CGA Toolkit is a Python implementation of Cryptographically Generated Addresses (CGA), the IPv6 mechanism that binds an IPv6 address to a public key using hash-based proofs without requiring a PKI.
This repo contains:
- A CGA generator
- A CGA verifier
- A Hash2 security-level brute-force simulator
- A FastAPI demo server
- A Command-line interface (CLI)
- A Pytest test suite
- A Python package (pyproject-based)
A CGA is an IPv6 address where the Interface Identifier (IID) is derived from:
- the user’s public key
- optional "extension fields"
- a 128-bit random "modifier"
- a security parameter
Sec
The goal: Bind an IPv6 address to a public key without certificates, using only hashing.
- Public Key (DER)
- Subnet Prefix (
/64) - Modifier (16 bytes, random)
- Collisions Counter (initially 0)
- Extension fields (rarely used)
Hash1 = SHA1(modifier | coll_count | public_key | ext_fields)
Take the last 64 bits → this becomes the Interface Identifier.
IPv6 Address = prefix (64 bits) | Hash1_last_64_bits
Hash2 = SHA1(modifier | prefix | public_key | ext_fields)[:112 bits]
Then enforce:
Hash2 must start with (Sec * 16) zero bits
This acts like a proof-of-work difficulty. Sec = 0 is trivial. Sec = 7 is very hard.
+-------------------------- IPv6 /64 Prefix ---------------------+
| 2001:db8:0:1::/64 |
+----------------------------------------------------------------+
| <--- Hash1 (64 bits) ----> | Derived from PK + Modifier |
+----------------------------------------------------------------+
cga-toolkit/
│
├── cga_toolkit/
│ ├── api.py # FastAPI demo server
│ ├── attack.py # Hash2 brute-force/difficulty simulator
│ ├── cli.py # Command-line interface
│ ├── core.py # CGA generator & verifier (Hash1/Hash2 logic)
│ ├── keys.py # RSA key-generation & PEM/DER helpers
│ ├── utils.py # Serialization, prefix handling, encoding
│ └── __init__.py # Exports package symbols
│
├── tests/
│ └── test_utils.py # Sample pytest tests
│
├── .gitignore
├── pyproject.toml
└── README.md
pip install .
pip install --editable .
python -m cga_toolkit.cli gen-key --out-prefix mykey
Produces:
mykey.key.pem: private keymykey.pub.der: public key (DER)mykey.pub.pem: public key (PEM)
python -m cga_toolkit.cli generate \
--sec 0 \
--prefix "2001:db8:0:1::/64" \
--pub-der mykey.pub.der
Output:
- IPv6 CGA address
- Hash2
- Base64 CGA parameters (store these!)
python -m cga_toolkit.cli verify \
--address "<cga_ip>" \
--params-b64 "<params>"
Launch API:
uvicorn cga_toolkit.api:app --reload
Then open:
http://127.0.0.1:8000/docs
Endpoints:
POST /generate-simple→ generate CGA + keypairPOST /verify→ verify CGA
API hides key handling (it generates keys internally). Great for demos or teaching CGA without complexity.
This demonstrates how Sec increases CGA difficulty. Example:
python -m cga_toolkit.attack simulate --sec 0 --trials 10
Expected:
attempts = 1 every time
Try higher levels:
python -m cga_toolkit.attack simulate --sec 1 --trials 3
You’ll see attempts rise. This shows:
- Sec=0 → instant
- Sec>0 → exponential work factor
- Sec=7 → unrealistic in practice
Run:
pytest
Included tests cover:
- IPv6 prefix normalization
- IID reconstruction
- Round-trip param serialization
- Never commit private keys (
*.pem,*.derare ignored) Sec=0is fine for demonstrations- Higher
Secvalues intentionally become slow (proof-of-work) - Hash2 difficulty grows in powers of 2 (each Sec adds 16 zero-bits)
- CGAs offer address-to-key binding without certificates
- This repo is educational, not production-security hardened.