Per recommendations I am transitioning to a new PGP key. I have written a statement to this effect, signed with my previous key, here. My new keys have been uploaded to pgp.mit.edu and also to the PGP Global Directory.
I wanted an ActiveX object which will perform NT user authentication . Not a big deal eh? I didn't want to call LogonUser for plenty of good reasons, the most prominent of which is that this function LogonUser is really meant for doing what it says: changing the security context of the process to the user whose credentials you present. This also assumes that the user has privileges to log on to the box. So, I checked out some information supplied by Felix Kasza [MVP] <email@example.com> and wrote a C++ COM object that does this using the NT SSPI. I have made the source available under the GPL and you can also download the binary.
Download Source plus compiled DLL
Later on I wanted to authenticate NT users from Java on a *nix box. How to do this? CORBA naturally. I wrapped my same code used above into a CORBA server. All I had to do then was take the IDL for this service to generate Java client code. It works great. I don't have the source up here because I just never got around to it but if you're interested in it I'll be happy to email it to you. I used omniORB to build this server.
I've written a Python 2.X extension module for windows that gives you
object-oriented python-style access to the Windows Registry. Highlights:
Check out the Documentation for this module to get the whole skinny.
2014-02-07 update: Python 2.7 binaries & signatures.
2011-03-17 update: Python 2.6 binary & signature.
2008-02-06 update: Python 2.5 binary & signature.
2004-12-21 1.0.5 Built a new version for Python 2.4. I have also included a new feature that let's you iterate through pyregistry object. The iterator returns just the subkeys. This function uses the RegEnumKey function, so if there are a lot of keys this may be better than calling getKeyNames() which constructs the whole list before returning it to you.
2004-08-18 Well, the last release changed the documentation so that getSubKeys was renamed to getKeyNames. The only problem was that the code actually implemented getSubKeys. Well, now there's a new release that fixes this. The code now has getKeyNames and also has getSubKeys although calling getSubKeys causes a deprecation warning that it will be removed in a future version.
2004-08-11 update: fixed some documentation discrepancies and re-rolled as version 1.0.3 with python 2.3 binaries available. Download. (PGP Signature of binary installer.)
2004-01-13 update: built binary installer for Python 2.3. Note source rev is now 1.0.2 but at this moment I can't remember what changed from 1.0.1. Download. (PGP Signature of binary installer.)
2002-08-09 update: Tim Lewis reported a bug to me where calling reg.getValue('valname') where valname contains a zero-length REG_SZ would crash Python. This bug has been fixed. The new version is 1.0.1 and is available in source plus a binary version built for Python 2.1.
There was a point where I was determined to evangelize people to use PGP encryption for email. (I've since given this up and instead evangelize people to use S/MIME encryption for email.) In keeping with this goal I wanted to write an openldap backend that would act as a pgp keyserver. The previous free version of the PGP program (and perhaps the current gpg software?) had the ability to talk to an LDAP server and do queries. That seemed much cooler than doing a plain old HTTP (HKP) implementation. I looked at the messages my pgp software was sending and receiving from an existing server and I soon discovered that in order to do this right (I didn't want the server to have to run 'gpg') I was going to need to parse OpenPGP messages. I opened up the RFC and set to work and wrote this thing. I offer it here for anyone who'd like to use it. It is offered under the GPL license. The ldap backend was completed as well though unfortunately I don't know whence it has gone. It wasn't a lot of code but it did more importantly understand the attributes that the pgp client wants (doesn't seem to be documentation about this).
Source: http://www.ultraemail.net:8000/~jbj1/pgpmsg-1.0.zip (signature)
I don't know if this utility is useful or not. Supposedly you should be able to use PGPNet with FreeS/WAN for IPSEC. The usual instructions for setting up with PGPNet to FreeS/WAN say that you should use the shared key. This didn't work for me. Then, someone on the list said that you could use PGP authentication with FreeS/WAN but you had to be able to get the PGP Public Key and put it into the format expected by ipsec.conf's leftrsasigkey . I was intrigued so I went ahead a wrote a python script that would do this. Fortunately I already had a Python module I wrote that could parse PGP messages so that it was easy to get at the components of the pgp public key 'certificate'. Then it was just a matter of formatting it according to the FreeS/WAN specs. You can download the source here .
PKCS11 is a standard for a programming API that can interact with a cryptographic token. PKCS11 encompasses a fairly wide range of cryptographic functions: managing keys, encrypting, signing, etc. In fact, the Mozilla Project includes a PKCS11 module (shared library) which the Firefox browser uses.
I myself am interested in PKCS11 because I have a hardware encryption token (Dallas Semiconductor Java iButton) and a PKCS11 module is available to talk to it. I created a Python module so I could directly manipulate the iButton. I have not wrapped the entire PKCS11 interface but I have done enough that I can decrypt and check the signature for an s/mime email. I should note that my script to do this also utilizes an openssl wrapper, pow, in order to perform the decryption, etc. as the DS pkcs11 module doesn't implement all the cryptographic functions needed. I have also used my module to directly use the mozilla pkcs11 module (the Personal Security Manager) and I could have used that to do full s/mime operations but I haven't done that yet since I initially wasn't able to get the wrapper working with the Mozilla module due to their "extensions". If you're interested in doing full s/mime stuff in Python you can email me for the scripts etc. necessary to get you up and running.
The current version is 1.0.4. Documentation for the module is here. A dist-utils-type source package is here, Windows binaries for Python 2.3 (sig), 2.4 (sig), 2.5 (sig), 2.7 (sig), 2.7 64-bit (sig). A test/example script (pkcs11test.py) is included in the source and binary distributions.
Jens B. Jorgensen
Last updated Feb 7, 2014