Using a PEM keyfile instead of a DER for the signing key

2025-12-17 22:24:23 +01:00 · 2019-10-11 11:53:29 +07:00
parent 7c1d8b69c7
commit c6db6eddb3
3 changed files with 20 additions and 5 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -12,4 +12,5 @@ appointments/
 test.py
 *.pyc
 .cache
-.pytest_cache/
+.pytest_cache/
+*.pem
--- a/apps/generate_key.py
+++ b/apps/generate_key.py
@@ -1,6 +1,16 @@
 import ecdsa
+import os.path
+from sys import exit

+# Simple tool to generate an ECDSA private key using the secp256k1 curve and save it to signing_key.pem
+
+FILE_NAME = 'signing_key.pem'

 if __name__ == '__main__':
+    if os.path.exists(FILE_NAME):
+        print("A key with name \"{}\" already exists. Aborting.".format(FILE_NAME))
+        exit(1)
+
    sk = ecdsa.SigningKey.generate(curve=ecdsa.SECP256k1)
-    print(sk.to_der())
+    open(FILE_NAME, 'wb').write(sk.to_pem())
+    print("Saved key \"{}\".".format(FILE_NAME))
--- a/pisa/watcher.py
+++ b/pisa/watcher.py
@@ -1,11 +1,11 @@
 from uuid import uuid4
 from queue import Queue
 from threading import Thread
-import ecdsa
+from ecdsa import SigningKey

 from pisa.logger import Logger
 from pisa.cleaner import Cleaner
-from pisa.conf import EXPIRY_DELTA, MAX_APPOINTMENTS, SIGNING_KEY_DER
+from pisa.conf import EXPIRY_DELTA, MAX_APPOINTMENTS, SIGNING_KEY_FILE
 from pisa.responder import Responder
 from pisa.block_processor import BlockProcessor
 from pisa.utils.zmq_subscriber import ZMQHandler
@@ -22,7 +22,11 @@ class Watcher:
        self.max_appointments = max_appointments
        self.zmq_subscriber = None
        self.responder = Responder()
-        self.signing_key = ecdsa.SigningKey.from_der(SIGNING_KEY_DER) if SIGNING_KEY_DER is not None else None
+        if SIGNING_KEY_FILE is not None:
+            self.signing_key = SigningKey.from_pem(open(SIGNING_KEY_FILE).read())
+        else:
+            self.signing_key = None
+            logger.warning("No signing key provided. Appointments will not be signed.")

    def add_appointment(self, appointment):
        # Rationale: