Skip to content

sooox-cc/pgp-verification

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
app.py
app.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

PGP for Verification of Identity

Introduction

This repository hosts a proof-of-concept application demonstrating a "challenge-response" protocol for verifying identity using Pretty Good Privacy (PGP). This method is particularly useful for enhancing the security of user logins and can serve as a robust tool against bots or as part of two-factor authentication systems, without requiring Know Your Customer (KYC) procedures.

Key Features

  • Challenge-Response Authentication: The application generates a random challenge message that users must encrypt using their private PGP key. Successful encryption and subsequent decryption by the server using the corresponding public key confirm the user's identity.
  • Enhanced Security: Public keys are submitted during account creation and stored securely. Private keys remain confidential and are never transmitted over the network.
  • User Privacy: Ensures that the identity verification process is private and secure, suitable for environments requiring high security without extensive personal data collection.

Usage

  1. Visit the Application: Go to the hosted application on Streamlit at PGP Verification App.
  2. Submit Your Public Key: Enter your PGP public key in the provided text area. This step simulates the public key submission that would occur during account creation.
  3. Encrypt the Challenge Message: Use your private PGP key to encrypt the randomly generated message displayed on the app.
  4. Verify Identity: Submit the encrypted message back to the application. The app will attempt to decrypt it using your public key. Successful decryption verifies your identity.

Installation

To run this application locally, you'll need Python and the following packages:

  • streamlit
  • pgpy

You can install these directly using pip:

pip install -r requirements.txt

Or manually install the necessary packages:

pip install streamlit pgpy

After installation, run the application using:

streamlit run app.py

How It Works

  • The application utilizes PGP (Pretty Good Privacy) encryption standards to ensure secure communication.
  • A random message is generated by the server (challenge) and needs to be encrypted by the user using their private key.
  • The encrypted message is then decrypted by the server using the user's public key. Successful decryption confirms the identity of the user.

Potential Use Cases

  • Private Messaging Platforms: Integrate into platforms as a secure method to verify identities.
  • Secure Business Communications: Use in environments where sensitive data is exchanged, requiring assured user identity.
  • Two-Factor Authentication Systems: Implement as a part of 2FA to provide an additional layer of security without personal data.

Feel free to clone, modify, and use it in your projects!

About

2FA using PGP implemented in python

Resources

Readme

License

WTFPL license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages