Skip to main content

Learning Registry resource data digital signature management

Project description

Learning Registry Envelope Signing and Validation Module

This is a Python module that may be used to sign, verify, and retrieve
PGP keys for Learning Registry envelopes.

License & Copyright

Copyright 2011 SRI International

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
See the License for the specific language governing permissions and


1. Install [GNU Privacy Guard](

2. Download the latest release from the [src/dist](./LRSignature/tree/master/src/dist)

3. Install with pip

pip install LRSignature-<version>.tar.gz

4. There is no step four! Done.


#!/usr/bin/env python

from LRSignature.sign.Sign import Sign_0_21
from LRSignature.verify.Verify import Verify_0_21
import simplejson as json

envelope = '''
"update_timestamp":"2011-03-14 13:36:04.617999",
"resource_data":"<oai_dc:dc xmlns:oai_dc=\\"\\" xmlns:dc=\\"\\" xmlns:xsi=\\"\\" xmlns=\\"\\" xsi:schemaLocation=\\"\\">\\n<dc:title>A chat about America. October and November, 1884.</dc:title>\\n<dc:creator>J. P.</dc:creator>\\n<dc:subject>United States--Description and travel.</dc:subject>\\n<dc:description>\\"Printed for private circulation only.\\"</dc:description>\\n<dc:description>Electronic reproduction. Washington, D.C. : Library of Congress, [2002-2003]</dc:description>\\n<dc:publisher>Manchester, Palmer &amp; Howe</dc:publisher>\\n<dc:date>1885</dc:date>\\n<dc:type>text</dc:type>\\n<dc:identifier></dc:identifier>\\n<dc:language>eng</dc:language>\\n<dc:coverage>United States</dc:coverage>\\n</oai_dc:dc>\\n ",
"keys":["United States--Description and travel.","eng"],
"submitter":"NSDL 2 LR Data Pump",
"node_timestamp":"2011-03-14 13:36:04.617999",
"create_timestamp":"2011-03-14 13:36:04.617999",
"TOS": {
"submission_TOS": "",
"submission_attribution": "unidentified"
origJson = json.loads(envelope)
privateKeyLocation = [""]
keyid = "C37C805D164B052C"
passphrase = "my passphrase"

signtool = Sign_0_21(keyid, passphrase=passphrase, publicKeyLocations=privateKeyLocation)
signed = signtool.sign(origJson)

verifytool = Verify_0_21()
verified = verifytool.verify(signed)
assert verified == True

LRSignature.util module contains functionality to fetch and store public keys into the
local PGP keyring.



- GnuPG:

Other Python Dependencies:

- Python-gnupg:

0.1.15 - Bug fixes, new Sign/Verify version classes, improved exceptions

* Signing will now throw an exception when provided passphrase for key is invalid
* Provided signing key may now contain spaces
* Signing and verification will throw exceptions extended from a base SignatureException

0.1.14 - Significant Bug Fixes:

* Fixed signing so that it performs a "deep copy" instead of a shallow copy.
* Fixed algorithm to properly drop numbers on envelope before passing to bencode.

Other: Made testsuite work with Jenkins continuous integration.

0.1.13 - Modified fetchkey to extract Windows linefeed terminated keys, and exposed a new function in Verify that returns the pgp verification info after signature verification.

0.1.12 - No changes; modified dependency version number for python-gnupgp

0.1.11 - New Features and Bug Fixes:

* _NEW_ Added a feature to signing to skip signing envelopes with a doc_version older that 0.21.0.

* Fixed a problem with signature validation due to changes in gnupg.

* Updated and fixated support for gnupg 0.30.0

0.1.10 - Fixed an issue with PipeTool not honoring the --lr-test-data argument.

0.1.9 - Added contribution from ISKME that adds basic HTTP Authentication for publish.

0.1.8 - Modified to handle new variant of Basic Harvest getrecord and listrecords response. Additional error handling.

0.1.7 - Bug fix for Python versions < 2.7 and added some flexibility to command line use.

0.1.6 - New Feature.

* Enhanced command line usage.

- Added envelope signature validation

- Command line arguments modified to have modes, sign & verify

0.1.4 - Minor enhancement.

* Updated files to import the right submodules
so package visibility is not obfuscated. No functionality changes.

0.1.3 - Bug Fix [PT #14231273](

* Bittorrent-python does not encode unicode strings. Repackaged LRSignature
with modified Bittorrent-python package which can handle UTF-8 strings.

* License for Bittorrent-python code is [Bittorrent Open Source License](

* Removed external dependency for Bittorrent-python module.

* Reverted changes from 0.1.2.

0.1.2 - Bug Fix [PT #14231273](

* UTF-8 encoded envelopes failed to sign.

- Unicode strings are now UTF-8 encoded before bencoding.

0.1.1 - Minor Bug Fix

* When gnupgHome is not defined, default option creates a directory named "~".

0.1.0 - Initial Release

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Filename, size & hash SHA256 hash help File type Python version Upload date
LRSignature-0.1.15.tar.gz (23.7 kB) Copy SHA256 hash SHA256 Source None May 6, 2014

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN SignalFx SignalFx Supporter DigiCert DigiCert EV certificate StatusPage StatusPage Status page