python-securid - RSA SecurID 128-bit Token Library¶
python-securid is a Python library for generating RSA SecurID 128-bit compatible token codes. (Python port of stoken). This project is not affiliated with or endorsed by RSA Security.
Installation¶
pip install securid
Usage¶
Shell¶
Generate token from a password protected sdtid file.
$ securid --filename my.sdtid --password very_secret
24848935
Convert a sdtid file into an unprotected JSON file and generate token from the JSON file.
$ securid --filename my.sdtid --password very_secret --export > my.json
$ securid --filename my.json
24848935
$ cat my.json
{"digits": 8, "exp_date": "2025-04-13", "period": 60, "secret": [15, 63, 116, 57, 194, 241, 34, 224, 68, 60, 168, 234, 155, 194, 99, 167], "serial": "530965299048", "type": "SecurID"}
Sdtid File¶
import securid
from securid.sdtid import SdtidFile
# Read sdtid file
sdtid = SdtidFile('filename.sdtid')
# Decrypt token with password
token = sdtid.get_token(password='000123456789')
# Generate OTP
token.now() #=> '123456'
Stoken File¶
import securid
from securid.stoken import StokenFile
# Read ~/.stokenrc file
stoken = StokenFile()
# Get token
token = stoken.get_token()
# Generate OTP
token.now() #=> '123456'
Generating a new Token¶
import securid
token = securid.Token.random(exp_date=date(2030,1,1))
str(token) # => digits: 6 exp_date: 2030-01-01 interval: 60 issuer: label: seed: 34b7e942eb6fb35bbf81579dcd9b0522 serial: 922729241304
# Generate OTP
token.now() #=> '755546'
Links¶
API documentation¶
- class securid.Token(serial: bytes | bytearray | str | Bytearray = '', seed: bytes | None | str = None, interval: int = 60, digits: int = 6, exp_date: date | None | str = None, issuer: str | None = None, label: str | None = None, pin: int | None = 0)[source]¶
Handler for RSA SecurID 128-bit compatible token codes.
- Parameters:
serial – token serial number
seed – token seed
interval – time interval in seconds for OTP (default: 60)
digits – number of digits (default: 6)
exp_date – expiration date
issuer – issuer
label – label
pin – PIN (default: 0)
- at(for_time: int | datetime, pin: int | None = None) str[source]¶
Generate OTP for the given time (accepts either a Unix timestamp integer or a datetime object)
- Parameters:
for_time – the time to generate an OTP for
- Returns:
OTP code
securid.sdtid¶
securid.stoken¶
- class securid.stoken.StokenFile(filename: str | None = '~/.stokenrc', data: bytes | None | bytearray | str = None, token: Token | None = None)[source]¶
Handler for stokenrc file format
- Parameters:
filename – stokenrc file path
data – token as string in stokenrc format
token – Token instance
securid.jsontoken¶
- class securid.jsontoken.JSONTokenFile(filename: str | None = None, data: bytes | bytearray | str | Dict[str, Any] | None = None, token: Token | None = None)[source]¶
Handler for JSON file format
Example:
- {
“digits”: 6, “exp_date”: “2035-12-31”, “pin”: 1234, “period”: 60, “secret”: [10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25], “serial”: “000512377827”, “issuerInt”: “myorg”, “label”: “myaccount”, “type”: “SecurID”
}
- Parameters:
filename – JSON file path
data – token as string in JSON format or as a dictionary
token – Token instance
securid.exceptions¶
- exception securid.exceptions.InvalidSeed[source]¶
This is raised when the seed is missing or invalid.
- exception securid.exceptions.InvalidSerial[source]¶
This is raised when the serial is missing or invalid.
securid.utils¶
- securid.utils.aes_ecb_decrypt(key: bytes | bytearray | Bytearray, data: bytes | bytearray | Bytearray) bytes[source]¶
Decrypt data with the key using AES-128 ECB
- securid.utils.aes_ecb_encrypt(key: bytes | bytearray | Bytearray, data: bytes | bytearray | Bytearray) bytes[source]¶
Encrypt data with the key using AES-128 ECB