The ALTCHA Python Library is a lightweight, zero-dependency library designed for creating and verifying ALTCHA challenges, specifically tailored for Python applications.

This library is compatible with:

• Python 3.9+

• Demo server

To install the ALTCHA Python Library, use the following command:

pip install altcha

python -m build

python -m unittest discover tests

Here’s a basic example of how to use the ALTCHA Python Library:

import datetime
from altcha import ChallengeOptions, create_challenge, verify_solution

def main():
    hmac_key = "secret hmac key"

    # Create a new challenge
    options = ChallengeOptions(
        expires=datetime.datetime.now() + datetime.timedelta(hours=1),
        max_number=100000, # The maximum random number
        hmac_key=hmac_key,
    )
    challenge = create_challenge(options)
    print("Challenge created:", challenge)

    # Example payload to verify
    payload = {
        "algorithm": challenge.algorithm,
        "challenge": challenge.challenge,
        "number": 12345,  # Example number
        "salt": challenge.salt,
        "signature": challenge.signature,
    }

    # Verify the solution
    ok, err = verify_solution(payload, hmac_key, check_expires=True)
    if err:
        print("Error:", err)
    elif ok:
        print("Solution verified!")
    else:
        print("Invalid solution.")

if __name__ == "__main__":
    main()

Creates a new challenge for ALTCHA.

Parameters:

• options (dict):
  • algorithm (str): Hashing algorithm to use ('SHA-1', 'SHA-256', 'SHA-512', default: 'SHA-256').
  • max_number (int): Maximum number for the random number generator (default: 1,000,000).
  • salt_length (int): Length of the random salt in bytes (default: 12).
  • hmac_key (str): Required HMAC key.
  • salt (str): Optional salt string. If not provided, a random salt will be generated.
  • number (int): Optional specific number to use. If not provided, a random number will be generated.
  • expires (datetime): Optional expiration time for the challenge.
  • params (dict): Optional URL-encoded query parameters.

Returns: Challenge

Verifies an ALTCHA solution.

Parameters:

• payload (dict): The solution payload to verify.
• hmac_key (str): The HMAC key used for verification.
• check_expires (bool): Indicates whether to validate the challenge's expiration. If set to True, the function checks the expires field within the salt (if present) to ensure the challenge has not expired. (Note: To use this feature, the expires parameter must be included when creating the challenge.)

Returns: (bool, str or None)

Extracts URL parameters from the payload's salt.

Parameters:

• payload (dict): The payload containing the salt.

Returns: dict

Verifies the hash of form fields.

Parameters:

• form_data (dict): The form data to hash.
• fields (list): The fields to include in the hash.
• fields_hash (str): The expected hash value.
• algorithm (str): Hashing algorithm ('SHA-1', 'SHA-256', 'SHA-512').

Returns: bool

Verifies the server signature.

Parameters:

• payload (dict or str): The payload to verify (base64 encoded JSON string or dictionary).
• hmac_key (str): The HMAC key used for verification.

Returns: (bool, ServerSignatureVerificationData, str or None)

Finds a solution to the given challenge.

Parameters:

• challenge (str): The challenge hash.
• salt (str): The challenge salt.
• algorithm (str): Hashing algorithm ('SHA-1', 'SHA-256', 'SHA-512').
• max_number (int): Maximum number to iterate to.
• start (int): Starting number.

Returns: Solution or None

MIT