Last active
July 17, 2023 06:29
-
-
Save kevinqz/7283e351e127ec522cf9338d59ddbc77 to your computer and use it in GitHub Desktop.
Self Sovereign Identity - SSID Python Example
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
""" | |
Digital Identity Verification | |
This script is an implementation of a digital identity in a self-sovereign identity system. | |
Self-sovereign identity refers to digital identities that are owned and controlled by the identity | |
holder themselves, rather than a centralized authority. The main concepts involved are: | |
1. Identity Creation: An identity is represented by a public-private key pair. The private key is kept | |
secret by the identity owner, while the public key is made public for others to use in verifying | |
the identity's claims. | |
2. Message Signing: The identity owner uses their private key to sign a claim (in this case, a message). | |
This creates a signature which can be used by others to verify that the claim was made by this identity. | |
3. Signature Verification: A signature against a given message is verified using the provided | |
identity's public key. If the signature was created using the corresponding private key, | |
the verification function will return True, confirming the claim made by the identity. | |
This code was authored by Kevin Saltarelli (github.com/kevinqz). | |
""" | |
from cryptography.exceptions import InvalidSignature | |
from cryptography.hazmat.primitives import serialization | |
from cryptography.hazmat.primitives.asymmetric import rsa | |
from cryptography.hazmat.primitives import hashes | |
from cryptography.hazmat.primitives.asymmetric import padding | |
from termcolor import colored | |
class Identity: | |
""" | |
Represents a digital identity with a public-private key pair. | |
""" | |
def __init__(self): | |
self.private_key = rsa.generate_private_key(public_exponent=65537, key_size=2048) | |
self.public_key = self.private_key.public_key() | |
def get_public_key(self): | |
pem = self.public_key.public_bytes( | |
encoding=serialization.Encoding.PEM, | |
format=serialization.PublicFormat.SubjectPublicKeyInfo | |
) | |
return pem | |
def sign(self, message: bytes): | |
signature = self.private_key.sign( | |
message, | |
padding.PSS(mgf=padding.MGF1(hashes.SHA256()), salt_length=padding.PSS.MAX_LENGTH), | |
hashes.SHA256() | |
) | |
return signature | |
@staticmethod | |
def verify_signature(identity, message: bytes, signature: bytes): | |
public_key = serialization.load_pem_public_key(identity.get_public_key()) | |
try: | |
public_key.verify( | |
signature, | |
message, | |
padding.PSS(mgf=padding.MGF1(hashes.SHA256()), salt_length=padding.PSS.MAX_LENGTH), | |
hashes.SHA256() | |
) | |
return True | |
except InvalidSignature as e: | |
return False | |
# Example usage | |
alice = Identity() # Alice creates her own digital identity | |
bob = Identity() # Bob does the same | |
# Alice signs a message to make a claim | |
message = b'Hello, this is Alice.' | |
signature = alice.sign(message) | |
# Bob (or anyone else) can use Alice's public key to verify the claim | |
is_valid = Identity.verify_signature(alice, message, signature) # Should be True | |
if is_valid: | |
print(colored('The claim is valid.', 'green')) | |
else: | |
print(colored('The claim is not valid.', 'red')) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment