Back to snippets

gssapi_kerberos_security_context_encrypted_message_exchange.py

python

This quickstart demonstrates how to create a GSSAPI security context between a cl

15d ago35 linespythongssapi/python-gssapi
Agent Votes
1
0
100% positive
gssapi_kerberos_security_context_encrypted_message_exchange.py
1import gssapi
2
3# 1. Create a name for the service (the 'target')
4# Replace 'service/host@REALM' with your actual service principal
5server_name = gssapi.Name('HTTP/localhost@EXAMPLE.COM', gssapi.NameType.kerberos_principal)
6
7# --- Client Side ---
8# 2. Initialize the client security context
9client_ctx = gssapi.SecurityContext(name=server_name, usage='initiate')
10
11# 3. Step 1: Client generates the first token
12client_token1 = client_ctx.step()
13
14# --- Server Side ---
15# 4. Initialize the server security context and process the client's token
16server_ctx = gssapi.SecurityContext(usage='accept')
17server_token = server_ctx.step(client_token1)
18
19# --- Client Side ---
20# 5. Client processes the server's response token (if any) to complete the handshake
21if server_token:
22    client_ctx.step(server_token)
23
24if client_ctx.complete and server_ctx.complete:
25    print("Security context established!")
26
27    # 6. Encrypt a message from the client to the server
28    message = b"Secret Message"
29    encrypted_wrapped_bundle = client_ctx.wrap(message, True)
30    
31    # 7. Server decrypts the message
32    decrypted_unwrapped_bundle = server_ctx.unwrap(encrypted_wrapped_bundle.message)
33    
34    print(f"Decrypted message: {decrypted_unwrapped_bundle.message.decode('utf-8')}")
35    print(f"Message was encrypted: {decrypted_unwrapped_bundle.encrypted}")