No project description provided
Project description
pyattest
pyattest provides a common interface that helps you verify attestations from either Google or Apple. The package works standalone but if you use django and need a full implementation with key generation and storage then django-dreiattest could be of interest for you.
Installation
pyattest is available on PyPI and can be installed via $ python -m pip install pyattest
Usage
In it's most basic form you can create either a GoogleConfig
, GooglePlayIntegrityApiConfig
or AppleConfig
instance, create an Attestation
and verify it.
Google Play Integrity API
The following parameters are important:
decryption_key
: A Base64 encoded AES key secret as described hereverification_key
: A Base64 encoded public key as described hereapk_package_name
: Name of your apkattest
: The jwt object string representing the attestation, which is a jws nested in a jwe objectnonce
: The nonce used to create the attestation
config = GooglePlayIntegrityApiConfig(
decryption_key=[decryption_key],
verification_key=[decryption_key],
apk_package_name='ch.dreipol.demo',
production=True
)
attestation = Attestation(attest, nonce, config)
try:
attestation.verify()
except PyAttestException as exception:
# Do your thing
pass
Google (Legacy: SafetyNet)
The following parameters are important:
key_id
: A Base64 encoded SHA-256 hash of your apps certificateapk_package_name
: Name of your apkproduction
: Ignores basic integrity and cts profile check ifFalse
attest
: The jws object string representing the attestationnonce
: The nonce used to create the attestation
config = GoogleConfig(key_ids=[key_id], apk_package_name='ch.dreipol.demo', production=True)
attestation = Attestation(attest, nonce, config)
try:
attestation.verify()
except PyAttestException as exception:
# Do your thing
pass
Apple
The following parameters are important:
key_id
: SHA-256 hash of the public key form the cert you got back from the attestationapp_id
: Your app’s App ID, which is the concatenation of your 10-digit team identifier, a period, and your app’s CFBundleIdentifier valueproduction
: Checks for the appropriateaaguid
attest
: The apple attestation as binarynonce
: The nonce used to create the attestation
config = AppleConfig(key_id=key_id, app_id='1234ABCDEF.ch.dreipol.demo', production=True)
attestation = Attestation(attest, nonce, config)
try:
attestation.verify()
except PyAttestException as exception:
# Do your thing
pass
Assertion
Once you verified and obtained a public key, you can use it to assert
further requests. For a full implementation on how to get to the public key check out django-dreiattest. To check if an assertion
is valid we check if it was signed with given pem_key
.
assertion
: Raw bytes of the assertion you want to testexpected_hash
: The hash we want to compare the signature againstpem_key
: The public key to verify the signatureconfig
: AAppleConfig
orGoogleConfig
instance
assertion = Assertion(assertion, expected_hash, pem_key, config)
assertion.verify()
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for pyattest-0.0.12-py2.py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 08491f231890ffe3ab11077724c57452e25003916507293d63bb5747eb2e24c6 |
|
MD5 | 308a6e2b97b83a99efb6f4de59c91207 |
|
BLAKE2b-256 | 1c8c4df4c9944b5c4431e352b27f72b47e53a1302bd729f1447f5cfdd0373c5f |