Skip to main content

Fork of httpsig. HMAC only, no RSA, no PyCrypto, pure Python.

Project description

https://travis-ci.org/alexanderlukanin13/httpsig-pure-hmac.svg?branch=master

Fork of Adam Knight’s httpsig, providing the same functionality, except that:

  • RSA is not supported.

  • PyCrypto is not required.

This package is intended as a lightweight option for HMAC-only clients.

Requirements

  • Python 2.7, 3.3+

  • six

Usage

import httpsig_pure_python as httpsig

See original package for more info.

httpsig Changes

1.1.2 (2015-Feb-11)

  • HMAC verification is now constant-time.

1.1.1 (2015-Feb-11)

  • (pulled)

1.1.0 (2014-Jul-24)

  • Changed “(request-line)” to “(request-target)” to comply with Draft 3.

1.0.3 (2014-Jul-09)

  • Unified the default signing algo under one setting. Setting httpsig.sign.DEFAULT_SIGN_ALGORITHM changes it for all future instances.

  • Handle invalid params a little better.

1.0.2 (2014-Jul-02)

  • Ensure we treat headers as ASCII strings.

  • Handle a case in the authorization header where there’s garbage (non-keypairs) after the method name.

1.0.1 (2014-Jul-02)

  • Python 3 support (2.7 + 3.2-3.4)

  • Updated tox and Travis CI configs to test the supported Python versions.

  • Updated README.

1.0.0 (2014-Jul-01)

  • Written against http://tools.ietf.org/html/draft-cavage-http-signatures-02

  • Added “setup.py test” and tox support.

  • Added sign/verify unit tests for all currently-supported algorithms.

  • HeaderSigner and HeaderVerifier now share the same message-building logic.

  • The HTTP method in the message is now properly lower-case.

  • Resolved unit test failures.

  • Updated Verifier and HeaderVerifier to handle verifying both RSA and HMAC sigs.

  • Updated versioneer.

  • Updated contact/author info.

  • Removed stray keypair in test dir.

  • Removed SSH agent support.

  • Removed suport for reading keyfiles from disk as this is a huge security hole if this is used in a server framework like drf-httpsig.

1.0b1 (2014-Jun-23)

  • Removed HTTP version from request-line, per spec (breaks backwards compatability).

  • Removed auto-generation of missing Date header (ensures client compatability).

http-signature (previous)

0.2.0 (unreleased)

  • Update to newer spec (incompatible with prior version).

  • Handle request-line meta-header.

  • Allow secret to be a PEM encoded string.

  • Add test cases from spec.

0.1.4 (2012-10-03)

  • Account for ssh now being re-merged into paramiko: either package is acceptable (but paramiko should ideally be >= 1.8.0)

0.1.3 (2012-10-02)

  • Stop enabling allow_agent by default

  • Stop requiring ssh package by default – it is imported only when allow_agent=True

  • Changed logic around ssh-agent: if one key is available, don’t bother with any other authentication method

  • Changed logic around key file usage: if decryption fails, prompt for password

  • Bug fix: ssh-agent resulted in a nonsensical error if it found no correct keys (thanks, petervolpe)

  • Introduce versioneer.py

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

httpsig-pure-hmac-1.1.2.tar.gz (21.8 kB view details)

Uploaded Source

File details

Details for the file httpsig-pure-hmac-1.1.2.tar.gz.

File metadata

File hashes

Hashes for httpsig-pure-hmac-1.1.2.tar.gz
Algorithm Hash digest
SHA256 1169c2fa160f5b49c821fe2bcb27f374c24d9df397976d4e0ee73422f4eeaf94
MD5 3397d54ffe21f988db232451092d4944
BLAKE2b-256 7b141cbe133af295756858b294b8fe779144b3bc9c187ff2aaac116d30bb5cc3

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page