Password generation¶
c’t SESAM uses an encrypted secret to generate your passwords: the kgk (Key-Generation-Key). This trick enables you to change your masterpassword and makes sure that the secret used for the calculation of passwords is 64 bytes.
The kgk is stored and decrypted in the KgkManager
class:
The KGK manager stores the kgk and manages storage and encryption of kgk blocks.
-
class
kgk_manager.
KgkManager
[source]¶ New KgkManagers are uninitialized and need either a new kgk or get one by decrypting an existing one.
-
create_and_save_new_kgk_block
(kgk_crypter=None)[source]¶ Creates a fresh kgk block and saves it.
Parameters: kgk_crypter (Crypter) – Returns: kgk block Return type: bytes
-
create_new_kgk
()[source]¶ Creates a new kgk. This overwrites the previous one.
Returns: the new kgk Return type: bytes
-
decrypt_kgk
(encrypted_kgk, kgk_crypter=None, password=b'', salt=b'')[source]¶ Decrypts kgk blobs. If a crypter is passed it is used. If none is passed a new crypter is created with the salt and password. This takes relatively long. If the encrypted_kgk has a wrong length a new kgk is created.
Parameters: - encrypted_kgk (bytes) –
- kgk_crypter (Crypter) –
- password (bytes) –
- salt (bytes) –
-
get_fresh_encrypted_kgk
()[source]¶ Returns a new encrypted kgk block with fresh salt2 and iv2. This does not create a new kgk.
Returns: kgk block Return type: bytes
-
get_kgk_crypter
(password, salt)[source]¶ Creates a kgk crypter for the given credentials. This is a very expensive operation.
Parameters: - password (bytes) –
- salt (bytes) –
Returns: a kgk crypter
Return type:
-
get_kgk_crypter_salt
()[source]¶ Loads the public salt. If there is none it is created and stored.
Returns:
-
set_preference_manager
(preference_manager)[source]¶ Pass a preference manager to load and store settings locally
Parameters: preference_manager (PreferenceManager) –
-
The encrypted kgk, and the settings are stored in the hidden file .ctSESAM.pws
in your home directory. Reading
and writing of this file is handled by the PreferenceManager
:
The preference manager handles the access to the settings file.
-
class
preference_manager.
PreferenceManager
(settings_file='/home/docs/.ctSESAM.pws')[source]¶ Parameters: settings_file (str) – Filename of the settings file. Defaults to PASSWORD_SETTINGS_FILE as defined in the source Hides the settings file if possible.
-
store_kgk_block
(kgk_block)[source]¶ Writes the kgk_block into bytes 32 to 143.
Parameters: kgk_block (bytes) – encrypted kgk data
Passwords are generated with the PasswordManager
class:
Password manager. It’s name is CtSesam because it produces passwords which are compatible to those created by other c’t SESAM implementations.
-
class
password_generator.
CtSesam
(domain, username, kgk, salt=b'pepper', iterations=4096)[source]¶ Calculates passwords from masterpasswords and domain names. You may set the salt and iteration count to something of your liking. If not set default values will be used.
Parameters: - domain (str) – the domain str
- username (str) – the username str
- kgk (bytes) – the kgk
- salt (bytes) – the salt
- iterations (int) – iteration count (should be 1 or higher, default is 4096)
-
generate
(setting)[source]¶ Generates a password string.
Parameters: setting (PasswordSetting) – a setting object Returns: password Return type: str