Kinto signer

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for alexis.metaireau from gravatar.com alexis.metaireau Avatar for glasserc from gravatar.com glasserc Avatar for leplatrem from gravatar.com leplatrem Avatar for magopian from gravatar.com magopian Avatar for mythmon from gravatar.com mythmon Avatar for Natim from gravatar.com Natim Avatar for tarek from gravatar.com tarek

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache Software License (Apache License (2.0))
  • Author: Mozilla Services
  • Tags web , services
Classifiers
Report project as malware

Project description

travis

What does this do?

Kinto signer is a Kinto plugin that makes it possible to sign the updates of Kinto collections. In other words, it’s a way to verify that the data the client has got is the data the original authors intended to distribute.

This works with two Kinto instances:

  • A, the authority (also known as “the signer”). It is where the original data are sent. The authority is configured to sign the data for a specific “origin”.

  • O, the origin, which will end up distributing the data and the signatures. It is where the client retrieve the data.

schema.png

Triggering a signature on the authority

Once started, the authority is behaving like a normal Kinto server, until you ask for a signature of the collection. To trigger this signature operation, you need to add a specific field on the collection: status: "to-sign".

Here is how to do it with httpie:

echo '{"data": {"status": "to-sign"}}' | http PATCH http://0.0.0.0:8888/v1/buckets/default/collections/tasks --auth user:pass

From there, the authority will:

  1. Retrieve all records on the collection, compute a hash of the records, and generate a signature out of it.

  2. Send all local changes to the Origin server, with a signature.

  3. Update the collection metadata with status:signed.

Configuring kinto-signer

To install this plugin in a Kinto server, a few configuration variables need to be set.

Here is an example of what a configuration could look like:

kinto.includes = kinto_signer

kinto.signer.resources =
    source/collection1;destination/collection1
    source/collection2;destination/collection2

Setting name

What does it do?

kinto.signer.resources

The name of the buckets and collections on which signatures can be triggered and the destination where the data and the signatures will end-up.

kinto.signer.signer_backend

The python dotted location to the signer to use. By default, a local ECDSA signer will be used. Choices are either kinto_signer.signer.local_ecdsa or kinto_signer.signer.autograph Have a look at the sections below for more information.

Configuration for the (default) ECDSA local signer

Setting name

What does it do?

kinto.signer.ecdsa.private_key

Absolute path to the ECDSA private key to use to apply the signatures

kinto.signer.ecdsa.public_key

Absolute path to the ECDSA private key to use to verify the signature (useful if you just want to use the signer as a verifier)

Configuration for the Autograph signer

Kinto signer can integrate with the Autograph server. To do so, use the following settings:

Setting name

What does it do?

kinto.signer.autograph.server_url

The autograph server URL

kinto.signer.autograph.hawk_id

The hawk identifier used to issue the requests.

kinto.signer.autograph.hawk_secret

The hawk secret used to issue the requests.

Generating a keypair

To generate a new keypair, you can use the following command:

$ python -m kinto_signer.generate_keypair private.pem public.pem

Running the tests

To run the unit tests:

$ make tests

For the functional tests:

$ make run-signer
$ make functional

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for alexis.metaireau from gravatar.com alexis.metaireau Avatar for glasserc from gravatar.com glasserc Avatar for leplatrem from gravatar.com leplatrem Avatar for magopian from gravatar.com magopian Avatar for mythmon from gravatar.com mythmon Avatar for Natim from gravatar.com Natim Avatar for tarek from gravatar.com tarek

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache Software License (Apache License (2.0))
  • Author: Mozilla Services
  • Tags web , services
Classifiers

Release history Release notifications | RSS feed

8.1.1

8.0.1

8.0.0

7.0.0

6.1.0

6.0.2

6.0.1

6.0.0

5.2.1

5.2.0

5.1.0

5.0.1

5.0.0

4.0.1

4.0.0

3.3.9

3.3.8

3.3.7

3.3.6

3.3.5

3.3.4

3.3.3

3.3.2

3.3.0

3.2.5

3.2.4

3.2.3

3.2.2

3.2.1

3.2.0

3.1.0

3.0.0

2.2.0

2.1.1

2.1.0

2.0.0

1.5.4

1.5.3

1.5.2

1.5.1

1.5.0

1.4.0

1.3.3

1.3.2

1.3.1

1.3.0

1.2.0

1.1.1

1.0.0

0.9.2

0.9.1

0.9.0

0.8.1

0.8.0

0.7.3

0.7.2

0.7.1

0.7.0

0.6.0

0.5.0

0.4.0

0.3.0

0.2.0

This version

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

kinto-signer-0.1.0.tar.gz (12.2 kB view details)

Uploaded Source

File details

Details for the file kinto-signer-0.1.0.tar.gz.

File metadata

  • Download URL: kinto-signer-0.1.0.tar.gz
  • Upload date:
  • Size: 12.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No

File hashes

Hashes for kinto-signer-0.1.0.tar.gz
Algorithm Hash digest
SHA256 dd148d526c6bfb7556ea2e3f552693e471fcb71522c8066def44e48f5872a230
MD5 4aaee75ef23722a4bf422ad8060db593
BLAKE2b-256 08a4b8c08694fc055363605adff37d93be90bd28be61aeb7124ce59c635c23a5

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page