Simple secure signing for HTTP requests using http-signature

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for atl from gravatar.com atl

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: Adam T. Lindsay
  • Tags http, cryptography, web, joyent
Classifiers

Project description

Sign http requests with secure signatures.

Requirements

  • PyCrypto

Optional:

  • ssh or paramiko >= 1.8.0 (for ssh-agent integration)

  • requests

Usage

for simple raw signing:

import http_signature

sig_maker = http_signature.Signer(secret='test.pem', algorithm='rsa-sha256')
sig_maker.sign('hello world!')

for use with requests:

import json
import requests
from http_signature.requests_auth import HTTPSignatureAuth

auth = HTTPSignatureAuth(key_id='Test', secret='test.pem')
z = requests.get('https://api.joyentcloud.com/my/packages/Small+1GB',
                         auth=auth, headers={'X-Api-Version': '~6.5'})

Class initialization parameters

http_signature.Signer(secret='', algorithm='rsa-sha256', allow_agent=False)

secret, in the case of an rsa signature, is a path to a private RSA pem file. In the case of an hmac, it is a secret password. algorithm is one of the six allowed signatures: rsa-sha1, rsa-sha256, rsa-sha512, hmac-sha1, hmac-sha256, hmac-sha512. allow_agent uses the ssh package to find an ssh-agent instance running, and uses that to sign all requests. Note that if so, this overrides manual selection of the signing algorithm to rsa-sha1.

http_signature.requests_auth.HTTPSignatureAuth(key_id='', secret='', algorithm='rsa-sha256', headers=None, allow_agent=False)

key_id is the label by which the server system knows your RSA signature or password. headers is the list of HTTP headers that are concatenated and used as signing objects. By default it is the specification’s minimum, the Date HTTP header. secret, algorithm, and allow_agent are as above.

License

MIT

Changes

0.1.4 (2012-10-03)

  • Account for ssh now being re-merged into paramiko: either package is acceptable (but paramiko should ideally be >= 1.8.0)

0.1.3 (2012-10-02)

  • Stop enabling allow_agent by default

  • Stop requiring ssh package by default – it is imported only when allow_agent=True

  • Changed logic around ssh-agent: if one key is available, don’t bother with any other authentication method

  • Changed logic around key file usage: if decryption fails, prompt for password

  • Bug fix: ssh-agent resulted in a nonsensical error if it found no correct keys (thanks, petervolpe)

  • Introduce versioneer.py

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for atl from gravatar.com atl

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: Adam T. Lindsay
  • Tags http, cryptography, web, joyent
Classifiers

Release history Release notifications | RSS feed

This version

0.1.4

0.1.3

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

http_signature-0.1.4.tar.gz (9.8 kB view details)

Uploaded Source

File details

Details for the file http_signature-0.1.4.tar.gz.

File metadata

File hashes

Hashes for http_signature-0.1.4.tar.gz
Algorithm Hash digest
SHA256 14acc192ef20459d5e11b4e800dd3a4542f6bd2ab191bf5717c696bf30936c62
MD5 015061846254bd5d8c5dbc2913985153
BLAKE2b-256 a051ebab9707f1e133585fd230d5a20f1e7025de284b3f387e51a29d39c9b444

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page