MadMode

Dan Connolly's tinkering lab notebook

A step forward with python and sshagent, and a walk around gnome security tools

At the August PAW meeting, I dropped a pointer in IRC to sshAuth.py, my attempt to use sshagent to make digital signatures. I started on it 2003/09, and I banged my head against a while for quite a while trying to get it to work.

Last night, while noodling on calendar synchronization and delegation, I took another run at the problem; this time, it worked! Thanks to paramiko:


from paramiko import Agent, RSAKey, Message
import Crypto.Util.randpool
import binascii

data = "hoopy" # data to sign
user = "connolly" # salt to taste

# get my public key
authkeys = file("/home/%s/.ssh/authorized_keys" % user)
authkeys.next() # skip 1st one
keyd = authkeys.next()
tn, uu, other = keyd.split()
keyblob = binascii.a2b_base64(uu)
pubkey = RSAKey(Message(keyblob))

pool = Crypto.Util.randpool.RandomPool()
a = Agent()
agtkey = a.get_keys()[0]
sigblob = agtkey.sign_ssh_data(pool, data)

print pubkey.verify_ssh_sig(data, Message(sigblob))

That skip 1st one bit took me a while to figure out. I have 2 keys in my ~/.ssh/authorized_keys file. I wonder if sshAuth.py would work with that fix.

I also took a look at the state-of-the art in password agents and managers for gnome. revelation looks interesting. I'm still hoping for something like OpenID/SXIP integrated with password managers like the OSX keychain.

I took notes in the #swig channel while I was at it. I got a kick out of this exchange:

 
04:44:59 <Ontogon_> dan, are you talking to yourself?
04:45:32 <dajobe> he's talking to the web