I have an Autobahn-Python app that currently uses WAMP-Ticket and I would like to use WAMP-Cryptosign (which seems to be both easier and more secure), but I need to figure out the best way for my Python client to generate a ed25519 public/private key pair. It appears that PyNaCl can do it but that is a pretty heavy dependency to add to my client just to generate a key pair! Does anyone know of a lighter-weight package or module that can do it (preferably pure python – since all it is doing is generating the key pair one time, performance is not really an issue).
Thanks,
Steve
You can simply grab 32 bytes of random data from /dev/urandom e.g. by os.urandom(32) in Python.
PyNaCl does have a pure-python fallback if I recall? (And if you’re using wamp-cryptosign in your client you’ll end up with that dependency anyway, I think?)
Oh, to clarify: the 32 bytes of random data would be a suitable private key. You’ll need PyNaCl or similar to spit out the public key. You can also use crossbar keygen to spit out a public+private keypair in hex.
Thanks, meejah, that’s very useful! Right now I’m looking at cryptography so see if I can use that in the client to generate the keypair.
The scenario I’m hoping to implement is:
- send a new user a one-time password via email
- user uses the client to generate public+private keypair, then uses the one-time password to log into crossbar and send the public key
- a service stores the userid and public key in a local (to crossbar) credential “database” (a file or db of some kind).
I am leery of having crossbar generate the keypair because that would mean having to send the private key over the wire to the client – not so good – or else some other cumbersome process like put it on a thumb drive and give it to the user.
Thanks again for the input!
Steve
Yes, the client-side should generate the keypair; otherwise the server could retain the private key. The crossbar keygen thing is more for convenience if you’re e.g. provisioning your own machines or so.