Arthur de Jong

Open Source / Free Software developer

summaryrefslogtreecommitdiffstats
path: root/README
blob: 9384b1d0d4dcba1bfc52b1ce93c9f8b4b49e4308 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
Python module for handling PSKC files
=====================================

A Python module to handle Portable Symmetric Key Container (PSKC) files as
defined in `RFC 6030 <https://tools.ietf.org/html/rfc6030>`_. PSKC files are
used to transport and provision symmetric keys and key meta data (seed files)
to different types of crypto modules, commonly one-time password systems or
other authentication devices.

This module can be used to extract keys from PSKC files for use in an OTP
authentication system. The module can also be used for authoring PSKC files.

This module should be able to handle most common PSKC files.

https://arthurdejong.org/python-pskc/


API
---

The module provides a straightforward API that is mostly geared towards
parsing existing PSKC files.

Extracting key material from encrypted PSKC files is as simple as:

>>> from pskc import PSKC
>>> pskc = PSKC('tests/rfc6030/figure7.pskcxml')
>>> pskc.encryption.derive_key('qwerty')
>>> for key in pskc.keys:
...     print('%s %s' % (key.serial, str(key.secret.decode())))
987654321 12345678901234567890

Writing am encrypted PSKC file is as simple as:

>>> pskc = PSKC()
>>> key = pskc.add_key(
...     id='456', secret='987654321', manufacturer='Manufacturer',
...     algorithm = 'urn:ietf:params:xml:ns:keyprov:pskc:hotp')
>>> pskc.encryption.setup_pbkdf2('passphrase')
>>> pskc.write('output.pskcxml')

The key object has a number of properties. See the pskc.key.Key documentation
for details.


Security considerations
-----------------------

This code handles private key material and is written in Python. No
precautions have been taken to lock pages in memory to prevent swapping. Also
no attempt is currently made to securely dispose of memory that may have held
private key material.


Copyright
---------

Copyright (C) 2014-2017 Arthur de Jong

This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.

This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
Lesser General Public License for more details.

You should have received a copy of the GNU Lesser General Public
License along with this library; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA