-
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtofu_handshake.py
46 lines (34 loc) · 1.35 KB
/
tofu_handshake.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
from poorman_handshake import HandShake
"""
In this example the RSA keys are static
On every new handshake the same private keys are used
the public keys were exchanged insecurely
you can verify you are communicating with the same node you got the keys from
you are still vulnerable to MitM on initial connection
"""
path_to_bob_key = "bob.asc"
path_to_alice_key = "alice.asc"
bob = HandShake(path_to_bob_key)
alice = HandShake(path_to_alice_key)
#### Insecure communication starts here
def do_the_shake(alice, bob):
# exchange public keys over any insecure channel
# trust on first use
if not bob.target_key:
bob.load_public(alice.pubkey)
print("Bob now trusts Alice")
# NOTE you probably want to save this (tied to an identity) and load
# it before the next handshake, that's out of scope for this example
if not alice.target_key:
alice.load_public(bob.pubkey)
print("Alice now trusts Bob")
# exchange handshakes (encrypted with pubkey) over any insecure channel
alice_shake = alice.generate_handshake()
bob_shake = bob.generate_handshake()
# read and verify handshakes
bob.receive_and_verify(alice_shake)
alice.receive_and_verify(bob_shake)
print("Success", bob.secret.hex())
do_the_shake(alice, bob) # trust established
do_the_shake(alice, bob)
do_the_shake(alice, bob)