[tor-commits] [flashproxy/master] Encrypt the registrations using a public key belonging to the facilitator.

dcf at torproject.org dcf at torproject.org
Fri Sep 28 06:11:19 UTC 2012 

commit da32a75f2634de9ae364c9e228091a2474bf7f29
Author: David Fifield <david at bamsoftware.com>
Date:   Tue Sep 18 21:58:36 2012 -0700

    Encrypt the registrations using a public key belonging to the facilitator.
    
    This is to provide client addresses some protection against Google or
    anyone who manages to gain access to the registration account.
---
 flashproxy-reg-email |   25 ++++++++++++++++++++++---
 1 files changed, 22 insertions(+), 3 deletions(-)

diff --git a/flashproxy-reg-email b/flashproxy-reg-email
index a8f3130..bd5095a 100755
--- a/flashproxy-reg-email
+++ b/flashproxy-reg-email
@@ -12,7 +12,7 @@ import tempfile
 from hashlib import sha1
 
 try:
-    from M2Crypto import X509
+    from M2Crypto import BIO, RSA, X509
 except ImportError:
     # Defer the error reporting so that --help works even without M2Crypto.
     X509 = None
@@ -61,6 +61,20 @@ A4GBAFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y
 # hashing the public key, not the entire certificate.
 PUBKEY_SHA1 = "e341556ff3fd18e155ce30971fc93e740aa4b185".decode("hex")
 
+# openssl genrsa reg-email 2048
+# openssl rsa -pubout < reg-email > reg-email.pub
+FACILITATOR_PUBKEY_PEM = """\
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArzOJ0Ya0fVp6pcgIf2GW
+CBanFAyDygMFm9WfSwgQMf9XmMoHmI39bM4MftLjnhfmN75IT1DESFprmxca+vNA
+SYuN5rnCLcV5hcCFIHgDWRxQkDuRnQfYCZN7/lWgYUiMpU92vdlyYnP+XNVat7qw
+06tSHey2FS417zmIsNTcKUk9XhWb/uVHzOw/oCwG1wuxdUXKXLHjgwR5V17NbNwc
+FJ1qCmQeswQk44wfJHuXJiIxMgDWF6p4LH07hBrP68L1vtlOVpqVAAoi/wLUhBgZ
+WG0m/agJiktYR1qkLRNSH0afmpQn/v8kQg3T/5d0+HLECMfuBqoWEuJBACPSlA06
+5wIDAQAB
+-----END PUBLIC KEY-----
+"""
+
 class options(object):
     remote_addr = None
     email_addr = None
@@ -224,6 +238,11 @@ try:
             spec = "[" + spec + "]"
         options.remote_addr = parse_addr_spec(spec, *options.remote_addr)
 
+    body_plain = "client=%s" % format_addr(options.remote_addr)
+    rsa = RSA.load_pub_key_bio(BIO.MemoryBuffer(FACILITATOR_PUBKEY_PEM))
+    body_crypt = rsa.public_encrypt(body_plain, RSA.pkcs1_oaep_padding)
+    body = body_crypt.encode("base64")
+
     # Add a random subject to keep Gmail from threading everything.
     rand_string = os.urandom(5).encode("hex")
     smtp.sendmail(options.email_addr, options.email_addr, """\
@@ -231,12 +250,12 @@ To: %(to_addr)s\r
 From: %(from_addr)s\r
 Subject: client reg %(rand_string)s\r
 \r
-client=%(client_spec)s
+%(body)s
 """ % {
         "to_addr": options.email_addr,
         "from_addr": FROM_EMAIL_ADDRESS,
         "rand_string": rand_string,
-        "client_spec": format_addr(options.remote_addr),
+        "body": body,
     })
     smtp.quit()
 except Exception, e:

More information about the tor-commits mailing list