HTTP Message Signatures
Project description
HTTP Message Signatures
This library implements HTTP Message Signatures. The underlying crypto is provided by PyCryptodomex.
Pypi Page: https://pypi.org/project/httpsigpy/
Usage:
from httpsig import *
Signing
To sign an HTTP message, first it has to be parsed into its message components:
msg = event['body'].encode('utf-8')
components = parse_components(msg)
This provides a data structure with each possible message component indexed by its name, identifier, and value.
To create the signature input, pass in the parsed components structure as well as a list of components to sign, with the signature parameters:
siginput = generate_input(
components,
( # covered components list
{ 'id': "@method" },
{ 'id': "@authority" },
{ 'id': "@path" },
{ 'id': "content-digest" },
{ 'id': "content-length" },
{ 'id': "content-type" }
),
{
'created': 1618884473,
'keyid': 'test-key-rsa-pss'
}
)
base = siginput['signatureInput']
sigparams = siginput['signatureParams']
This outputs a base
string that can be passed to the signer.
key = RSA.import_key(PKCS8.unwrap(PEM.decode(rsaTestKeyPssPrivate)[0])[1])
h = SHA512.new(base.encode('utf-8'))
signer = pss.new(key, mask_func=mgf512, salt_bytes=64)
signed = http_sfv.Item(signer.sign(h))
Verify
To verify an HTTP message, first it has to be parsed into its message components:
msg = event['body'].encode('utf-8')
components = parse_components(msg)
This provides a data structure with each possible message component indexed by its name, identifier, and value.
To create the signature input, pass in the parsed components structure as well as a list of components to sign, and the signature parameters.
siginput = generate_input(
components,
( # covered components list
{ 'id': "@method" },
{ 'id': "@authority" },
{ 'id': "@path" },
{ 'id': "content-digest" },
{ 'id': "content-length" },
{ 'id': "content-type" }
),
{
'created': 1618884473,
'keyid': 'test-key-rsa-pss'
}
)
This can be passed to the verifier function:
h = SHA512.new(base.encode('utf-8'))
pubKey = RSA.import_key(rsaTestKeyPssPublic)
verifier = pss.new(pubKey, mask_func=mgf512, salt_bytes=64)
try:
verified = verifier.verify(h, signed.value)
print('> YES!')
except (ValueError, TypeError):
print('> NO!')
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distributions
Hashes for httpsigpy-0.0.5-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | c8eeeb3683dd801da3bae446d80b46bc1e6687e8abbf673a688a9bb36c924269 |
|
MD5 | 4ddd4fd3d39513e0f04e4a7122da4e8d |
|
BLAKE2b-256 | f6d92e1acd6cf130c8967fbc0a99939da01bc5c5b7d993e369dd7dad3705d1ec |