Sessionless is an attempt to make authentication handling easier for developers without traditional sessions.
Project description
Sessionless : Python
About
Sessionless is an open source authentication protocol that uses the cryptography employed by Bitcoin and Ethereum to authenticate messages sent between a client and a server. Within this protocol, you create and store a private key on the client and then use that key to sign messages; those messages are then verified by the server via the public key associated with the client. When you verify a message you also certify its provenance. Because no other secret need be shared between client and server, sessions are wholly unnecessary.
Getting Started
To install the package, run the following code within your command line interface. More information regarding release history for this package can be found here.
pip install sessionless
Development
Generating a private key
To use this package, please call a new instance of the SessionlessSecp256k1 class. Users can default to providing a private key within the class constructor. If no key is provided, a key will be randomly generated for the user.
# This will generate a random private key
# Passing a private key in hex format within the constructor will assign the value as an instance private key
sessionless = SessionlessSecp256k1()
Retrieving the private key
Users will need to supply methods to retrieve the key. If methods are not supplied, the private key will not be returned. This is to uphold security practices.
sessionless.get_private_key(saveKeys(), getKeys()) # This will return the encrypted private key
Accessing the private key by calling the parameter will throw an attribute error.
sessionless.__private_key # AttributeError: 'SessionlessSecp256k1' object has no attribute '__private_key'. Did you mean: 'get_private_key'?
Generating a public key
Users can easily generate public keys from the private key.
public_key = sessionless.get_public_key_from_private_key()
Signing messages
Users can easily sign messages by providing a message to the sign_message() method. Messages do not need to be encoded before passing them to the method. The method will return an encrypted signature that users can store as needed.
msg = {
"message": "The weather is so nice today!"
}
signature = sessionless.sign_message(msg)
Verifying messages
Users can verify messages and signatures to ensure data integrity, authenticity, and non-repudiation. Users will pass a signature, message, and an encrypted public key as parameters. If public key is not provided, a public key will be generated from the instance's private key.
res = sessionless.verify_signature(signature, msg) # Returns True
res2 = sessionless.verify_signature(signature, msg, second_primary_key) # Returns False
Associating messages
Sessionless is a practical implmentation of delegatable anonymous credentials. Users can verify that two messages are able to be associated using the associate_message() method.
res = sessionless.associate_message(primary_sig, primary_msg, primary_public_key, secondary_sig, secondary_msg, secondary_public_key) # Returns either True or False
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for sessionless-0.0.2-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | dadda21ebfef28b9d16e26b95dc1248f86a6a68cc5133eb71f54be3c5016f47f |
|
MD5 | b50eba94485c73896405063f685f6337 |
|
BLAKE2b-256 | 0704f37f4464b3e52806942114933bf68aa6798118aef60f903bb3f4104318ec |