In [None]:
from nuc.payer import Payer
from nuc.builder import NucTokenBuilder
from nuc.nilauth import NilauthClient
from nuc.envelope import NucTokenEnvelope
from nuc.token import Command, Did, InvocationBody, DelegationBody
from nuc.validate import NucTokenValidator
from cosmpy.crypto.keypairs import PrivateKey as NilchainPrivateKey
from cosmpy.aerial.wallet import LocalWallet
from cosmpy.aerial.client import LedgerClient, NetworkConfig
from secp256k1 import PrivateKey as NilAuthPrivateKey
import base64
import datetime


def get_wallet():
    keypair = NilchainPrivateKey("U8LrusERG5Z30Dagnjm3/aNe53l/M6MBenW+mA3xwO4=")
    wallet = LocalWallet(keypair, prefix="nillion")
    return wallet, keypair


def get_private_key():
    private_key = NilAuthPrivateKey(
        base64.b64decode("U8LrusERG5Z30Dagnjm3/aNe53l/M6MBenW+mA3xwO4=")
    )
    return private_key


builder_private_key = get_private_key()

wallet, keypair = get_wallet()
address = wallet.address()
print("Paying for wallet:", wallet.address())

cfg = NetworkConfig(
    chain_id="nillion-chain-devnet",
    url="grpc+http://localhost:30649",
    fee_minimum_gas_price=1,
    fee_denomination="unil",
    staking_denomination="unil",
)

ledger_client = LedgerClient(cfg)

balances = ledger_client.query_bank_balance(address, "unil")

print(f"Wallet balance: {balances} unil")
print("[>] Creating nilauth client")
nilauth_client = NilauthClient("http://localhost:30921")

print("[>] Creating payer")
payer = Payer(
    wallet_private_key=keypair,
    chain_id="nillion-chain-devnet",
    grpc_endpoint="http://localhost:30649",
    gas_limit=1000000000000,
)
# Pretty print the subscription details
subscription_details = nilauth_client.subscription_status(builder_private_key)
print(f"IS SUBSCRIBED: {subscription_details.subscribed}")


if not subscription_details.subscribed:
    print("[>] Paying for subscription")
    nilauth_client.pay_subscription(
        key=builder_private_key,
        payer=payer,
    )
else:
    print("[>] Subscription is already paid for")

    print(
        f"EXPIRES IN: {subscription_details.details.expires_at - datetime.datetime.now(datetime.timezone.utc)}"
    )
    print(
        f"CAN BE RENEWED IN: {subscription_details.details.renewable_at - datetime.datetime.now(datetime.timezone.utc)}"
    )
nilauth_public_key = Did(nilauth_client.about().public_key.serialize())

print(f"Nilauth Public Key: {nilauth_public_key}")

Paying for wallet: nillion1xllevsf8c76za7p84hc98ytzu2zskd8s6dqay5
Wallet balance: 999967000000 unil
[>] Creating nilauth client
[>] Creating payer
IS SUBSCRIBED: False
[>] Paying for subscription
Wallet funds:  999967000000
Nilauth Public Key: did:nil:03520e70bd97a5fa6d70c614d50ee47bf445ae0b0941a1d61ddd5afa022b97ab14


In [2]:
delegated_key = NilAuthPrivateKey()
print("New Private Key: ", delegated_key.serialize())
print("Delegated Key: ", delegated_key.pubkey.serialize().hex())

nilai_public_key = NilAuthPrivateKey()

print("New Private Key: ", nilai_public_key.serialize())
print("Delegated Key: ", nilai_public_key.pubkey.serialize().hex())

New Private Key:  eb540d7477890364fe0c88159d550cf79d5d7944b826d5f31f1767ddecbb89bc
Delegated Key:  0230b806939879096581cba908d411cb13ae6568a1b39cedd88765ed4a66f08e68
New Private Key:  aa9c6d8808d1fec4bfd85821821b675ebdbc9a756ed9998ca7e666d2a7caabc1
Delegated Key:  03cf80bed14919fdafce672893733b0af7bf4d7b5c99ab1c1f7d537060a6ffe95f


In [3]:
root_token = nilauth_client.request_token(key=builder_private_key)
print(f"Root Token: {root_token}")
root_token_envelope = NucTokenEnvelope.parse(root_token)
print(f"Root Token Envelope: {root_token_envelope}")

Root Token: eyJhbGciOiJFUzI1NksifQ.eyJpc3MiOiJkaWQ6bmlsOjAzNTIwZTcwYmQ5N2E1ZmE2ZDcwYzYxNGQ1MGVlNDdiZjQ0NWFlMGIwOTQxYTFkNjFkZGQ1YWZhMDIyYjk3YWIxNCIsImF1ZCI6ImRpZDpuaWw6MDNhZWZmNmY0YjQ0Yzk1ZDA5NmE5ZjEyNDZjZWFmNDViNGE5MGU4NzY4MDVmZjBhNGZkNmJjNDA5YmViNzNmNTcxIiwic3ViIjoiZGlkOm5pbDowM2FlZmY2ZjRiNDRjOTVkMDk2YTlmMTI0NmNlYWY0NWI0YTkwZTg3NjgwNWZmMGE0ZmQ2YmM0MDliZWI3M2Y1NzEiLCJleHAiOjE3NDUzMzc3OTEsImNtZCI6Ii9uaWwiLCJwb2wiOltdLCJub25jZSI6IjY0MjAyYzlmZTFlZTJlZWExNzJjMDQ1YWI0ODc0MjlmIiwicHJmIjpbXX0.BAAHSDM0RP8Xci0ifOKaPPbEdUS3pQG-e6vv6oCIN2RIuoBdlCABtFCpXi5mEGUsU_pcZ4zRVNxSbV-pqkSA4Q
Root Token Envelope: <nuc.envelope.NucTokenEnvelope object at 0x105c22600>


In [4]:
delegated_token = (
    NucTokenBuilder.extending(root_token_envelope)
    .body(DelegationBody(policies=[]))
    .audience(Did(delegated_key.pubkey.serialize()))
    .command(Command(["nil", "ai", "generate"]))
    .build(builder_private_key)
)

print(f"Delegation Token: {delegated_token}")

delegated_token_envelope = NucTokenEnvelope.parse(delegated_token)

print("Delegated Token Envelope: ", delegated_token_envelope)

print("Validating Delegated Token Envelope")
NucTokenValidator([nilauth_public_key]).validate(delegated_token_envelope)

Delegation Token: eyJhbGciOiJFUzI1NksifQ.eyJpc3MiOiAiZGlkOm5pbDowM2FlZmY2ZjRiNDRjOTVkMDk2YTlmMTI0NmNlYWY0NWI0YTkwZTg3NjgwNWZmMGE0ZmQ2YmM0MDliZWI3M2Y1NzEiLCAiYXVkIjogImRpZDpuaWw6MDIzMGI4MDY5Mzk4NzkwOTY1ODFjYmE5MDhkNDExY2IxM2FlNjU2OGExYjM5Y2VkZDg4NzY1ZWQ0YTY2ZjA4ZTY4IiwgInN1YiI6ICJkaWQ6bmlsOjAzYWVmZjZmNGI0NGM5NWQwOTZhOWYxMjQ2Y2VhZjQ1YjRhOTBlODc2ODA1ZmYwYTRmZDZiYzQwOWJlYjczZjU3MSIsICJjbWQiOiAiL25pbC9haS9nZW5lcmF0ZSIsICJwb2wiOiBbXSwgIm5vbmNlIjogIjNjZWU0OTBkMjM3YWQ4NTg1NThmZDMzZGViNGU0ZjkyIiwgInByZiI6IFsiMjczOTBjZmVkZmUyZGIxODJmYWM0ZjEyYTI0ZDc1NjczMTljNzU3NTg0MDMyNWM3YWI0NmQwOGZkZjQxZjUyNSJdfQ.UB6061VreW9a2hy03M6IWq9TjbpZgPuW4pj3HO3ziXEQ_XKasp--Q-rksEZ6VGQ72I7XS3Q3XV75b1kO7DxRYw/eyJhbGciOiJFUzI1NksifQ.eyJpc3MiOiJkaWQ6bmlsOjAzNTIwZTcwYmQ5N2E1ZmE2ZDcwYzYxNGQ1MGVlNDdiZjQ0NWFlMGIwOTQxYTFkNjFkZGQ1YWZhMDIyYjk3YWIxNCIsImF1ZCI6ImRpZDpuaWw6MDNhZWZmNmY0YjQ0Yzk1ZDA5NmE5ZjEyNDZjZWFmNDViNGE5MGU4NzY4MDVmZjBhNGZkNmJjNDA5YmViNzNmNTcxIiwic3ViIjoiZGlkOm5pbDowM2FlZmY2ZjRiNDRjOTVkMDk2YTlmMTI0NmNlYWY0NWI0YTkwZT

In [5]:
invocation = (
    NucTokenBuilder.extending(root_token_envelope)
    .body(InvocationBody(args={}))
    .audience(Did(nilai_public_key.pubkey.serialize()))
    .build(builder_private_key)
)

print("Invocation: ", invocation)
print("--------------------------------")

invocation_envelope = NucTokenEnvelope.parse(invocation)

print(f"Invocation Envelope: {invocation_envelope}")

print(f"Invocation Envelope Token Proofs: {len(invocation_envelope.proofs)}")


print("Validating Invocation Envelope")
NucTokenValidator([nilauth_public_key]).validate(invocation_envelope)

Invocation:  eyJhbGciOiJFUzI1NksifQ.eyJpc3MiOiAiZGlkOm5pbDowM2FlZmY2ZjRiNDRjOTVkMDk2YTlmMTI0NmNlYWY0NWI0YTkwZTg3NjgwNWZmMGE0ZmQ2YmM0MDliZWI3M2Y1NzEiLCAiYXVkIjogImRpZDpuaWw6MDNjZjgwYmVkMTQ5MTlmZGFmY2U2NzI4OTM3MzNiMGFmN2JmNGQ3YjVjOTlhYjFjMWY3ZDUzNzA2MGE2ZmZlOTVmIiwgInN1YiI6ICJkaWQ6bmlsOjAzYWVmZjZmNGI0NGM5NWQwOTZhOWYxMjQ2Y2VhZjQ1YjRhOTBlODc2ODA1ZmYwYTRmZDZiYzQwOWJlYjczZjU3MSIsICJjbWQiOiAiL25pbCIsICJhcmdzIjoge30sICJub25jZSI6ICI1MDcwMjM4MWVjYzRmNTk0YTg4NmEwZjQ2OWRiMjRmNyIsICJwcmYiOiBbIjI3MzkwY2ZlZGZlMmRiMTgyZmFjNGYxMmEyNGQ3NTY3MzE5Yzc1NzU4NDAzMjVjN2FiNDZkMDhmZGY0MWY1MjUiXX0.qV-Urb8exWFwLOzbMNH7N0Fq-Cj7BFQcMWsm2ahdnbJncDz5BTzVsHMBPEJ96sOd2AFcL2i7SqbRm4CL0Jam3w/eyJhbGciOiJFUzI1NksifQ.eyJpc3MiOiJkaWQ6bmlsOjAzNTIwZTcwYmQ5N2E1ZmE2ZDcwYzYxNGQ1MGVlNDdiZjQ0NWFlMGIwOTQxYTFkNjFkZGQ1YWZhMDIyYjk3YWIxNCIsImF1ZCI6ImRpZDpuaWw6MDNhZWZmNmY0YjQ0Yzk1ZDA5NmE5ZjEyNDZjZWFmNDViNGE5MGU4NzY4MDVmZjBhNGZkNmJjNDA5YmViNzNmNTcxIiwic3ViIjoiZGlkOm5pbDowM2FlZmY2ZjRiNDRjOTVkMDk2YTlmMTI0NmNlYWY0NWI0YTkwZTg3NjgwNWZmMGE0ZmQ2Ym

In [6]:
invocation_envelope.token.token.subject

Did(public_key=b'\x03\xae\xffoKD\xc9]\tj\x9f\x12F\xce\xafE\xb4\xa9\x0e\x87h\x05\xff\nO\xd6\xbc@\x9b\xebs\xf5q')

In [21]:
from base64 import b64encode, b64decode
from secp256k1 import PrivateKey, PublicKey

# Generate a new private key
private_key = PrivateKey()
public_key = private_key.pubkey

# Serialize the public key to base64 (compressed form)
verifying_key = b64encode(public_key.serialize()).decode()
print("Public Key (base64):", verifying_key)

# Message to sign
message = b"Hello secp256k1"

# Sign the message
signature = private_key.ecdsa_sign(message)
serialized_sig = private_key.ecdsa_serialize(signature)

# Encode the signature to base64 for transmission/storage
sig_base64 = b64encode(serialized_sig).decode()
print("Signature (base64):", sig_base64)


# Verify the signature
is_valid = public_key.ecdsa_verify(message, signature)
print("Is the signature valid?", is_valid)

Public Key (base64): A/1ubGp+RMoFrhD5ahy0zf5PszhzmoZbbNjV2SrZ+xtg
Signature (base64): MEQCIGco8+RDttKxejy0eBrbaCgQTRJpERO3X1LamVfL0hv8AiArle4uJ8SErO0v1q5deaEHSI35/yOesM3lah/wFpdBHg==
Is the signature valid? True


In [22]:
# ----------- Verification -----------

# Decode public key and signature from base64
pubkey_bytes = b64decode(verifying_key)
sig_bytes = b64decode(sig_base64)

# Reconstruct the public key object
pubkey = PublicKey(pubkey_bytes, raw=True)

# Deserialize the signature
sig = pubkey.ecdsa_deserialize(sig_bytes)

# Verify the signature
is_valid = pubkey.ecdsa_verify(message, sig)
print("Is the signature valid?", is_valid)

Is the signature valid? True


In [42]:
print(private_key.private_key)
print(private_key.serialize())
private_key.serialize().bytes()

b'\xac\xf7\xa4\x98\x1d\xd5\xa7\xf7\xef\x1e\xfd0\x07\xf3\x8d\xc41\xd1r\xbd\x04lx\x13\x0c\x83\xb5,\x16\xe1\xc3\x1d'
acf7a4981dd5a7f7ef1efd3007f38dc431d172bd046c78130c83b52c16e1c31d


AttributeError: 'str' object has no attribute 'bytes'

In [43]:
from base64 import b64encode
import os

from secp256k1 import PrivateKey, PublicKey


def generate_key_pair() -> tuple[PrivateKey, PublicKey, str]:
    """
    Generate a new key pair and return the private key, public key, and base64 encoded public key.

    Returns:
        tuple[PrivateKey, PublicKey, str]: A tuple containing the private key, public key, and base64 encoded public key.
    """
    if os.path.exists("private_key.pem"):
        with open("private_key.pem", "rb") as f:
            private_key = PrivateKey(f.read())
    else:
        private_key = PrivateKey()
        with open("private_key.pem", "wb") as f:
            f.write(private_key.private_key)

    public_key = private_key.pubkey
    b64_public_key = b64encode(public_key.serialize()).decode()

    return private_key, public_key, b64_public_key

In [57]:
generate_key_pair()

(<secp256k1.PrivateKey at 0x10ca8f1d0>,
 <secp256k1.PublicKey at 0x10ca8e900>,
 'AquGL1Q0qjyEcT4K3sjOXGDEZSzyWvO4/5essOhvQjV5')