Skip to content

Instantly share code, notes, and snippets.

Last active February 23, 2022 00:46
Show Gist options
  • Save markjenkins/42f92959f33ce6ef1296afb7781ea128 to your computer and use it in GitHub Desktop.
Save markjenkins/42f92959f33ce6ef1296afb7781ea128 to your computer and use it in GitHub Desktop.
Skullspace Board Election 2022
Elected by acclamation
Edwin Amsler
Pietra Shirley
Thor Robinson
Michael Kozakewich

The easiest way to vote is to just send your voting code ("masterkey:" prefiex) and selection of 5 candidates by email to

There's two tiers of higher privacy options.

first level of privacy

  1. Download and 2022-02-22_boardcandidates.txt . Be sure 2022-02-22_boardcandidates.txt has the candidates you want and the proper spelling.

  2. Run with python3 $ python3

  3. Choose the relevant election (board or mock)

  4. Hit enter at the sub-key prompt to accept the default

  5. Pay close attention to the candidate list presented, as it is in a random order on each run. List your preferred candidates by number, separating them with commas.

  6. The program outputs a "ballot:" line for each candidate you selected. Get those lines to Mark Jenkins in one of the following manners:

  • email or
  • use the contact form
  • PM "@Mark Jenkins" on the Skullspace slack or post to #general with a "@Mark Jenkins" mention
  • PM markjenkinssksp on #skullspace on Libera or drop in the #skullspace channel with a mention of markjenkinssksp You can opt to have someone else deliver these ballot codes in the above manners as well

second level of privacy

TODO on this section, will fill in if an election is taking place

#!/usr/bin/env python3
from __future__ import print_function
from __future__ import division
from random import SystemRandom
from base64 import b64encode
from sys import argv, version_info
if version_info[0] >= 3:
def eight_bit_int_to_byte(n):
return int.to_bytes(n, 1, 'big')
eight_bit_int_to_byte = chr
KEY_SIZE = 64 # 64 bits
assert( KEY_SIZE % 8 == 0 ) # KEY_SIZE must be a multiple of 8 bits
sysrandom = SystemRandom()
def generate_voting_code():
random_64_bits_as_bytes = b''.join(
for i in range(KEY_SIZE//8) )
return "masterkey:" + b64encode(random_64_bits_as_bytes).decode('ascii')
n_codes = 1 if len(argv) < 2 else int(argv[1])
print( '\n'.join( generate_voting_code() for i in range(n_codes) ) )
#!/usr/bin/env python3
BOARD_ELECTION_VOTE_LIMIT = 5 # at most 5 positions on the board
('2022-02-22 board', '2022-02-22_boardcandidates.txt',
('2022-02-22 mock', '2022-02-22_mockcandidates.txt',
SHORT_MASTER_KEY_LENGTH = 8 # 64 bits, 8 bytes
SUB_KEY_SIG_TRUNCATE = 8 # 64 bits, 8 bytes
MASTERKEY_PREFIX = "masterkey:"
REKEY_PREFIX = "rekey:"
BALLOT_PREFIX = "ballot:"
from random import SystemRandom
import hmac
import hashlib
import base64
import binascii
import sys
from os.path import exists
if sys.version_info[0] < 3:
print("Python 3 required. (tested on 3.5.2)")
# load candidate lists into the empty lists ELECTIONS[0][2]
# and ELECTIONS[1][2] above
for election, candidate_list_filename, candidate_list, limit in ELECTIONS:
if not exists(candidate_list_filename):
"%s was not found in current working directory" %
with open(candidate_list_filename) as f:
candidate_list.extend( line.strip() for line in f )
def create_code_signed_ballot(sub_key, vote):
ballot_hmac =, vote.encode('UTF-8'),
base_64_bytes = base64.b64encode(ballot_hmac.digest()[0:BALLOT_SIZE_BYTES])
return BALLOT_PREFIX + base_64_bytes.decode('ascii')
def valid_candidate(candidate_selection,
candidates, candidate_lookup_by_number):
if candidate_selection in candidates:
return candidate_selection
candidate_number = int(candidate_selection)
except ValueError:
return None
else: # only if conversion of candidate_selection to int works
if candidate_number in candidate_lookup_by_number:
return candidate_lookup_by_number[candidate_number]
return None
def get_valid_votes(candidates, max_votes):
candidates_enumerated = list(enumerate(candidates, 1))
candidate_lookup_by_number = dict( candidates_enumerated )
print("Vote for up to %d candidates by matching name or number, "
"seperated by comma (',')" % max_votes)
print("write-in ballots are not supported by this interface")
while True:
print() # blank line
for i, candidate in candidates_enumerated:
print("%d) %s" % (i, candidate))
candidate_selection_w_newline = input("Who are you voting for? > ")
candidate_selection = candidate_selection_w_newline.strip()
# split up the candidate selection by comma
selected_candidates = candidate_selection.split(",")
# ask again if too many were voted for or none were
if len(selected_candidates) > max_votes or len(selected_candidates) <1:
# remove any whitespace
selected_candidates = [ c.strip() for c in selected_candidates ]
# validate each candidate selection, replacing with None if
# invalid, and replacing any numbers with names
selected_candidates = [
valid_candidate(c, candidates, candidate_lookup_by_number)
for c in selected_candidates]
# verify all selected candidates came out okay, no None
if all( c !=None for c in selected_candidates ):
return selected_candidates
def get_valid_master_code():
while True:
code_w_newline = input("What's your original masterkey? > ")
mastercode_ascii = code_w_newline.strip()
if mastercode_ascii.startswith(MASTERKEY_PREFIX):
# remove masterkey: prefix
mastercode_ascii = mastercode_ascii[len(MASTERKEY_PREFIX):]
prefix_seen = True
prefix_seen = False
decoded_code = base64.b64decode(mastercode_ascii, validate=True)
except binascii.Error:
print("invalid code")
if len(decoded_code) == SHORT_MASTER_KEY_LENGTH:
print("invalid code")
print("Your code is:")
return decoded_code
def get_election_choice():
while True:
print("Which election are you voting in?")
# start enumeration at 1 so they are numbered 1), 2)...
for i, (election_name, a, b, c) in enumerate(ELECTIONS, 1):
print("%d) %s" % (i, election_name) )
election_choice = int(input("> "))
except ValueError:
if 1<= election_choice <= len(ELECTIONS):
# election_choice-1 because the UI enumerates from 1)
choice_of_election = ELECTIONS[election_choice-1]
return (
choice_of_election[0], # election name
choice_of_election[2], # candidate list
choice_of_election[3], # vote limit
) # end tuple
def get_valid_sub_key_derivation_string(election_name):
print("If you provided the election officer a sub-key derivation string "
"add it here. Otherwise, leave this blank (hit enter) or "
"type default")
rekey_prefix = REKEY_PREFIX + election_name + ' '
print("""accepted input formats for non-default are:
""" % rekey_prefix)
while True:
sub_key_derivation_string = input(
"sub-key derivation string > ").strip()
if ( sub_key_derivation_string.startswith(rekey_prefix) and
len(sub_key_derivation_string) > len(rekey_prefix) ):
return sub_key_derivation_string[ len(rekey_prefix): ]
elif sub_key_derivation_string in ("", "default", election_name):
return election_name
return sub_key_derivation_string
def main():
election_name, candidates, vote_limit = get_election_choice()
master_key_64 = get_valid_master_code()
master_key_256_sha = hashlib.sha256(master_key_64)
master_key_256 = master_key_256_sha.digest()
subkey_derivation_string = get_valid_sub_key_derivation_string(
if subkey_derivation_string == election_name:
print("you picked the default sub-key derivation string")
print("your custom sub-key derivation string was")
rekey_msg = (
REKEY_PREFIX + election_name + ' ' + subkey_derivation_string)
sub_key_hmac =
master_key_256, rekey_msg.encode('ascii'), hashlib.sha256)
sig_64 = sub_key_hmac.digest()[0:SUB_KEY_SIG_TRUNCATE]
print("your signature when you provided this to the election officer "
"was: ")
print("rekeysig:" + base64.b64encode(sig_64).decode('ascii'))
sub_key_sha256 = master_key_256_sha.copy()
sub_key = sub_key_sha256.digest()
votes = get_valid_votes(candidates, vote_limit)
print("your ballots are:")
for vote in votes:
code_signed_ballot = create_code_signed_ballot(sub_key, vote)
if __name__ == "__main__":
#!/usr/bin/env python3
ELECTIONS = ('2022-02-22 board', '2022-02-22 mock')
MASTERKEY_PREFIX = "masterkey:"
SHORT_MASTER_KEY_LENGTH = 8 # 64 bits, 8 bytes
SUB_KEY_DERIVE_LENGTH = 256//8 # 256 bits, 32 bytes
SUB_KEY_SIG_TRUNCATE = 8 # 64 bits, 8 bytes
import sys
import hmac
import binascii
from random import SystemRandom
from base64 import b64encode, b64decode
from hashlib import sha256
if sys.version_info[0] < 3:
print("Python 3 is required to run this script. Tested on 3.5.2")
def eight_bit_int_to_byte(n):
return int.to_bytes(n, 1, 'big')
def rand_bytes(num_bytes):
return b''.join(
for i in range(num_bytes))
sysrandom = SystemRandom()
mastercode_ascii = input(
"enter your master voting code (%s prefix) > " % MASTERKEY_PREFIX)
mastercode_ascii = mastercode_ascii.strip()
if mastercode_ascii.startswith(MASTERKEY_PREFIX):
# remove masterkey: prefix
mastercode_ascii = mastercode_ascii[len(MASTERKEY_PREFIX):]
prefix_seen = True
prefix_seen = False
master_key_64 = b64decode(mastercode_ascii, validate=True)
except binascii.Error:
print("invalid master voting code")
if len(master_key_64) != SHORT_MASTER_KEY_LENGTH:
print("invalid master voting code length")
if not prefix_seen:
print("master voting code accepted without %s prefix" % MASTERKEY_PREFIX)
master_key_256_sha = sha256(master_key_64)
master_key_256 = master_key_256_sha.digest()
for election in ELECTIONS:
sub_key_derive_bytes = rand_bytes(SUB_KEY_DERIVE_LENGTH)
sub_key_derive_string = b64encode(sub_key_derive_bytes).decode('ascii')
# uncomment this to test that
# rekey:2021-02-23 mock 7OJyWgwvhS8=
# results in
# rekeysig:35+MYeBRF4E=
#sub_key_derive_string = '7OJyWgwvhS8='
rekey_msg = "rekey:%s %s" %(election, sub_key_derive_string)
sub_key_hmac =, rekey_msg.encode('ascii'), sha256)
sig_64 = sub_key_hmac.digest()[0:SUB_KEY_SIG_TRUNCATE]
print("rekeysig:" + b64encode(sig_64).decode('ascii'))
Send the above rekey: and rekeysig: lines to """
"""Mark Jenkins <> prior to 2022-02-22 21:00.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment