{ "info": { "author": "Mark R. Gollnick ✝", "author_email": "mark.r.gollnick@gmail.com", "bugtrack_url": null, "classifiers": [], "description": "\ufeff\n======\npyoath\n======\n\n.. image:: https://travis-ci.org/markgollnick/pyoath.svg?branch=master\n :target: https://travis-ci.org/markgollnick/pyoath\n :alt: Build Status\n\n.. image:: https://coveralls.io/repos/markgollnick/pyoath/badge.svg?branch=master\n :target: https://coveralls.io/r/markgollnick/pyoath?branch=master\n :alt: Coverage Status\n\n|\n\n.. image:: https://raw.githubusercontent.com/markgollnick/pyoath/master/padlocks.png\n :alt: Two-Factor Authentication\n\nA Python OATH implementation.\n\nOATH is the `Initiative for Open Authentication`_ \u2014 not to be confused with\nOAuth, the Open Standard to *Authorization*, which is an entirely different\nparadigm.\n\n.. _Initiative for Open Authentication: http://www.openauthentication.org/\n\nPyoath implements the HOTP Algorithm defined in `RFC 4226`_, published in\nDecember of 2005, and the TOTP Algorithm defined in `RFC 6238`_, published in\nMay of 2011. It has been designed for both the client- and server-sides of\ntwo-factor authentication systems.\n\n.. _RFC 4226: http://www.ietf.org/rfc/rfc4226.txt\n.. _RFC 6238: http://www.ietf.org/rfc/rfc6238.txt\n\n\nRequirements\n------------\n \n* Python >= 2.7, 3.4, 3.5, 3.6\n\n\nInstallation\n------------\n\n**For Users**::\n\n pip install pyoath\n\n**For Developers**::\n\n git clone git@github.com:markgollnick/pyoath.git\n cd pyoath\n python setup.py build install\n # Alternatively...\n python setup.py sdist\n pip install dist/pyoath-*.tar.gz\n\n\nUsage\n-----\n\nOnce installed, you can use it as a script (that is, on the client-side)\u2026\n\n::\n\n $ pyoath -h\n usage: pyoath.py [-h] [--google] [--loop] secret\n\n positional arguments:\n secret shared secret [file] between client and server\n\n optional arguments:\n -h, --help show this help message and exit\n --google Google Authenticator mode (assumes secret is encoded in base32)\n --loop start an authenticator instance that will continue until killed\n\n\u2026or, you can use it as a library (that is, on the server-side)::\n\n >>> import pyoath\n >>> pyoath.HOTP(b'secret', 0)\n '814628'\n >>> pyoath.HOTP(b'secret', 1, Digit=8)\n '28533881'\n >>> pyoath.TOTP(b'secret')\n '123456'\n >>> pyoath.TOTP(b'secret', Digit=8)\n '12345678'\n >>> import hashlib\n >>> pyoath.TOTP(b'secret', Digit=8, Mode=hashlib.sha512)\n '87654321'\n\n\nExtras\n------\n\nSince most services provide their users with two-factor secret keys in the form\nof scannable `QR Codes`_, you might be interested in the following utilities:\n\n- `Open Source QR Code Library`_, a CLI tool written in Java to read QR Codes\n- pyqrcode_, a Python library offering bindings based on the above Java tool\n- BarCapture_, a GUI tool written in Java to extract the data from QR Codes\n\n.. _QR Codes: https://en.wikipedia.org/wiki/QR_code\n.. _Open Source QR Code Library: http://qrcode.sourceforge.jp/\n.. _pyqrcode: http://pyqrcode.sourceforge.net/\n.. _BarCapture: http://jaxo-systems.com/solutions/barcapture/\n\n\nAcknowledgments\n---------------\n\n- Special thanks to James Cuff for the `Java-based Google Authenticator Desktop\n Client`__, which inspired this project.\n- Special thanks to Yusuke Yanbe for the `Open Source QR Code Library`_.\n- Special thanks to Pierre G. Richard of `Jaxo Systems`_ for the BarCapture_\n tool, and for his work with barcode interpretation on mobile platforms.\n- Special thanks to OpenSSH_ for the bold notice about poor file access bits.\n- Special thanks to AJ__ for the padlock__ icons__.\n\n__ http://blog.jcuff.net/2011/02/cli-java-based-google-authenticator.html\n.. _Jaxo Systems: http://jaxo-systems.com/\n.. _OpenSSH: http://www.openssh.com/\n__ https://openclipart.org/user-detail/AJ\n__ https://openclipart.org/detail/17931/padlock-by-aj\n__ https://openclipart.org/detail/33553/open-padlock-by-anonymous\n\n\nDisclaimer\n----------\n\nTHIS IS A PROOF-OF-CONCEPT.\n\nIt is ***NOT*** recommended that you store your two-factor authentication\nsecret keys on your hard-disk, as this significantly recudes most semblances of\nsecurity that two-factor authentication provides. The whole point of two-factor\nauthentication is that a would-be attacker must jump through *two* separate\nhoops:\n\n1. (S)he must crack (or glean through hacking, social engineering, etc.) your\n password or passphrase to the system or service.\n2. (S)he must gain access to the device containing your two-factor secret key,\n which is usually your mobile phone, or a key fob which you should have on\n your person at all times.\n\nSince it\u2019s likely that the computer you use to log into your other systems and\nonline services has its own form of password caching and/or storage, storing a\nsecond secret key somewhere on the machine nullifies this idea of device\nseparation, and makes it that much easier for a would-be attacker to gain\naccess to things they shouldn\u2019t.\n\nAs it says in the license:\n\n| THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n| IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n| FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT\n| SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE\n| FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,\n| ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER\n| DEALINGS IN THE SOFTWARE.\n\nIn other words, use this software \u2014 wisely, or unwisely \u2014 at YOUR OWN RISK.\n\nNow that *that\u2019s* out of the way\u2026 however you choose to go about it, you should\nstill\n\nTwo__.\n\nFactor__.\n\nEverything__.\n\n__ https://medium.com/@N/how-i-lost-my-50-000-twitter-username-24eb09e026dd\n__ http://arstechnica.com/security/2014/03/after-n-hijack-software-engineer-starts-two-factor-authentication-directory/\n__ http://socialcustomer.com/2014/04/how-to-enable-two-factor-authentication-on-50-top-websites-including-facebook-twitter-and-others.html\n\n\nLicense\n-------\n\nBoost Software License, Version 1.0: \n", "description_content_type": null, "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/markgollnick/pyoath", "keywords": "oath", "license": "Boost Software License - Version 1.0 - August 17th, 2003\n\nPermission is hereby granted, free of charge, to any person or organization\nobtaining a copy of the software and accompanying documentation covered by\nthis license (the \"Software\") to use, reproduce, display, distribute,\nexecute, and transmit the Software, and to prepare derivative works of the\nSoftware, and to permit third-parties to whom the Software is furnished to\ndo so, all subject to the following:\n\nThe copyright notices in the Software and this entire statement, including\nthe above license grant, this restriction and the following disclaimer,\nmust be included in all copies of the Software, in whole or in part, and\nall derivative works of the Software, unless such copies or derivative\nworks are solely in the form of machine-executable object code generated by\na source language processor.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT\nSHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE\nFOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,\nARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER\nDEALINGS IN THE SOFTWARE.\n", "maintainer": "", "maintainer_email": "", "name": "pyoath", "package_url": "https://pypi.org/project/pyoath/", "platform": "", "project_url": "https://pypi.org/project/pyoath/", "project_urls": { "Homepage": "https://github.com/markgollnick/pyoath" }, "release_url": "https://pypi.org/project/pyoath/1.0.1/", "requires_dist": null, "requires_python": "", "summary": "Python OATH implementation for two-factor systems.", "version": "1.0.1" }, "last_serial": 3488089, "releases": { "1.0.0": [ { "comment_text": "", "digests": { "md5": "954b6e10310eb81a484b462378310279", "sha256": "166e839441688b1138346f163e438e9e14b4116fd53b53edfb020726e7982a43" }, "downloads": -1, "filename": "pyoath-1.0.0.tar.gz", "has_sig": true, "md5_digest": "954b6e10310eb81a484b462378310279", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 7982, "upload_time": "2015-01-22T05:40:06", "url": "https://files.pythonhosted.org/packages/7a/28/419dcbe4516cbfe026c7f7db5936db02752884af24e58de69040b3ff2190/pyoath-1.0.0.tar.gz" } ], "1.0.1": [ { "comment_text": "", "digests": { "md5": "7cc011fc44f1dd7541879fc290bb6bb4", "sha256": "1008441ba6975bb9a43bd7338a72ea62c6a61ffea3cfaebea47900769fbdd97a" }, "downloads": -1, "filename": "pyoath-1.0.1.tar.gz", "has_sig": true, "md5_digest": "7cc011fc44f1dd7541879fc290bb6bb4", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 8504, "upload_time": "2018-01-14T06:32:15", "url": "https://files.pythonhosted.org/packages/8c/e3/6605fb34cfe83b50a2be854648ba09b619050c5c942f3bd15181f678d0aa/pyoath-1.0.1.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "7cc011fc44f1dd7541879fc290bb6bb4", "sha256": "1008441ba6975bb9a43bd7338a72ea62c6a61ffea3cfaebea47900769fbdd97a" }, "downloads": -1, "filename": "pyoath-1.0.1.tar.gz", "has_sig": true, "md5_digest": "7cc011fc44f1dd7541879fc290bb6bb4", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 8504, "upload_time": "2018-01-14T06:32:15", "url": "https://files.pythonhosted.org/packages/8c/e3/6605fb34cfe83b50a2be854648ba09b619050c5c942f3bd15181f678d0aa/pyoath-1.0.1.tar.gz" } ] }