-
Notifications
You must be signed in to change notification settings - Fork 0
Home
matthiasbock edited this page Nov 22, 2012
·
15 revisions
- GPG Howto: http://www.gnupg.org/howtos/de/GPGMiniHowto-3.html
- Public key certificates: http://en.wikipedia.org/wiki/Public_key_certificate
- X.509 spec: http://www.itu.int/rec/T-REC-X.509-200811-I/en
- Python & Smartcards: http://ludovicrousseau.blogspot.de/2010/04/pcsc-sample-in-python.html
- Summary: http://wiki.python.org/moin/GnuPrivacyGuard
- pygpgme: https://launchpad.net/pygpgme
- python-gnupg: http://code.google.com/p/python-gnupg/
Login certificates are PKCS #12 formatted files, containing a public certificate (public key + user identity), formatted as X.509, bundled with the corresponding private key. They can be used by the user's web browser to automatically authenticate a user at login, without the need for the user to enter a password.
Both, key and identity are verified in this process:
- server requests authentication
- browser sends public certificate
- server accepts the user, if the certificate itself is accepted or contains a signature from an accepted party, e.g. a CA
- server demands proof of private key ownership by sending a random "challenge" text
- browser proofs private key ownership by signing the challenge with the private key and sending the signature to the server
- login successfull