Python based U2F host library
Project description
== u2flib-host ==
Provides library functionality for communicating with a U2F device over USB.
Two executables are provided, u2f-register and u2f-authenticate, which support
the register and authenticated commands of U2F as defined in the
http://fidoalliance.org/specifications/download[FIDO specifications].
=== License ===
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
=== Installation ===
u2flib-host is installable by running the following command:
# pip install python-u2flib-host
Under Linux you will need to add a Udev rule to be able to access the U2F
device, or run as root. For example, the Udev rule may contain the following:
----
#Udev rule for allowing HID access to Yubico devices for U2F support.
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", \
MODE="0664", GROUP="plugdev", ATTRS{idVendor}=="1050"
----
=== Dependencies ===
To support HID devices, u2flib-host uses hidapi, which has a few dependencies
for building. On a Debian based system, run the following command before
installation:
# apt-get install build-essential python-dev cython libusb-1.0-0-dev \
libudev-dev
The soft U2F device implementation requires M2Crypto. On Debian based systems
it is easiest installed using:
# apt-get install python-m2crypto
=== Examples ===
==== Library use ====
[source, python]
----
from u2flib_host import u2f, exc
# Enumerate available devices
devices = u2f.list_devices()
for device in devices:
# The with block ensures that the device is opened and closed.
with device as dev:
# Register the device with some service
registrationResponse = u2f.register(device, registrationRequest, facet)
----
==== Executable use ====
The examples below use the soft U2F device to register and authenticate against
the u2f_server example server from the
http://developers.yubico.com/python-u2flib-server[python-u2flib-server] project.
See that project for more details.
The register step will create a new U2F key pair and store the credential in
the soft_device.json file. The authenticate step will use this credential to
sign a challenge given by the server.
===== Registration =====
The u2f-register command takes a RegisterRequest JSON object as input,
registering the attached device and returns the registration response as
output.
----
$ u2f-register -s soft_device.json http://localhost:8081
Enter RegisterRequest JSON data...
{"challenge": "K0aDxsacDNqrzlaGyLZoFYbXvCJcdIhq0SSaMz-lsV4", "version": "U2F_V2", "appId": "http://localhost:8081"}
Touch the U2F device you wish to register...
[{"clientData": "eyJvcmlnaW4iOiAiaHR0cDovL2xvY2FsaG9zdDo4MDgxIiwgImNoYWxsZW5nZSI6ICJLMGFEeHNhY0ROcXJ6bGFHeUxab0ZZYlh2Q0pjZElocTBTU2FNei1sc1Y0IiwgInR5cCI6ICJuYXZpZ2F0b3IuaWQuZmluaXNoRW5yb2xsbWVudCJ9", "registrationData": "BQTGnJVILHhzuTKg2XClCM5TJjF2WeK4fp9i6fj3VywzOk3d-O1sNaapAUPh-1GxoVCMY6s_jimP-nKqnZT-MGOCQIGD9Hs4qBCXMbfOPfzuB5zhFcOD95ddve67HXV8QeyPDKPZS5zDogvWyl8l4Tv2XRWGo4_6cAPPM4dPZcMreagwggGHMIIBLqADAgECAgkAmb7osQyi7BwwCQYHKoZIzj0EATAhMR8wHQYDVQQDDBZZdWJpY28gVTJGIFNvZnQgRGV2aWNlMB4XDTEzMDcxNzE0MjEwM1oXDTE2MDcxNjE0MjEwM1owITEfMB0GA1UEAwwWWXViaWNvIFUyRiBTb2Z0IERldmljZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDvhl91zfpg9n7DeCedcQ8gGXUnemiXoi-JEAxz-EIhkVsMPAyzhtJZ4V3CqMZ-MOUgICt2aMxacMX9cIa8dgS2jUDBOMB0GA1UdDgQWBBQNqL-TV04iaO6mS5tjGE6ShfexnjAfBgNVHSMEGDAWgBQNqL-TV04iaO6mS5tjGE6ShfexnjAMBgNVHRMEBTADAQH_MAkGByqGSM49BAEDSAAwRQIgXJWZdbvOWdhVaG7IJtn44o21Kmi8EHsDk4cAfnZ0r38CIQD6ZPi3Pl4lXxbY7BXFyrpkiOvCpdyNdLLYbSTbvIBQOTBEAiBk3N3-gH2WPhR7EOq2-vEqrC1EZXgYs7fofhYTNk9jqwIgcAVRCeXfCLfLO7X71vKVeXaRQKCJgvmRZdB8PoPVdjw"}]
----
===== Authentication =====
The u2f-authenticate command takes an AuthenticateRequest JSON object as
input, and returns the AuthenticateResponse as output.
----
$ u2f-authenticate -s soft_device.json http://localhost:8081
Enter AuthenticateRequest JSON data...
{"keyHandle": "gYP0ezioEJcxt849_O4HnOEVw4P3l1297rsddXxB7I8Mo9lLnMOiC9bKXyXhO_ZdFYajj_pwA88zh09lwyt5qA", "challenge": "zCfLJtWyaCk86Awi5VFtT7hhLk5yncYppYC0z2Q5xxo", "version": "U2F_V2", "appId": "http://localhost:8081"}
{"clientData": "eyJvcmlnaW4iOiAiaHR0cDovL2xvY2FsaG9zdDo4MDgxIiwgImNoYWxsZW5nZSI6ICJ6Q2ZMSnRXeWFDazg2QXdpNVZGdFQ3aGhMazV5bmNZcHBZQzB6MlE1eHhvIiwgInR5cCI6ICJuYXZpZ2F0b3IuaWQuZ2V0QXNzZXJ0aW9uIn0", "challenge": "zCfLJtWyaCk86Awi5VFtT7hhLk5yncYppYC0z2Q5xxo", "keyHandle": "gYP0ezioEJcxt849_O4HnOEVw4P3l1297rsddXxB7I8Mo9lLnMOiC9bKXyXhO_ZdFYajj_pwA88zh09lwyt5qA", "signatureData": "AQAAAAEwRAIgK8HLGu8SQNPC3hI1700RsTtyXLlsn9_1sEcIcobhDi0CIFzduJ5IdGus-I-ieHTX1R-1xRCA0e29I9kChKbkkIzF"}
----
Provides library functionality for communicating with a U2F device over USB.
Two executables are provided, u2f-register and u2f-authenticate, which support
the register and authenticated commands of U2F as defined in the
http://fidoalliance.org/specifications/download[FIDO specifications].
=== License ===
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
=== Installation ===
u2flib-host is installable by running the following command:
# pip install python-u2flib-host
Under Linux you will need to add a Udev rule to be able to access the U2F
device, or run as root. For example, the Udev rule may contain the following:
----
#Udev rule for allowing HID access to Yubico devices for U2F support.
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", \
MODE="0664", GROUP="plugdev", ATTRS{idVendor}=="1050"
----
=== Dependencies ===
To support HID devices, u2flib-host uses hidapi, which has a few dependencies
for building. On a Debian based system, run the following command before
installation:
# apt-get install build-essential python-dev cython libusb-1.0-0-dev \
libudev-dev
The soft U2F device implementation requires M2Crypto. On Debian based systems
it is easiest installed using:
# apt-get install python-m2crypto
=== Examples ===
==== Library use ====
[source, python]
----
from u2flib_host import u2f, exc
# Enumerate available devices
devices = u2f.list_devices()
for device in devices:
# The with block ensures that the device is opened and closed.
with device as dev:
# Register the device with some service
registrationResponse = u2f.register(device, registrationRequest, facet)
----
==== Executable use ====
The examples below use the soft U2F device to register and authenticate against
the u2f_server example server from the
http://developers.yubico.com/python-u2flib-server[python-u2flib-server] project.
See that project for more details.
The register step will create a new U2F key pair and store the credential in
the soft_device.json file. The authenticate step will use this credential to
sign a challenge given by the server.
===== Registration =====
The u2f-register command takes a RegisterRequest JSON object as input,
registering the attached device and returns the registration response as
output.
----
$ u2f-register -s soft_device.json http://localhost:8081
Enter RegisterRequest JSON data...
{"challenge": "K0aDxsacDNqrzlaGyLZoFYbXvCJcdIhq0SSaMz-lsV4", "version": "U2F_V2", "appId": "http://localhost:8081"}
Touch the U2F device you wish to register...
[{"clientData": "eyJvcmlnaW4iOiAiaHR0cDovL2xvY2FsaG9zdDo4MDgxIiwgImNoYWxsZW5nZSI6ICJLMGFEeHNhY0ROcXJ6bGFHeUxab0ZZYlh2Q0pjZElocTBTU2FNei1sc1Y0IiwgInR5cCI6ICJuYXZpZ2F0b3IuaWQuZmluaXNoRW5yb2xsbWVudCJ9", "registrationData": "BQTGnJVILHhzuTKg2XClCM5TJjF2WeK4fp9i6fj3VywzOk3d-O1sNaapAUPh-1GxoVCMY6s_jimP-nKqnZT-MGOCQIGD9Hs4qBCXMbfOPfzuB5zhFcOD95ddve67HXV8QeyPDKPZS5zDogvWyl8l4Tv2XRWGo4_6cAPPM4dPZcMreagwggGHMIIBLqADAgECAgkAmb7osQyi7BwwCQYHKoZIzj0EATAhMR8wHQYDVQQDDBZZdWJpY28gVTJGIFNvZnQgRGV2aWNlMB4XDTEzMDcxNzE0MjEwM1oXDTE2MDcxNjE0MjEwM1owITEfMB0GA1UEAwwWWXViaWNvIFUyRiBTb2Z0IERldmljZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDvhl91zfpg9n7DeCedcQ8gGXUnemiXoi-JEAxz-EIhkVsMPAyzhtJZ4V3CqMZ-MOUgICt2aMxacMX9cIa8dgS2jUDBOMB0GA1UdDgQWBBQNqL-TV04iaO6mS5tjGE6ShfexnjAfBgNVHSMEGDAWgBQNqL-TV04iaO6mS5tjGE6ShfexnjAMBgNVHRMEBTADAQH_MAkGByqGSM49BAEDSAAwRQIgXJWZdbvOWdhVaG7IJtn44o21Kmi8EHsDk4cAfnZ0r38CIQD6ZPi3Pl4lXxbY7BXFyrpkiOvCpdyNdLLYbSTbvIBQOTBEAiBk3N3-gH2WPhR7EOq2-vEqrC1EZXgYs7fofhYTNk9jqwIgcAVRCeXfCLfLO7X71vKVeXaRQKCJgvmRZdB8PoPVdjw"}]
----
===== Authentication =====
The u2f-authenticate command takes an AuthenticateRequest JSON object as
input, and returns the AuthenticateResponse as output.
----
$ u2f-authenticate -s soft_device.json http://localhost:8081
Enter AuthenticateRequest JSON data...
{"keyHandle": "gYP0ezioEJcxt849_O4HnOEVw4P3l1297rsddXxB7I8Mo9lLnMOiC9bKXyXhO_ZdFYajj_pwA88zh09lwyt5qA", "challenge": "zCfLJtWyaCk86Awi5VFtT7hhLk5yncYppYC0z2Q5xxo", "version": "U2F_V2", "appId": "http://localhost:8081"}
{"clientData": "eyJvcmlnaW4iOiAiaHR0cDovL2xvY2FsaG9zdDo4MDgxIiwgImNoYWxsZW5nZSI6ICJ6Q2ZMSnRXeWFDazg2QXdpNVZGdFQ3aGhMazV5bmNZcHBZQzB6MlE1eHhvIiwgInR5cCI6ICJuYXZpZ2F0b3IuaWQuZ2V0QXNzZXJ0aW9uIn0", "challenge": "zCfLJtWyaCk86Awi5VFtT7hhLk5yncYppYC0z2Q5xxo", "keyHandle": "gYP0ezioEJcxt849_O4HnOEVw4P3l1297rsddXxB7I8Mo9lLnMOiC9bKXyXhO_ZdFYajj_pwA88zh09lwyt5qA", "signatureData": "AQAAAAEwRAIgK8HLGu8SQNPC3hI1700RsTtyXLlsn9_1sEcIcobhDi0CIFzduJ5IdGus-I-ieHTX1R-1xRCA0e29I9kChKbkkIzF"}
----
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
python-u2flib-host-2.2.0.tar.gz
(21.9 kB
view hashes)
