HTTP Message Signatures
Project description
HTTP Message Signatures
This library implements HTTP Message Signatures. The underlying crypto is provided by PyCryptodomex.
Pypi Page: https://pypi.org/project/httpsigpy/
Usage:
from httpsig import *
Signing
To sign an HTTP message, first it has to be parsed into its message components:
msg = event['body'].encode('utf-8')
components = parse_components(msg)
This provides a data structure with each possible message component indexed by its name, identifier, and value.
To create the signature input, pass in the parsed components structure as well as a list of components to sign, with the signature parameters:
siginput = generate_input(
components,
( # covered components list
{ 'id': "@method" },
{ 'id': "@authority" },
{ 'id': "@path" },
{ 'id': "content-digest" },
{ 'id': "content-length" },
{ 'id': "content-type" }
),
{
'created': 1618884473,
'keyid': 'test-key-rsa-pss'
}
)
base = siginput['signatureInput']
sigparams = siginput['signatureParams']
This outputs a base
string that can be passed to the signer.
key = RSA.import_key(PKCS8.unwrap(PEM.decode(rsaTestKeyPssPrivate)[0])[1])
h = SHA512.new(base.encode('utf-8'))
signer = pss.new(key, mask_func=mgf512, salt_bytes=64)
signed = http_sfv.Item(signer.sign(h))
Verify
To verify an HTTP message, first it has to be parsed into its message components:
msg = event['body'].encode('utf-8')
components = parse_components(msg)
This provides a data structure with each possible message component indexed by its name, identifier, and value.
To create the signature input, pass in the parsed components structure as well as a list of components to sign, and the signature parameters.
siginput = generate_input(
components,
( # covered components list
{ 'id': "@method" },
{ 'id': "@authority" },
{ 'id': "@path" },
{ 'id': "content-digest" },
{ 'id': "content-length" },
{ 'id': "content-type" }
),
{
'created': 1618884473,
'keyid': 'test-key-rsa-pss'
}
)
This can be passed to the verifier function:
h = SHA512.new(base.encode('utf-8'))
pubKey = RSA.import_key(rsaTestKeyPssPublic)
verifier = pss.new(pubKey, mask_func=mgf512, salt_bytes=64)
try:
verified = verifier.verify(h, signed.value)
print('> YES!')
except (ValueError, TypeError):
print('> NO!')
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for httpsigpy-0.0.7-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 8c1f2237bdfdff6bc0f45998c54d4cc9f559d1ea58ccfbef618cc376fda2f3f8 |
|
MD5 | 6014786bd1a57fc1ffc1fb107f3a0f65 |
|
BLAKE2b-256 | cda04599cdb9dee694cb8d8dbdfc99be335ed95f2581ee648aa37fa5fd4753c9 |