DEV Community

Cover image for Python Encryption with Trezor
codesharedot
codesharedot

Posted on

Python Encryption with Trezor

#python #security #blockchain

Trezor is a hardware wallet for many purposes. For instance, you can use it to encrypt/decrypt a message.

In this article you'll learn how to create a simple program that encrypts and decrypts a message with the help of the Trezor hardware wallet.

This is a terminal app, but you could create a GUI for it with PyQt.

Ill give it a try.

Setup

So how do we do that? First make sure you know the python basics. You need Python 3.x, can't go with the old 2.x. Then install trezorlib.

pip install trezor

You may also know some other modules.

Example

The program I'll make will ask the user for a message, encrypt it, and then ask for confirmation for both encrypting and decrypting.

Connect to the trezor like this:

#!/usr/bin/python3 device = get_transport() client = TrezorClient(transport=device, ui=ui.ClickUI())

Then I create functions for encryption and decryption:

#!/usr/bin/python3 def encrypt(key, value): addr = [0,1,2] enc = misc.encrypt_keyvalue(client, addr, key, value, ask_on_encrypt=True, ask_on_decrypt=True) return enc def decrypt(key, value): addr = [0,1,2] dec = misc.decrypt_keyvalue(client, addr, key, binascii.unhexlify(value), ask_on_encrypt=True, ask_on_decrypt=True) return dec

This implementation uses the AES block cipher, aka the encryption algorithm.

(yeah, we'll skip explaining the algorithm for now).

Why is that important? It means that the message length must be a multiple of 16 for the blocks. To ensure that, you can use simple padding:

plain = plain.ljust(256, ' ')

The key is hard-coded in the code

key = "password"

So what do you need Trezor for? In this implementation, you need to have the Trezor connected to decrypt and encrypt the message. Think of it like U2F.

Of course, without compiling the code an attacker could easily change it. Overall, first attempt.

In any case, don't hardcode the password.

Sums up and some more this and that:

#!/usr/bin/python3 import unittest import common import binascii from trezorlib.tools import parse_path from trezorlib import tezos, ui, device from trezorlib import messages as proto from trezorlib.transport import TransportException from trezorlib.exceptions import TrezorFailure from trezorlib import btc, coins, messages as proto, tools, ui from trezorlib.client import TrezorClient from trezorlib.transport import get_transport from trezorlib import misc device = get_transport() client = TrezorClient(transport=device, ui=ui.ClickUI()) def encrypt(key, value): addr = [0,1,2] enc = misc.encrypt_keyvalue(client, addr, key, value, ask_on_encrypt=True, ask_on_decrypt=True) return enc def decrypt(key, value): addr = [0,1,2] dec = misc.decrypt_keyvalue(client, addr, key, binascii.unhexlify(value), ask_on_encrypt=True, ask_on_decrypt=True) return dec plain = input("Enter message: ") plain = plain.ljust(256, ' ') message = plain.encode() key = "password" res = encrypt(key, message) print(res.hex()) dec = decrypt(key,res.hex()) print(dec)

Related links:

Top comments (0)