Project Summary on Different Language: 中文介紹

Some sensitive user account of the web is very important, like staff account. In some ways to avoid "Brute Force Attack" is forcing the user logining system with VPN. But it is too inconvenient to me, i prefer to use private/public key just like logining a ssh server of Linux.

this project's goal is bring an experimental method to make a web logining by PGP sign.

extra required software: * python-json(http://sourceforge.net/projects/json-py/) for server * GnuPGInterface(http://py-gnupg.sourceforge.net/) for server * GnuPG(http://www.gnupg.org/) for server and client

a plus for client: * FireGPG(http://getfiregpg.org/)

SOMETHING IMPORTANT

• When you run the django-pgpauth with HTTPD_USER, you should mkdir `.gnupg' directory in the ~HTTPD_USER. That is the gnupg's working directory.
• Remember to update the clock of the server, the wrong datetime will cause unsuccessful import of public key.
• You should import the private key(apps/pgpauth/pgpauth.privatekey) on your system with HTTPD_USER role, and set trusted status(status five) on the private key to pass MyGnuPGTestCase.

Demo Site

• https://pgpauth.hoamon.info/

  scenario

  1. Upload your PGP public key.
  2. Choose username what you want.
  3. Sign the message by your PGP private key and put the signed content in the textarea.
  4. Press , and If it is successul, you will see the profile.
  5. Logout and get the Login Page.
  6. Sign the message by your PGP private key and put the signed content in the textarea to login.
  7. See the profile again.