6.1.1.3.2.7. linotp.lib.crypt module¶
access to all cryptographic aspects - declare the SecretObject to encapsulate security aspects
- class linotp.lib.crypt.SecretObj(val, iv, preserve=True)[source]¶
- linotp.lib.crypt.check(st)[source]¶
calculate the checksum of st :param st: input string :return: the checksum code as 2 hex bytes
- linotp.lib.crypt.createActivationCode(acode=None, checksum=True)[source]¶
create the activation code
Parameters: - acode – activation code or None
- checksum – flag to indicate, if a checksum will be calculated
Returns: return the activation code
- linotp.lib.crypt.createNonce(len=64)[source]¶
create a nonce - which is a random string :param len: len of bytes to return :return: hext string
- linotp.lib.crypt.decrypt(input, iv, id=0)[source]¶
decrypt a variable from the given input with an initialiation vector
Parameters: - input (buffer of bytes) – buffer, which contains the crypted value
- iv (buffer (20 bytes random)) – initilaitation vector
- id (int) – contains the id of which key of the keyset should be used
Returns: decryted buffer
- linotp.lib.crypt.encrypt(data, iv, id=0)[source]¶
encrypt a variable from the given input with an initialiation vector
Parameters: - input (buffer of bytes) – buffer, which contains the value
- iv (buffer (20 bytes random)) – initilaitation vector
- id (int) – contains the id of which key of the keyset should be used
Returns: encryted buffer
- linotp.lib.crypt.get_rand_digit_str(length=16)[source]¶
return a sting of digits with a defined length using the urandom
- linotp.lib.crypt.geturandom(len=20)[source]¶
get random - from the security module
Parameters: len – len of the returned bytes - defalt is 20 bytes Tyrpe len: int Returns: buffer of bytes
- linotp.lib.crypt.kdf2(sharesecret, nonce, activationcode, len, iterations=10000, digest='SHA256', macmodule=<module 'Crypto.Hash.HMAC' from '/usr/lib/python2.7/dist-packages/Crypto/Hash/HMAC.pyc'>, checksum=True)[source]¶
key derivation function
takes the shareed secret, an activation code and a nonce to generate a new key
the last 4 btyes (8 chars) of the nonce is the salt
the last byte (2 chars) of the activation code are the checksum
- the activation code mitght contain ‘-‘ signs for grouping char blocks
aabbcc-ddeeff-112233-445566
Parameters: - sharedsecret – hexlified binary value
- nonce – hexlified binary value
- activationcode – base32 encoded value
- linotp.lib.crypt.udecode(value)[source]¶
unicode de escape the value - required to support non-unicode databases :param value: string to be deescaped :return: unicode value
- linotp.lib.crypt.uencode(value)[source]¶
unicode escape the value - required to support non-unicode databases :param value: string to be escaped :return: u encoded value
- class linotp.lib.crypt.urandom[source]¶
Bases: object
- classmethod choice(array)[source]¶
get one out of an array
Parameters: array – sequence - string or list Returns: array element
- precision = 12¶
- classmethod randint(start, end=None)[source]¶
get random integer in between of start and end
Returns: random int