Gentoo Archives: gentoo-user

From: Alan McKinnon <alan.mckinnon@×××××.com>
To: gentoo-user@l.g.o
Subject: [gentoo-user] key validation
Date: Sat, 21 Aug 2010 18:23:51
1 Hi guys,
3 I need key validation routines for my authentication systems. Web front ends
4 are not my strong point so I'm not in much of a position to do a through
5 evaluation. I'm looking for recommendations from folk who have done this.
7 The authenticates to a website using two factor auth (not key based) and
8 uploads a public key, which then gets put everywhere it needs to go. The
9 validations I'd like to do:
11 1. server side: convert the key to openssh format and check that it's a valid
12 key, correct type and strong enough.
14 2. Browser side: check if user entered a private key and refuse to upload it.
15 Check matching private key and refuse to upload public key till private key is
16 passphrase-protected with strong enough encryption. Don't require user to
17 enter passphrase.
19 I must support SSH protocol 1 for an ancient legacy site or two. And I'm in
20 the very happy position of being able to tell users "You will use Firefox|
21 Chrome|Opera for this" if that's what it takes :-)
23 The web app will be built using django.
25 --
26 alan dot mckinnon at gmail dot com