PHT train container library

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for aroehl from gravatar.com aroehl Avatar for migraf from gravatar.com migraf Avatar for tada5hi from gravatar.com tada5hi

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License
  • Author: Michael Graf
  • Tags PHT, security, encryption, personalhealthtrain, docker
  • Requires: Python >=3.7
Classifiers

Project description

Documentation Status CodeQL main-ci codecov PyPI version

Train Container Library

Python library for validating and interacting with pht-train images/containers.

Installation

pip install pht-train-container-library

Security Protocol

The pht security protocol adapted from docs/Secure_PHT_latest__official.pdf performs two main tasks:

  1. Before executing a train-image on the local machine, unless the station is the first station on the route, the previous results need to be decrypted and the content of the image needs to be validated based on the configuration of the individual train -> pre-run.
  2. After executing the train the updated results need to be encrypted and the train configuration needs to be updated to reflect the current state ->post-run.

To function the protocol expects two environment variables to be set:

  1. STATION_ID String identifier that has public key/s registered with the central service
  2. RSA_STATON_PRIVATE_KEY Hex string containing the private key to be used for decryption and signing.

Pre-run protocol

The pre-run protocol consists of the following steps

  1. The hash of the immutable files (train definition) is verified making sure that the executable files did not change during the the train definition.
  2. The digital signature is verified ensuring the correctness of the results at each stop of the train.
  3. The symmetric key is decrypted using the provided station private key
  4. The mutable files in /opt/pht_results are decrypted using the symmetric key obtained in the previous step
  5. The decrypted files are hashed and the hash is compared to the one stored in the train configuration file.

Once these steps have been completed the image is ready to be executed.

Post-run protocol

  1. Calculate the hash of the newly generated results
  2. Sign the hash of the results using the provided RSA_STATION_PRIVATE_KEY
  3. Update the the train signature using the session id that is randomly generated at each execution step
  4. Encrypt the resulting files using a newly generated symmetric key
  5. Encrypt the generated symmetric key with the public keys of the train participants
  6. Update the train configuration file

With the completion of these steps the train is ready to be pushed into the registry for further processing

Tests

Run the tests to validate the security protocol is working as intended. From this projects root directory run pytest train_lib

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for aroehl from gravatar.com aroehl Avatar for migraf from gravatar.com migraf Avatar for tada5hi from gravatar.com tada5hi

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License
  • Author: Michael Graf
  • Tags PHT, security, encryption, personalhealthtrain, docker
  • Requires: Python >=3.7
Classifiers

Release history Release notifications | RSS feed

2.0.6 yanked

2.0.6a0 pre-release

2.0.5

2.0.4

2.0.2

2.0.1

2.0.0 yanked

2.0.0a9 pre-release

2.0.0a8 pre-release

2.0.0a7 pre-release

2.0.0a6 pre-release

2.0.0a5 pre-release

2.0.0a4 pre-release

2.0.0a3 pre-release

2.0.0a2 pre-release

2.0.0a1 pre-release

1.1.2

1.1.1

1.1.0

1.0.6

1.0.5

1.0.4

1.0.3

1.0.2

This version

1.0.1

1.0.0

0.9.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pht-train-container-library-1.0.1.tar.gz (37.2 kB view details)

Uploaded Source

File details

Details for the file pht-train-container-library-1.0.1.tar.gz.

File metadata

  • Download URL: pht-train-container-library-1.0.1.tar.gz
  • Upload date:
  • Size: 37.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.7.1 importlib_metadata/4.10.0 pkginfo/1.8.2 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.62.3 CPython/3.9.4

File hashes

Hashes for pht-train-container-library-1.0.1.tar.gz
Algorithm Hash digest
SHA256 c72c64ed9fbd44c7f7f3a4f1c64bfc03bd87a48ebb73adccffc533c381472bd5
MD5 364c2e8d0e8f66ce3047ca13d567b492
BLAKE2b-256 6f661dd7e09281e793dc250f18e3deabd8346ed68b799d415a1f9ce62d4d7b0b

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page