Skip to main content
This is a pre-production deployment of Warehouse. Changes made here affect the production instance of PyPI (
Help us improve Python packaging - Donate today!

Learning Registry resource data digital signature management

Project Description
Learning Registry Envelope Signing and Validation Module

This is a Python module that may be used to sign, verify, and retrieve
PGP keys for Learning Registry envelopes.

License & Copyright

Copyright 2011 SRI International

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
See the License for the specific language governing permissions and


1. Install [GNU Privacy Guard](

2. Download the latest release from the [src/dist](./LRSignature/tree/master/src/dist)

3. Install with pip

pip install LRSignature-<version>.tar.gz

4. There is no step four! Done.


#!/usr/bin/env python

from LRSignature.sign.Sign import Sign_0_21
from LRSignature.verify.Verify import Verify_0_21
import simplejson as json

envelope = '''
"update_timestamp":"2011-03-14 13:36:04.617999",
"resource_data":"<oai_dc:dc xmlns:oai_dc=\\"\\" xmlns:dc=\\"\\" xmlns:xsi=\\"\\" xmlns=\\"\\" xsi:schemaLocation=\\"\\">\\n<dc:title>A chat about America. October and November, 1884.</dc:title>\\n<dc:creator>J. P.</dc:creator>\\n<dc:subject>United States--Description and travel.</dc:subject>\\n<dc:description>\\"Printed for private circulation only.\\"</dc:description>\\n<dc:description>Electronic reproduction. Washington, D.C. : Library of Congress, [2002-2003]</dc:description>\\n<dc:publisher>Manchester, Palmer &amp; Howe</dc:publisher>\\n<dc:date>1885</dc:date>\\n<dc:type>text</dc:type>\\n<dc:identifier></dc:identifier>\\n<dc:language>eng</dc:language>\\n<dc:coverage>United States</dc:coverage>\\n</oai_dc:dc>\\n ",
"keys":["United States--Description and travel.","eng"],
"submitter":"NSDL 2 LR Data Pump",
"node_timestamp":"2011-03-14 13:36:04.617999",
"create_timestamp":"2011-03-14 13:36:04.617999",
"TOS": {
"submission_TOS": "",
"submission_attribution": "unidentified"
origJson = json.loads(envelope)
privateKeyLocation = [""]
keyid = "C37C805D164B052C"
passphrase = "my passphrase"

signtool = Sign_0_21(keyid, passphrase=passphrase, publicKeyLocations=privateKeyLocation)
signed = signtool.sign(origJson)

verifytool = Verify_0_21()
verified = verifytool.verify(signed)
assert verified == True

LRSignature.util module contains functionality to fetch and store public keys into the
local PGP keyring.



- GnuPG:

Other Python Dependencies:

- Python-gnupg:

0.1.15 - Bug fixes, new Sign/Verify version classes, improved exceptions

* Signing will now throw an exception when provided passphrase for key is invalid
* Provided signing key may now contain spaces
* Signing and verification will throw exceptions extended from a base SignatureException

0.1.14 - Significant Bug Fixes:

* Fixed signing so that it performs a "deep copy" instead of a shallow copy.
* Fixed algorithm to properly drop numbers on envelope before passing to bencode.

Other: Made testsuite work with Jenkins continuous integration.

0.1.13 - Modified fetchkey to extract Windows linefeed terminated keys, and exposed a new function in Verify that returns the pgp verification info after signature verification.

0.1.12 - No changes; modified dependency version number for python-gnupgp

0.1.11 - New Features and Bug Fixes:

* _NEW_ Added a feature to signing to skip signing envelopes with a doc_version older that 0.21.0.

* Fixed a problem with signature validation due to changes in gnupg.

* Updated and fixated support for gnupg 0.30.0

0.1.10 - Fixed an issue with PipeTool not honoring the --lr-test-data argument.

0.1.9 - Added contribution from ISKME that adds basic HTTP Authentication for publish.

0.1.8 - Modified to handle new variant of Basic Harvest getrecord and listrecords response. Additional error handling.

0.1.7 - Bug fix for Python versions < 2.7 and added some flexibility to command line use.

0.1.6 - New Feature.

* Enhanced command line usage.

- Added envelope signature validation

- Command line arguments modified to have modes, sign & verify

0.1.4 - Minor enhancement.

* Updated files to import the right submodules
so package visibility is not obfuscated. No functionality changes.

0.1.3 - Bug Fix [PT #14231273](

* Bittorrent-python does not encode unicode strings. Repackaged LRSignature
with modified Bittorrent-python package which can handle UTF-8 strings.

* License for Bittorrent-python code is [Bittorrent Open Source License](

* Removed external dependency for Bittorrent-python module.

* Reverted changes from 0.1.2.

0.1.2 - Bug Fix [PT #14231273](

* UTF-8 encoded envelopes failed to sign.

- Unicode strings are now UTF-8 encoded before bencoding.

0.1.1 - Minor Bug Fix

* When gnupgHome is not defined, default option creates a directory named "~".

0.1.0 - Initial Release
Release History

Release History

This version
History Node


History Node


History Node


History Node


History Node


History Node


Download Files

Download Files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

File Name & Checksum SHA256 Checksum Help Version File Type Upload Date
LRSignature-0.1.15.tar.gz (23.7 kB) Copy SHA256 Checksum SHA256 Source May 6, 2014

Supported By

WebFaction WebFaction Technical Writing Elastic Elastic Search Pingdom Pingdom Monitoring Dyn Dyn DNS Sentry Sentry Error Logging CloudAMQP CloudAMQP RabbitMQ Heroku Heroku PaaS Kabu Creative Kabu Creative UX & Design Fastly Fastly CDN DigiCert DigiCert EV Certificate Rackspace Rackspace Cloud Servers DreamHost DreamHost Log Hosting