Ax_Handoff 1.0.1

Secure protocol for passing encrypted structured data over unencrypted channels
Ax_Handoff is a Python module that provides a low level protocol and a high level wrapper encapsulating a number of complex features provided by other libraries and exposes a simple interface that allows a developer to exchange or "hand off" secure chunks of flexibly structured data (anything JSON-able) over untrusted communication channels between distributed components of a system.

The intricate details of cryptography and compression are hidden from the developer integrating with this code such that the requirement of handing off chunks of data in this manner becomes trivial and secure with little effort required and less than 5 lines of code. (!)

A primary motivation for this package is the case where a user is redirected from one web app to another on a different domain (i.e. where cookies cannot be shared) but important information must be transmitted with guaranteed integrity and total opaqueness.

Examples of Use:

- A user linking to a supplemental 3rd party support or download site that offers content based on the user's subscription level, location, and other metadata and records activity associated with that user that can be correlated back to the original site.
- Exchanging session data (logged in status) between two web apps managed by the same company but served by different platforms with no shared resources to enable seemless "single sign on" without requiring additional central resources.

Show me the code!

This brief example shows how easy it is to encode and decode complex objects:

from axonchisel.handoff import Ax_Handoff

secret = "My secret pass phr@se! Yes!!"

obj1 = {'foo': "Big Foo", 'bar': [10, 20.5, 30]}

enc = Ax_Handoff.encode(obj, secret)
# enc = 'XHADPtqHlzJuuFBpFnTmBz8Uk3tYTczT1oChKQyho9flBqlRbSTSgXBybJ59CI1N4_wnGl3nsuMwJ7ItMxixm8H9bCIsjv5M00At1rElGvuuJ7u4v4WAHX'

obj2 = Ax_Handoff.decode(enc, secret)
# obj2 = {u'foo': u'Big Foo', u'bar': [10, 20.5, 30]}

Use it in a URL:

url = "" + Ax_Handoff.encode(user_data, shared_secret)

And on the receiving end:

user_data = Ax_Handoff.decode(request.get('data'), shared_secret)

Additional Documentation

Extensive clear documentation, cryptographic analysis, and usage examples are included in the README.txt file.

last updated on:
June 12th, 2011, 21:30 GMT
license type:
MIT/X Consortium License 
developed by:
Dan Kamins
ROOT \ Security
Download Button

In a hurry? Add it to your Download Basket!

user rating



Rate it!
What's New in version 0.9.3
  • Doc updates reflecting new public bitbucket repo.
read full changelog

Add your review!