python-teos/generate_keys.py

import os.path
from getopt import getopt
from sys import argv, exit

from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import ec


"""
Simple too to generate an ECDSA key pair using the secp256k1 curve and store it on disk.

Default output dir = .
Default key naming = teos_sk.der and teos_pk.der

The output dir and naming can be changed using the -n and -d command line options, respectively.

DISCLAIMER: Use this for testing only, using keys generated from this file in production is highly unadvised.
"""


def save_sk(sk, filename):
    der = sk.private_bytes(
        encoding=serialization.Encoding.DER,
        format=serialization.PrivateFormat.PKCS8,
        encryption_algorithm=serialization.NoEncryption(),
    )

    with open(filename, "wb") as der_out:
        der_out.write(der)


def save_pk(pk, filename):
    der = pk.public_bytes(encoding=serialization.Encoding.X962, format=serialization.PublicFormat.CompressedPoint)
    with open(filename, "wb") as der_out:
        der_out.write(der)


if __name__ == "__main__":
    name = "teos"
    output_dir = "apps"

    opts, _ = getopt(argv[1:], "n:d:", ["name", "dir"])
    for opt, arg in opts:
        if opt in ["-n", "--name"]:
            name = arg

        if opt in ["-d", "--dir"]:
            output_dir = arg

    if output_dir.endswith("/"):
        output_dir = output_dir[:-1]

    SK_FILE_NAME = "{}/{}_sk.der".format(output_dir, name)
    PK_FILE_NAME = "{}/{}_pk.der".format(output_dir, name)

    if os.path.exists(SK_FILE_NAME):
        print('A key with name "{}" already exists. Aborting.'.format(SK_FILE_NAME))
        exit(1)

    sk = ec.generate_private_key(ec.SECP256K1, default_backend())
    pk = sk.public_key()

    save_sk(sk, SK_FILE_NAME)
    save_pk(pk, PK_FILE_NAME)
    print('Saved private key "{}" and public key "{}".'.format(SK_FILE_NAME, PK_FILE_NAME))