~ubuntu-branches/ubuntu/wily/python-pskc/wily

Committer: Package Import Robot
Author(s): Arthur de Jong
Date: 2014-06-20 14:50:59 UTC
mfrom: (1.1.1)
Revision ID: package-import@ubuntu.com-20140620145059-cf3iwj9rnwagig43

Tags: 0.2-1

* New upstream release:
  - raise exceptions on parsing, decryption and other problems
  - support more encryption algorithms (AES128-CBC, AES192-CBC, AES256-CBC,
    TripleDES-CBC, KW-AES128, KW-AES192, KW-AES256 and KW-TripleDES) and be
    more lenient in accepting algorithm URIs
  - support all HMAC algorithms that Python's hashlib module has hash
    functions for (HMAC-MD5, HMAC-SHA1, HMAC-SHA224, HMAC-SHA256,
    HMAC-SHA384 and HMAC-SHA512)
  - support PRF attribute of PBKDF2 algorithm
* Build and install Sphinx documentation.

files added:
debian/python-pskc.doc-base

docs/changes.rst

docs/exceptions.rst

pskc/aeskw.py

pskc/exceptions.py

pskc/tripledeskw.py

tests/aes128-cbc.pskcxml

tests/aes192-cbc.pskcxml

tests/aes256-cbc.pskcxml

tests/draft-keyprov-actividentity-3des.pskcxml

tests/draft-keyprov-ocra.pskcxml

tests/draft-keyprov-securid-aes-counter.pskcxml

tests/draft-keyprov-totp.pskcxml

tests/invalid-encryption.pskcxml

tests/invalid-mac-algorithm.pskcxml

tests/invalid-mac-value.pskcxml

tests/invalid-no-mac-method.pskcxml

tests/invalid-notxml.pskcxml

tests/invalid-wrongelement.pskcxml

tests/invalid-wrongversion.pskcxml

tests/kw-aes128.pskcxml

tests/kw-aes192.pskcxml

tests/kw-aes256.pskcxml

tests/kw-tripledes.pskcxml

tests/odd-namespace.pskcxml

tests/test_aeskw.doctest

tests/test_draft_keyprov.doctest

tests/test_encryption.doctest

tests/test_invalid.doctest

tests/test_misc.doctest

tests/test_tripledeskw.doctest

tests/tripledes-cbc.pskcxml

files removed:
tests/test_minimal.doctest

files modified:
ChangeLog

NEWS

PKG-INFO

README

debian/changelog

debian/control

debian/python-pskc.docs

debian/rules

docs/encryption.rst

docs/index.rst

docs/mac.rst

docs/policy.rst

docs/usage.rst

pskc/__init__.py

pskc/encryption.py

pskc/key.py

pskc/mac.py

pskc/parse.py

pskc/policy.py

python_pskc.egg-info/PKG-INFO

python_pskc.egg-info/SOURCES.txt

python_pskc.egg-info/requires.txt

setup.cfg

setup.py

tests/rfc6030-figure10.pskcxml

tests/rfc6030-figure2.pskcxml

tests/rfc6030-figure3.pskcxml

tests/rfc6030-figure4.pskcxml

tests/rfc6030-figure5.pskcxml

tests/rfc6030-figure6.pskcxml

tests/rfc6030-figure7.pskcxml

tests/test_rfc6030.doctest

Show diffs side-by-side

added added

removed removed

docs/usage.rst

===========

The :mod:`pskc` module implements a simple and efficient API for parsing PSKC

files.

files. The :class:`~pskc.PSKC` class is used to access the file as a whole

which provides access to a list of :class:`~pskc.key.Key` instances which

contain most of the useful information from the PSKC file.

Opening a PSKC file

.. module:: pskc

Importing data from a PSKC file can be done by instantiating a :class:`PSKC`

class::

from pskc import PSKC

pskc = PSKC('somefile.pskcxml')

.. class:: PSKC(filename)

Importing data from a PSKC file can be done by instantiating a

:class:`~pskc.PSKC` class::

>>> from pskc import PSKC

>>> pskc = PSKC('somefile.pskcxml')

>>> pskc.version

'1.0'

.. class:: PSKC([filename])

The :class:`PSKC` class is used as a wrapper to access information from a

PSKC file. The whole file is parsed in one go. Instances of this class

provide the following attributes:

PSKC file.

The whole file is parsed in one go. Instances of this class provide the

following attributes: If parsing the PSKC file fails, a

:exc:`~pskc.exceptions.ParseError` exception is raised.

.. attribute:: version

The PSKC format version used. Only version ``1.0`` is currently specified

in `RFC6030 <https://tools.ietf.org/html/rfc6030#section-1.2>`__.

The PSKC format version used. Only version ``1.0`` is currently

specified in

`RFC 6030 <https://tools.ietf.org/html/rfc6030#section-1.2>`__

and supported.

.. attribute:: id

.. attribute:: keys

A list of :class:`pskc.key.Key` instances that represent the keys

A list of :class:`~pskc.key.Key` instances that represent the keys

within the PSKC file.

.. attribute:: encryption

Instance of the :class:`pskc.encryption.Encryption` class that handles

PSKC file encryption.

:class:`~pskc.encryption.Encryption` instance that handles PSKC file

encryption.

.. attribute:: mac

Instance of the :class:`pskc.mac.MAC` class that handles integrity

checking.

:class:`~pskc.mac.MAC` instance that handles integrity checking.

Examining keys

.. module:: pskc.key

The :attr:`pskc.PSKC.keys` attribute provides access to the keys contained in

the PSKC file. Instances of the :class:`Key` class provide access to a number

of attributes that provide information on the transmitted keys::

The :attr:`~pskc.PSKC.keys` attribute of a :class:`~pskc.PSKC` instance

provides access to a list of keys contained in the PSKC file. :class:`Key`

instances provide access to a number of attributes that provide information

on the transmitted keys::

pskc = PSKC('somefile.pskcxml')

first_key = pskc.keys[0]

>>> pskc = PSKC('somefile.pskcxml')

>>> first_key = pskc.keys[0]

>>> first_key.id

'some-id'

>>> first_key.algorithm

'urn:ietf:params:xml:ns:keyprov:pskc:hotp'

>>> first_key.secret

'SOME_SECRET_VALUE'

Attribute values will be ``None`` if it the value is not present in the PSKC

file.

file. If any of the :attr:`~pskc.key.Key.secret`,

:attr:`~pskc.key.Key.counter`, :attr:`~pskc.key.Key.time_offset`,

:attr:`~pskc.key.Key.time_interval` or :attr:`~pskc.key.Key.time_drift`

values are accessed while they are encrypted and decryption is unsuccessful a

:exc:`~pskc.exceptions.DecryptionError` exception is raised.

.. class:: Key()

111

112

The binary value of the transported secret key. If the key information

113

is encrypted in the PSKC file it is transparently decrypted if

possible.

114

possible. Accessing the value may raise

115

:exc:`~pskc.exceptions.DecryptionError` if decryption fails.

116

117

.. attribute:: counter

118

The event counter for event-based OTP algorithms.

119

The event counter for event-based OTP algorithms. Will also be

120

transparently decrypted and may also raise

121

:exc:`~pskc.exceptions.DecryptionError`.

122

123

.. attribute:: time_offset

100

124

101

125

The time offset offset for time-based OTP algorithms. If time intervals

102

126

are used it carries the number of time intervals passed from an

103

algorithm-dependent start point.

127

algorithm-dependent start point. Will also be transparently decrypted

128

and may also raise :exc:`~pskc.exceptions.DecryptionError`.

104

129

105

130

.. attribute:: time_interval

106

131

107

132

The time interval in seconds for time-based OTP algorithms (usually

108

``30`` or ``60``).

133

``30`` or ``60``). Will also be transparently decrypted and may also

134

raise :exc:`~pskc.exceptions.DecryptionError`.

109

135

110

136

.. attribute:: time_drift

111

137

112

138

For time-based OTP algorithms this contains the device clock drift in

113

number of intervals.

139

number of intervals. Will also be transparently decrypted and may also

140

raise :exc:`~pskc.exceptions.DecryptionError`.

114

141

115

142

.. attribute:: issuer

116

143

122

149

A reference to a pre-shared key profile agreed upon between the sending

123

150

and receiving parties. The profile information itself is not

124

151

transmitted within the container.

125

See `RFC6030 <https://tools.ietf.org/html/rfc6030#section-4.4>`__.

152

See `RFC 6030 <https://tools.ietf.org/html/rfc6030#section-4.4>`__.

126

153

127

154

.. attribute:: key_reference

128

155

142

169

.. attribute:: manufacturer

143

170

144

171

The name of the manufacturer of the device to which the key is

145

provisioned. `RFC6030 <https://tools.ietf.org/html/rfc6030#section-4.3.1>`__

172

provisioned.

173

`RFC 6030 <https://tools.ietf.org/html/rfc6030#section-4.3.1>`__

146

174

prescribes that the value is of the form ``oath.prefix`` for `OATH

147

175

Manufacturer Prefixes <http://www.openauthentication.org/oath-id/prefixes/>`_

148

176

or ``iana.organisation`` for `IANA Private Enterprise Numbers

153

181

.. attribute:: serial

154

182

155

183

The serial number of the device to which the key is provisioned.

156

Together with :attr:`manufacturer` (and perhaps :attr:`issue_no`)

157

this should uniquely identify the device.

184

Together with :attr:`manufacturer` (and possibly :attr:`issue_no`) this

185

should uniquely identify the device.

158

186

159

187

.. attribute:: model

160

188

241

269

242

270

.. attribute:: policy

243

271

244

Instance of :class:`pskc.policy.Policy` that provides key and PIN

245

policy information. See :doc:`policy`.

272

:class:`~pskc.policy.Policy` instance that provides key and PIN policy

273

information. See :doc:`policy`.

246

274

247

275

.. function:: check()

248

276

249

277

Check if any MACs in the key data embedded in the PSKC file are valid.

250

Will return a boolean or ``None`` if no MACs are defined for the key.

251

See :doc:`mac`.

278

This will return None if there is no MAC to be checked. It will return

279

True if all the MACs match. If any MAC fails a

280

:exc:`~pskc.exceptions.DecryptionError` exception is raised.

Older »