def __init__(self, client_key, server_key): self.client_key = client_key self.server_key = server_key self.server_key_fprint = crypto.public_key_fingerprint(self.server_key) self.client_key_fprint = crypto.public_key_fingerprint(self.client_key) self.client_guid = None self.server_guid = None self.expires = None
def __init__(self, client_key, server_key, server_hello_url, server_confirm_url): self.key = client_key self.server_hello_url = server_hello_url self.server_confirm_url = server_confirm_url server_fp = crypto.public_key_fingerprint(server_key) self.server_id = ClientAuthenticator.Identity(server_key, server_fp) id_map = {self.server_id.fingerprint: self.server_id} self._hello_handler = HelloHandler(self.key, id_map) self._hello_response_handler = HelloResponseHandler(self.key, id_map) self._confirmation_handler = ConfirmationHandler(self.key, id_map)
def client_whatup_message(client_public_key): """ Authentication Step 1 Client sends a nonce to the server, along with a key fingerprint that identifies the client. The server has prior knowledge of the client's public key, and can look up the entire key given the fingerprint. Client: "What up, server?" """ message = {"client_key_fingerprint": public_key_fingerprint(client_public_key), "client_guid": random_guid()} return message
def server_yaheard_message(client_guid, server_public_key, expires=None): """ Authentication Step 2 Server sends its own nonce back to the client, along with the nonce the client sends. Server also sends its own identity fingerprint. Optionally, the server may send an "expires" timestamp, after which the session key will no longer be honored. While not necessarily used for a key lookup on the client side, this mitigates a Man-In-The-Middle attack on the protocol, provided the client checks that the server's fingerprint matches the key the client is using to encrypt messages for the server. Server: "Yo dogg. Here's my nonce, ya heard?" """ message = {"client_guid": client_guid, "server_guid": random_guid(), "expires": expires, "server_key_fingerprint": public_key_fingerprint(server_public_key)} return message
key_path = settings.PQAUTH_SERVER_KEY except AttributeError: msg = "You must set settings.PQUATH_SERVER_KEY" raise ImproperlyConfigured(msg) key_password = None try: key_password = settings.PQAUTH_SERVER_KEY_PASSWORD except AttributeError: pass return load_key_file(key_path, key_password) SERVER_KEY = load_server_key() SERVER_KEY_FINGERPRINT = public_key_fingerprint(SERVER_KEY) ########NEW FILE######## __FILENAME__ = models from django.contrib.auth.models import User from django.db import models from pqauth import crypto class PublicKey(models.Model): user = models.ForeignKey(User, related_name="public_keys") # keys MD5-fingerprint to 47 characters, including colons for readability fingerprint = models.CharField(max_length=64, primary_key=True) ssh_key = models.TextField()