diff --git a/onionr/core.py b/onionr/core.py index 9f10d762..15485dbc 100644 --- a/onionr/core.py +++ b/onionr/core.py @@ -700,8 +700,20 @@ class Core: if len(symKey) < self.requirements.passwordLength: raise onionrexceptions.SecurityError('Weak encryption key') jsonMeta = self._crypto.symmetricEncrypt(jsonMeta, key=symKey, returnEncoded=True) + data = self._crypto.symmetricEncrypt(data, key=symKey, returnEncoded=True) + signature = self._crypto.symmetricEncrypt(signature, key=symKey, returnEncoded=True) + signer = self._crypto.symmetricEncrypt(signer, key=symKey, returnEncoded=True) + elif encryptType == 'asym': + if self._utils.validatePubKey(asymPeer): + jsonMeta = self._crypto.pubKeyEncrypt(jsonMeta, asymPeer, encodedData=True) + data = self._crypto.pubKeyEncrypt(data, asymPeer, encodedData=True) + signature = self._crypto.pubKeyEncrypt(signature, asymPeer, encodedData=True) + else: + raise onionrexceptions.InvalidPubkey(asymPeer + ' is not a valid base32 encoded ed25519 key') metadata['meta'] = jsonMeta + metadata['sig'] = signature + metadata['signer'] = signer powProof = onionrproofs.POW(data) powToken = '' diff --git a/onionr/onionrcrypto.py b/onionr/onionrcrypto.py index 1b1d3192..e591c3e3 100644 --- a/onionr/onionrcrypto.py +++ b/onionr/onionrcrypto.py @@ -110,7 +110,7 @@ class OnionrCrypto: retData = key.sign(data).signature return retData - def pubKeyEncrypt(self, data, pubkey, anonymous=False, encodedData=False): + def pubKeyEncrypt(self, data, pubkey, anonymous=True, encodedData=False): '''Encrypt to a public key (Curve25519, taken from base32 Ed25519 pubkey)''' retVal = '' diff --git a/onionr/onionrexceptions.py b/onionr/onionrexceptions.py index aa00e65d..dc6485a1 100644 --- a/onionr/onionrexceptions.py +++ b/onionr/onionrexceptions.py @@ -26,6 +26,10 @@ class Unknown(Exception): class Invalid(Exception): pass +# crypto exceptions +class InvalidPubkey(Exception): + pass + # block exceptions class InvalidMetadata(Exception): pass