To install pyflo,
$ git clone https://github.com/ranchimall/pyflo
$ cd pyflo
$ sudo python3 setup.py install
- Python 3.3.3+
- secp256k1
Every message sent to the Blockchain is in hash format, and not in plain string. So we convert the message we are signing into a SHA256 hash before.
>>> import pyflo
# ADDRESS GENERATION
>>> a = pyflo.Address(address_type="P2PKH")
>>> a.address
'FTP7LL7QjhgKfqYX1pis18bCqEpZaGSRzZ'
>>> a.private_key.wif
'R8Gw2Mr3n2fY1ydB2X5gEehxHkdhboeUD6yw4wRtVKHaqAd9gdkK'
>>> a.private_key.hex
'16b6aca5ff6a3bf3a1332dd4edf87880b2883cb4fe16effd073e2e866aa141aa'
>>> a.public_key.hex
'033c30b269e2d5df229f3f0ce294b19c4f0a3a8d12280415ce41e7bd3784a619c4'
# CONVERT MESSAGE INTO SHA-256 HASH
>>> pyflo.sha256(b'vivek'.hex())
b'\xa3\xdas\x97e\x01\x81,\xd7\xb8!\xa2\x0b\xfb\t\xaf\nj\x89\x1eA\x9c\xdf\xb7a\xfb\x19\xa9,\x91BB'
>>> pyflo.sha256(b'vivek'.hex()).hex()
'a3da73976501812cd7b821a20bfb09af0a6a891e419cdfb761fb19a92c914242'
>>> msg = b'vivek'.hex()
>>> msg_hash_hex = pyflo.sha256(msg).hex()
>>> msg_hash_bytes = pyflo.sha256(msg)
>>> msg
'766976656b'
>>> msg_hash_hex
'a3da73976501812cd7b821a20bfb09af0a6a891e419cdfb761fb19a92c914242'
>>> msg_hash_bytes
b'\xa3\xdas\x97e\x01\x81,\xd7\xb8!\xa2\x0b\xfb\t\xaf\nj\x89\x1eA\x9c\xdf\xb7a\xfb\x19\xa9,\x91BB'
# SIGN AND VERIFY THE MESSAGE
>>> sig_msg_hex = pyflo.sign_message(msg_hash_hex, a.private_key.wif)
>>> pyflo.verify_signature(sig_msg_hex, a.public_key.hex, msg_hash_hex)
True
# SIGN AND VERIFY MESSAGE IN STANDARD OPERATION
>> pyflo.sign_message_standard_ops('vivek', a.private_key.wif)
'3045022039747449a6fbac008d04d763a3a62f2261d1c5a35ee6a21a8354d8757d27593802210085a4d4b9886de6d06c3563c97160c8d70f492ce56f9e00dbcd7276004369402e'
>> sig_msg_hex = pyflo.sign_message_standard_ops('vivek', a.private_key.wif)
# To verify the above signature, run the following in the console of any Standard Ops app
>> sign_msg_hex = '3045022039747449a6fbac008d04d763a3a62f2261d1c5a35ee6a21a8354d8757d27593802210085a4d4b9886de6d06c3563c97160c8d70f492ce56f9e00dbcd7276004369402e'
>> a.public_key.hex = '033c30b269e2d5df229f3f0ce294b19c4f0a3a8d12280415ce41e7bd3784a619c4'
>> floCrypto.verifySign('vivek', sig_msg_hex, a.public_key.hex)
true
The sign_message_standard_ops function verifies with RanchiMall standard operations. Things to note: The function now takes 2 parameters -
- Message in string ( not hex-encoded string)
- Private key in wif (not bytes etc.) The hex parameter has been removed as we are always returning hex in standard ops
New libraries used - hashlib The elliptical curve folder, holds the code taken from starkbank ecdsa (MIT License) no other additional dependencies
The signature generated with sign_message_standard_ops cannot be verified using purely Pyflo. Users can use the following API to verify signatures
** Python **
import requests
url = 'https://flo-sign-validator.duckdns.org'
myobj = {'floID': floID,
'pubKey': pubKey,
'message': message,
'sign': sign}
x = requests.post(url, json = myobj)
print(x.text)
** JavaScript **
fetch("https://flo-sign-validator.duckdns.org", {
method: "POST",
body: JSON.stringify({
floID: floID,
pubKey: pubKey,
message: message,
sign: sign
}),
headers: {
"Content-type": "application/json; charset=UTF-8",
},
})
.then(function (response) {
return response.json();
})
.then(function (data) {
console.log(data);
})
.catch((error) => console.error("Error:", error));
** PHP **
function callAPI($method, $url, $data){
$curl = curl_init();
switch ($method){
case "POST":
curl_setopt($curl, CURLOPT_POST, 1);
if ($data)
curl_setopt($curl, CURLOPT_POSTFIELDS, $data);
break;
case "PUT":
curl_setopt($curl, CURLOPT_CUSTOMREQUEST, "PUT");
if ($data)
curl_setopt($curl, CURLOPT_POSTFIELDS, $data);
break;
default:
if ($data)
$url = sprintf("%s?%s", $url, http_build_query($data));
}
// OPTIONS:
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_HTTPHEADER, array(
'APIKEY: 111111111111111111111',
'Content-Type: application/json',
));
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
// EXECUTE:
$result = curl_exec($curl);
curl_close($curl);
return $result;
}
$floID = $_POST['floID'];
$pubKey = $_POST['floPubKey'];
$message = $_POST['message'];
$signDataWithFlo = $_POST['signDataWithFlo'];
$data_array = array( "floID" => $floID, "pubKey" => $pubKey, "message" => $message, "sign" => $signDataWithFlo );
$make_call = callAPI('POST', 'https://flo-sign-validator.duckdns.org', json_encode($data_array));
$response = json_decode($make_call, true);
print_r($response);