Navigation

Integrity checking

The PSKC format allows for message authentication and integrity checking for some of the values stored within the PSKC file.

class pskc.mac.MAC
algorithm

The name of the MAC algorithm to use (currently HMAC-MD5, HMAC-SHA1, HMAC-SHA224, HMAC-SHA256, HMAC-SHA384 and HMAC-SHA512 are supported).

key

For HMAC checking, this contains the binary value of the MAC key. The MAC key is generated specifically for each PSKC file and encrypted with the PSKC encryption key, so the PSKC file should be decrypted first (see PSKC encryption).

Once the PSKC encryption key has been set up key values can be explicitly checked using the check() method:

>>> pskc = PSKC('somefile.pskcxml')
>>> pskc.encryption.derive_key('qwerty')
>>> pskc.mac.algorithm
'http://www.w3.org/2000/09/xmldsig#hmac-sha1'
>>> all(key.check() for key in pskc.keys)
True

Previous topic

PSKC encryption

Next topic

Key usage policy

Navigation

© Copyright 2014, Arthur de Jong. Last updated on Jun 19, 2014. Created using Sphinx 1.2.2.