[pycrypto] Quick and Easy Email Authentication

David MacQuigg macquigg at ece.arizona.edu
Sun Feb 1 17:30:21 CST 2009


I'm working on an email authentication system that needs a little more security.  The idea is that a sender will include an authentication code in the very first command to request an email session.  For example, arizona.edu might include the code 'f33faf76' as in:  
HELO IDf33faf76.mailout09.arizona.edu 
The receiver can then verify that this is not a forgery by getting a DNS record from mailout09.arizona.edu.  The simplest way to do this is for arizona.edu to publish that code verbatim, and change it frequently.  It won't take long, however, for the crooks to modify their zombies to query the DNS records at the victim domain, and use the same code in their forged HELO commands.

So what we really need in the sender's DNS record is not the actual code, but a public key that can be used to decrypt the code and prove not only that it was generated by the alleged sender, but it was generated recently, like within a few seconds of when the HELO command was sent.

I'm trying to figure out how to do this with PyCrypto, but the API documentation is not much help.  It would be nice to have an example showing encryption and decryption using RSA.

Here are the stub functions I'm using:  
def encrypt(plaintext, privkey): 
    return 'f33faf76'

def decrypt(authcode, pubkey): 
    return '315:14:45:03'     # day:hour:minute:second 
Help will be greatly appreciated.  I'll be glad to help with documentation, once I understand how this package is used.

-- Dave

************************************************************     *
* David MacQuigg, PhD    email: macquigg at ece.arizona.edu   *  *
* Research Associate                phone: USA 520-721-4583   *  *  *
* ECE Department, University of Arizona                       *  *  *
*                                 9320 East Mikelyn Lane       * * *
* http://purl.net/macquigg        Tucson, Arizona 85710          *
************************************************************     * 

More information about the pycrypto mailing list