SecretExchange#

class SecretExchange(**properties: Any)#

Superclasses: Object

Allows exchange of secrets between two processes on the same system without exposing those secrets to things like loggers, non-pageable memory etc.

This does not protect against active attacks like MITM attacks.

Each side creates a secret exchange object, and one of the sides calls begin. This creates a string, which should be passed to the other side. Each side passes the strings it receives into receive.

In order to send a reply (either with or without a secret) use send. A side must have successfully called receive before it can use send.

The secret exchange objects can be used for multiple iterations of the conversation, or for just one request/reply. The only limitation being that the initial request cannot contain a secret.

Caveat: Information about the approximate length (rounded up to the nearest 16 bytes) may be leaked. If this is considered inacceptable, do not use SecretExchange.

Constructors#

class SecretExchange
classmethod new(protocol: str | None = None) SecretExchange#

Create a new secret exchange object.

Specify a protocol of None to allow any protocol. This is especially relevant on the side of the exchange that does not call begin, that is the originator. Currently the only protocol supported is SECRET_EXCHANGE_PROTOCOL_1.

Parameters:

protocol – the exchange protocol to use

Methods#

class SecretExchange
begin() str#

Begin the secret exchange. The resulting string should be sent to the other side of the exchange. The other side should use receive to process the string.

get_protocol() str#

Will return None if no protocol was specified, and either begin or receive have not been called successfully.

get_secret() list[str]#

Returns the last secret received. If no secret has yet been received this will return None. The string is owned by the SecretExchange object and will be valid until the next time that receive() is called on this object, or the object is destroyed.

Depending on the secret passed into the other side of the secret exchange, the result may be a binary string. It does however have a null terminator, so if you’re certain that it is does not contain arbitrary binary data, it can be used as a string.

receive(exchange: str) bool#

Receive a string from the other side of secret exchange. This string will have been created by begin or send.

After this call completes successfully the value returned from get_secret() will have changed.

Parameters:

exchange – the string received

send(secret: str | None, secret_len: int) str#

Send a reply to the other side of the secret exchange, optionally sending a secret.

receive must have been successfully called at least once on this object. In other words this object must have received data from the other side of the secret exchange, before we can send a secret.

Parameters:
  • secret – optionally, a secret to send to the other side

  • secret_len – length of secret, or -1 if null terminated

Properties#

class SecretExchange
props.protocol: str#

The type of the None singleton.

Virtual Methods#

class SecretExchange
do_derive_transport_key(peer: int, n_peer: int) bool#

The type of the None singleton.

Parameters:
  • peer

  • n_peer

do_generate_exchange_key(scheme: str, public_key: int, n_public_key: int) bool#

The type of the None singleton.

Parameters:
  • scheme

  • public_key

  • n_public_key

Fields#

class SecretExchange
parent#
pv#