A collection of utilities that facilitate working with Pyzor accounts.

Note that accounts are not necessary (on the client or server), as an “anonymous” account always exists.

class pyzor.account.Account(username, salt, key)

Bases: object

pyzor.account.hash_key(key, user, hash_=<built-in function openssl_sha1>)

Returns the hash key for this username and password.

lower(H(U + ‘:’ + lower(K))) K is key (hex string) U is username H is the hash function (currently SHA1)

pyzor.account.sign_msg(hashed_key, timestamp, msg, hash_=<built-in function openssl_sha1>)

Converts the key, timestamp (epoch seconds), and msg into a digest.

lower(H(H(M) + ‘:’ T + ‘:’ + K)) M is message T is integer epoch timestamp K is hashed_key H is the hash function (currently SHA1)

pyzor.account.verify_signature(msg, user_key)

Verify that the provided message is correctly signed.

The message must have “User”, “Time”, and “Sig” headers.

If the signature is valid, then the function returns normally. If the signature is not valid, then a pyzor.SignatureError() exception is raised.