| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
| |
This ignores the namespace declarations in the generated XML files
because not all implementations on all environments write these in the
same order.
|
|
|
|
| |
This also slightly tunes the way Sphinx documentation is built.
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
This property can be use to see whether the PSKC file needs an
additional pre-shared key or passphrase to decrypt any stored
information.
|
|\ |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This adds support for creating and verifying embedded XML signatures in
PSKC files. This uses the third-party signxml library for actual signing
and verification.
The signxml library has a dependency on lxml and defusedxml (and a few
others) but all parts of python-pskc still work correctly with our
without lxml and/or defusedxml and signxml is only required when working
with embedded signatures.
This modifies the tox configuration to skip the signature checks if
singxml is not installed and to only require 100% code coverage if the
signature tests are done.
|
| | |
|
|/ |
|
|
|
|
|
|
| |
This ensures that the file descriptor is closed if we opened the file.
This is not a big problem for the script (because the script exists
anyway) but causes problems for the tests.
|
|
|
|
|
| |
This makes the old name (pin_max_failed_attemtps) available as a
deprecated property.
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds basic support for parsing the PSKC files as specified in
draft-hoyer-keyprov-portable-symmetric-key-container-00 and
draft-hoyer-keyprov-portable-symmetric-key-container-01.
It should be able to extract secrets, counters, etc. but not all
properties from the PSKC file are supported.
It is speculated that this format resembles the "Verisign PSKC format"
that some applications produce.
|
|
|
|
|
|
|
| |
This adds tests for parsing the files that are shipped as part of the
multiOTP test suite.
https://www.multiotp.net/
|
|
|
|
|
|
|
|
|
|
|
| |
This changes the way encrypted values are stored internally before being
decrypted. For example, the internal _secret property can now be a
decrypted plain value or an EncryptedValue instance instead of always
being a DataType, simplifying some things (e.g. all XML
encoding/decoding is now done in the corresponding module).
This should not change the public API but does have consequences for
those who use custom serialisers or parsers.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
The cryptography library is better supported.
This uses the functions from cryptography for AES and Triple DES
encryption, replaces the (un)padding functions that were previously
implemented in python-pskc with cryptography and uses PBKDF2
implementation from hashlib.
|
|
|
|
|
|
| |
This uses pbkdf2_hmac() from hashlib for the PBKDF2 calculation.
The downside of this is that this function is only available since
Python 2.7.8.
|
|
|
|
|
|
| |
This uses os.urandom() as a source for random data and replaces other
utility functions. This also removes one import for getting the lengths
of Tripple DES keys.
|
|
|
|
|
|
| |
This avoids a using xml.dom.minidom to indent the XML tree and keep the
attributes ordered alphabetically. This also allows for customisations
to the XML formatting.
|
|
|
|
|
| |
Some Python versions don't have the algorithms_available property but do
have the algorithms property in hashlib.
|
|
|
|
|
| |
This uses the defusedxml library if available to defend agains a number
of XML-based attacks.
|
|
|
|
|
|
|
| |
The PBKDF2 salt was saved in the wrong way (b'base64encodeddata' instead
of base64encodeddata) when using Python 3. This fixes that problem and
tests that saving and loading of a file that uses PBKDF2 key derivation
works.
|
|
|
|
|
| |
This makes minor changes to the pskc2csv script to make it more easily
testable.
|
|
|
|
|
|
| |
This allows adding an optional label to the --columns option that can be
used to output a label different from the key property name in the CSV
file header.
|
|
|
|
|
| |
This option can be used to configure the encoding of the secret in the
CSV file (still hex by default).
|
|
|
|
|
| |
This also makes a few small code formatting changes to ensure that the
flake8 tests pass.
|
| |
|
| |
|
|
|
|
|
| |
This makes KeyDerivation.algorithm and KeyDerivation.pbkdf2_prf
properties automatically normalise assigned values.
|
|
|
|
|
|
| |
This uses ElementTree.iter() instead of ElementTree.getiterator() for
going over all the child elements in the tree because the latter is
deprecated.
|
|
|
|
|
| |
This provides a read-only userid property on Key objects that uses the
key_userid or device_userid value, whichever one is defined.
|
|
|
|
| |
This also includes a few other small documentation improvements.
|
|
|
|
|
|
|
|
| |
This switches to using the hashlib.new() function to be able to use all
hashes that are available in Python (specifically RIPEMD160).
This also adds a number of tests for HMACs using test vectors from
RFC 2202, RFC 4231 and RFC 2857.
|
|
|
|
|
|
| |
This adds a number of algorithm URIs defined in RFC 6931 and also
simplifies the definition of the list of URIs. It also adds more aliases
for algorithms.
|
| |
|
| |
|
| |
|
|
|
|
| |
Have one doctest file per vendor to make tests a little more manageable.
|
|
|
|
| |
This adds tests from draft-josefsson-keyprov-pskc-yubikey-00.
|
|
|
|
|
|
| |
This adds support for parsing ActivIdentity files that conform to a very
old version of an Internet Draft. The implementation and test were based
on a file provided by Jaap Ruijgrok.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This updates the tests to use the original examples from
draft-hoyer-keyprov-pskc-algorithm-profiles-01 instead of modifying them
to fit the RFC 6030 schema (but does include some minor changes to make
them valid XML).
This adds a few additions to the parser to handle legacy challenge and
resposne encoding and a few key policy properties.
This also includes a fix for 0b757ec in the handling of the
<ChallengeFormat> element under a <Usage> element.
|
|
|
|
| |
Note that asymmetric encryption and digital signature checking has not
yet been implemented so the tests are pretty minimal.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds support for parsing most examples from
draft-ietf-keyprov-pskc-02. That file uses a few other names for
elements and attributes of the PSKC file and a few other minor
differences.
The XML parsing has been changed to allow specifying multiple matches
and the find*() functions now return the first found match.
While all examples from draft-ietf-keyprov-pskc-02 are tested support
for verifying digital signatures and asymmetric keys have not yet been
implemented.
|
| |
|