python-securid - RSA SecurID 128-bit Token Library¶
python-securid is a Python library for generating RSA SecurID 128-bit compatible token codes. (Python port of stoken). This project is not affiliated with or endorsed by RSA Security.
Installation¶
pip install securid
Usage¶
Shell¶
Generate token from a password protected sdtid file.
$ securid --filename my.sdtid --password very_secret
24848935
Convert a sdtid file into an unprotected JSON file and generate token from the JSON file.
$ securid --filename my.sdtid --password very_secret --export > my.json
$ securid --filename my.json
24848935
$ cat my.json
{"digits": 8, "exp_date": "2025-04-13", "period": 60, "secret": [15, 63, 116, 57, 194, 241, 34, 224, 68, 60, 168, 234, 155, 194, 99, 167], "serial": "530965299048", "type": "SecurID"}
Sdtid File¶
import securid
from securid.sdtid import SdtidFile
# Read sdtid file
sdtid = SdtidFile('filename.sdtid')
# Decrypt token with password
token = sdtid.get_token(password='000123456789')
# Generate OTP
token.now() #=> '123456'
Stoken File¶
import securid
from securid.stoken import StokenFile
# Read ~/.stokenrc file
stoken = StokenFile()
# Get token
token = stoken.get_token()
# Generate OTP
token.now() #=> '123456'
Generating a new Token¶
import securid
token = securid.Token.random(exp_date=date(2030,1,1))
str(token) # => digits: 6 exp_date: 2030-01-01 interval: 60 issuer: label: seed: 34b7e942eb6fb35bbf81579dcd9b0522 serial: 922729241304
# Generate OTP
token.now() #=> '755546'
API documentation¶
-
class
securid.Token(serial: Union[bytes, bytearray, str, Bytearray] = '', seed: Union[bytes, None, str] = None, interval: int = 60, digits: int = 6, exp_date: Union[datetime.date, None, str] = None, issuer: Optional[str] = None, label: Optional[str] = None, pin: Optional[int] = 0)[source]¶ Handler for RSA SecurID 128-bit compatible token codes.
Parameters: - serial – token serial number
- seed – token seed
- interval – time interval in seconds for OTP (default: 60)
- digits – number of digits (default: 6)
- exp_date – expiration date
- issuer – issuer
- label – label
- pin – PIN (default: 0)
-
at(for_time: Union[int, datetime.datetime], pin: Optional[int] = None) → str[source]¶ Generate OTP for the given time (accepts either a Unix timestamp integer or a datetime object)
Parameters: for_time – the time to generate an OTP for Returns: OTP code
securid.sdtid¶
securid.stoken¶
-
class
securid.stoken.StokenFile(filename: Optional[str] = '~/.stokenrc', data: Union[bytes, None, bytearray, str] = None, token: Optional[securid.token.Token] = None)[source]¶ Handler for stokenrc file format
Parameters: - filename – stokenrc file path
- data – token as string in stokenrc format
- token – Token instance
securid.jsontoken¶
-
class
securid.jsontoken.JSONTokenFile(filename: Optional[str] = None, data: Union[bytes, bytearray, str, Dict[str, Any], None] = None, token: Optional[securid.token.Token] = None)[source]¶ Handler for JSON file format
Example:
- {
- “digits”: 6, “exp_date”: “2035-12-31”, “pin”: 1234, “period”: 60, “secret”: [10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25], “serial”: “000512377827”, “issuerInt”: “myorg”, “label”: “myaccount”, “type”: “SecurID”
}
Parameters: - filename – JSON file path
- data – token as string in JSON format or as a dictionary
- token – Token instance
securid.exceptions¶
-
exception
securid.exceptions.InvalidSignature[source]¶ This is raised when signature verification fails. This can occur when password is required for decrypting the token.
securid.utils¶
-
securid.utils.aes_ecb_encrypt(key: Union[bytes, bytearray, Bytearray], data: Union[bytes, bytearray, Bytearray]) → bytes[source]¶ Encrypt data with the key using AES-128 ECB
-
securid.utils.aes_ecb_decrypt(key: Union[bytes, bytearray, Bytearray], data: Union[bytes, bytearray, Bytearray]) → bytes[source]¶ Decrypt data with the key using AES-128 ECB