Python implementation of the Tang protocol.
Tang is a server for binding data to network presence.
python-tang implements the
McCallum-Relyea key exchange, so
that the Tang server must be accessible to reconstitute the binding key.
Basic peers are implemented in tang.peers, providing a class for the role of
both client and server within the key exchange.
All cryptographic operations are implemented in tang.keys.KeyHelper, using
ECC.EccKey
from PyCryptodome. KeyHelper also provides
methods to convert to/from a JWK using python-jose and an implementation of
concatkdf from José.
The Tang protocol is implemented by tang.services.Tang. Methods for key
advertisement and recovery are implemented by this class, to be used within the
FastAPI app. Keys are loaded from the specified path at instantiation as JWKs.
Filenames with a leading dot (.) are treated as rotated keys and will not be
advertised.
python-tang is compatible with Clevis:
$ clevis encrypt tang '{"url": "http://<tang server>"}' -y <<< "Hello, world" > ciphertext
$ clevis decrypt < ciphertext
Hello, worldStart server: fastapi run tang / uvicorn tang:app
Run demonstration of key exchange: python -m tang
Run tests: python -m pytest
- PyCryptodome - Cryptographic primitives
- python-jose - JOSE implementation
- FastAPI - Web framework for HTTP API
- pytest - Testing framework
- Tang - Tang binding daemon
- Clevis - Automated encryption framework
- José - C implementation of JOSE standards.
python-tang is licensed under the GPL v3 for everyone to use, modify and share freely.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
If you found this project useful, please consider donating. Any amount is greatly appreciated! Thank you 😃
