_name)
    match = False
    for key in acc['posting']['key_auths']:
        match = match or ans['publicKey'] in key
    if match:
        print('Matches public key from Hive')

And here's the full script.

import json
from beemgraphenebase.account import PublicKey
from beemgraphenebase.ecdsasig import verify_message
from binascii import hexlify, unhexlify
from beem.account import Account


ans = {'data':{'key': 'posting','message': '{"signed_message":{"type":"login","address":"brianoflondon","page":"http://127.0.0.1:5000/podcaster/login"},"timestamp":1613710433}', 'method': 'Posting', 'request_id': 3, 'type': 'signBuffer', 'username': 'brianoflondon'}, 'error': None, 'message': 'Message signed succesfully.', 'publicKey': 'STM7B1eanwUQhXa8tdabTi2RxHnXWtyMBd6iJDZ3Z2QA6rKHQY2WJ', 'request_id': 3, 'result': '2031e828c6673b945a14489e23a90d5502238d56fb4df568e6ab88af703a9e3bba14ea410bed5afcb42b3d164c976a49645ee2848a8b65fbd9cc77cbc574ae2ffd', 'success': True}
ansfail = {'data':{'key': 'posting','message': '{"signed_message":{"type":"login","address":"brianoflondon","page":"http://127.0.0.1:5000/podcaster/login"},"timestamp":1613710433}', 'method': 'Posting', 'request_id': 3, 'type': 'signBuffer', 'username': 'brianoflondon'}, 'error': None, 'message': 'Message signed succesfully.', 'publicKey': 'STM7B1eanwUQhXa8tdabTi2RxHnXWtyMBd6iJDZ3Z2QA6rKHQY2WJ', 'request_id': 3, 'result': '2031e828c6673b945a14489e23a90d5502238d56fb4df568e6ab88af703a9e3bba14ea410bed5afcb42b3d164c976a49645ee2848a8b65fbd9cc77cbc574ae2ffe', 'success': True}

# with open("msg.txt") as f:
#     msg = json.loads(f.read())

acc_name = ans['data']['username']
pubkey = PublicKey(ans['publicKey'])
enc_msg = ans['data']['message']
signature = ans['result']

msgkey = verify_message(enc_msg, unhexlify(signature))
pk = PublicKey(hexlify(msgkey).decode("ascii"))
if str(pk) == str(pubkey):
    print("SUCCESS: signature matches given pubkey")
    acc = Account(acc_name)
    match = False
    for key in acc['posting']['key_auths']:
        match = match or ans['publicKey'] in key
    if match:
        print('Matches public key from Hive')

else:
    print("ERROR: message was signed with a different key")
0
0
0.000
Reply
avatar

I added one more enhancement to check if the answer is older than 30 seconds... Thank you so much! This is a very important part of what I'm doing.

I absolutely will make a very clear post about this soon.

0
0
0.000
Reply
avatar
(Edited)

.

0
0
0.000
Reply
avatar

Hmmmm I'm so used to having Keychain unlocked I'll try locking it and perhaps upping the timeout to 5 mins. I doubt that replay attacks will be a huge issue!

Posted using Dapplr

0
0
0.000
Reply
avatar

Congrats, you were upvoted from this account because you were in Top 25 engagers yesterday on STEMGeeks .
You made a total of 3 comments and talked to 2 different authors .
Your rank is 3 .
For more details about this project please read here - link to announcement post
You can also delegate and get weekly payouts.

0
0
0.000
Reply
avatar

Congrats, you were upvoted from this account because you were in Top 25 engagers yesterday on STEMGeeks .
You made a total of 1 comments and talked to 1 different authors .
Your rank is 4 .
For more details about this project please read here - link to announcement post
You can also delegate and get weekly payouts.

0
0
0.000
Reply