Lorenzo Zolfanelli
1 changed files with 77 additions and 0 deletions
Split View
Diff Options
-
+77 -0README.md
+ 77
- 0
README.md
View File
| @ -0,0 +1,77 @@ | |||
| <!-- ABOUT THE PROJECT --> | |||
| # pyjod | |||
| Open-source implementation of the Strong Customer Authentication client agent used by the italian provider Poste Italiane S.p.A. | |||
| ### DISCLAIMER: | |||
| * The main purpose of this project is research and understanding of the techniques and protocols used. | |||
| * This project is under development and unstable, using it could cause revocation or ban of your user account. | |||
| * Using this software would very likely compromise most of the security of having a 2-factor authentication scheme. Also, this software is not security-audited at all and is storing all your private keys and secret UNENCRYPTED on your computer! | |||
| In conclusion: USE IT ONLY AT YOUR RISKS, UNDER YOUR RESPONSABILITY, AND IF YOU KNOW VERY WELL WHAT YOU ARE DOING! | |||
| ## Installation | |||
| All the following instruction assumes that you are using a BASH shell under Linux, | |||
| you will have to adapt them if you use a different Operating System or a different shell. | |||
| 1. Ensure you have a proper and recent Python (> 3.9) installed. | |||
| 2. (Strongly suggested) create a dedicated Python virtual environment | |||
| ```sh | |||
| mkdir -p ~/.venvs | |||
| python3 -m venv ~/.venvs/pyjod | |||
| ``` | |||
| 3. Activate the virtual environment | |||
| ```sh | |||
| source ~/.venvs/pyjod/bin/activate | |||
| ``` | |||
| 4. Install `pyjod` and the optional dependencies you want | |||
| ```sh | |||
| # For a basic installation | |||
| pip install "git+https://projects.lilik.it/zolfa/pyjod" | |||
| # To include QR generator for OTP Authenticator apps | |||
| pip install "git+https://projects.lilik.it/zolfa/pyjod#egg=pyjod[qr]" | |||
| # To include also the QR screen scanner for instant authentication | |||
| pip install "git+https://projects.lilik.it/zolfa/pyjod#egg=pyjod[qr,scanqr]" | |||
| ``` | |||
| 5. Create a symbolic link from a directory available in your `$PATH` | |||
| ```sh | |||
| ln -s ~/.venvs/pyjod/bin/posteid ~/.local/bin/posteid | |||
| ``` | |||
| ## Basic usage | |||
| 1. Execute `posteid` in a terminal, you will be guided into logging in and | |||
| configuring the application and enroling the device to your account. | |||
| ```sh | |||
| posteid | |||
| ``` | |||
| 2. After the first execution, you can call `posteid` again to check the status of | |||
| your device-account enrolment. | |||
| 2. Generate an OTP-code to authenticate using the "Generate a single-use code" option. | |||
| ```sh | |||
| posteid otp | |||
| ``` | |||
| 3. List all the pending authentication request, and authorize one of them. | |||
| You will only see the requests generated using the "Send a notification to my device" | |||
| option. | |||
| ```sh | |||
| posteid authorize | |||
| ``` | |||
| 4. Export the QR generation seed to a compatible app using a standard provisioning QR-code | |||
| _You will need the extra requirements [qr]_ | |||
| ```sh | |||
| posteid qr | |||
| ``` | |||
| 5. Detect a rapid-authentication qr in your screen and authorize the access using it. | |||
| _You will need the extra requirements [scanqr]_ | |||
| ```sh | |||
| posteid scanqr | |||
| ``` | |||
| 6. Revoke your device enrolment, disabling private keys and OTP generator. | |||
| ```sh | |||
| posteid revoke | |||
| ``` | |||