[PYTHON-CRYPTO] RFC: verifying e-mail addresses using HMACs

[Jason R. Mastaler]

Greetings,

I'm working on an application that generates and verifies one-time
"expirable" e-mail addresses using HMACs.  I thought I'd run my
methodology by the list and would appreciate any comments/suggestions
on it.

A 'dated' address is one that is valid only for a certain interval of
time.

  Its format is: name-dated-$date.$datemac at domain.dom

  (For example, jason-dated-988298746.9d619c at mastaler.com)

  An incoming message with such a 'dated' address is accepted if:

  $date < currentdate AND $datemac == a new HMAC generated using
  $date as input.

A 'sender' address is one that only a particular sender can use.

  Its format is: name-sender-$sendermac at domain.dom

  (For example, jason-sender-c12d9f6630f00645 at mastaler.com)

  An incoming message with such a 'sender' address is accepted if:
  $sendermac == a new HMAC generated using the sender's e-mail
  address as input.

The following code illustrates how these addresses are generated using
amkCrypto.

=======================================================================

#!/usr/bin/env python

from Crypto.Hash import HMAC
from Crypto.Hash import SHA
import binascii
import time

now = '%d' % time.time()
hexkey = '0a7ba002d968c2c6a87c91c54ed68a15987cc546'
key = binascii.unhexlify(hexkey)

def make_datemac(time):
    datemac = HMAC.HMAC(SHA).hash(key,[time])[0]
    return binascii.hexlify(datemac[:3])

dated_address = 'jason-dated-' + now + '.' + make_datemac(now)
print dated_address

def make_sendermac(address):
    sendermac = HMAC.HMAC(SHA).hash(key,[address])[0]
    return binascii.hexlify(sendermac[:8])

sender_address = 'jason-sender-' + make_sendermac('jason at mastaler.com')
print sender_address

=======================================================================

Thanks.