PHT train container library
Project description
Train Container Library
Python library for validating and interacting with pht-train images/containers.
Installation
pip install pht-train-container-library
Security Protocol
The pht security protocol adapted from docs/Secure_PHT_latest__official.pdf performs two main tasks:
- Before executing a train-image on the local machine, unless the station is the first station on the route, the
previous results need to be decrypted and the content of the image needs to be validated based on the configuration
of the individual train ->
pre-run. - After executing the train the updated results need to be encrypted and the train configuration needs to be updated to
reflect the current state ->
post-run.
To function the protocol expects two environment variables to be set:
STATION_IDString identifier that has public key/s registered with the central serviceRSA_STATON_PRIVATE_KEYHex string containing the private key to be used for decryption and signing.
Pre-run protocol
The pre-run protocol consists of the following steps
- The hash of the immutable files (train definition) is verified making sure that the executable files did not change during the the train definition.
- The digital signature is verified ensuring the correctness of the results at each stop of the train.
- The symmetric key is decrypted using the provided station private key
- The mutable files in
/opt/pht_resultsare decrypted using the symmetric key obtained in the previous step - The decrypted files are hashed and the hash is compared to the one stored in the train configuration file.
Once these steps have been completed the image is ready to be executed.
Post-run protocol
- Calculate the hash of the newly generated results
- Sign the hash of the results using the provided
RSA_STATION_PRIVATE_KEY - Update the the train signature using the session id that is randomly generated at each execution step
- Encrypt the resulting files using a newly generated symmetric key
- Encrypt the generated symmetric key with the public keys of the train participants
- Update the train configuration file
With the completion of these steps the train is ready to be pushed into the registry for further processing
Tests
Run the tests to validate the security protocol is working as intended. From this projects root directory run
pytest train_lib
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file pht-train-container-library-1.0.6.tar.gz.
File metadata
- Download URL: pht-train-container-library-1.0.6.tar.gz
- Upload date:
- Size: 27.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.8.0 pkginfo/1.8.2 readme-renderer/32.0 requests/2.27.1 requests-toolbelt/0.9.1 urllib3/1.26.8 tqdm/4.62.3 importlib-metadata/4.11.1 keyring/23.5.0 rfc3986/2.0.0 colorama/0.4.4 CPython/3.9.10
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | b24e0d04b303143f13f429f59781679221d143927b0ce5628d8b226a621c5f4d |
|
| MD5 | 8842e211533a7a4fc3c687e2fce73117 |
|
| BLAKE2b-256 | d5378b02fa4f738677cdda40d9a7a190f51883955371869c800a42cf6a938c6e |
File details
Details for the file pht_train_container_library-1.0.6-py3-none-any.whl.
File metadata
- Download URL: pht_train_container_library-1.0.6-py3-none-any.whl
- Upload date:
- Size: 33.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.8.0 pkginfo/1.8.2 readme-renderer/32.0 requests/2.27.1 requests-toolbelt/0.9.1 urllib3/1.26.8 tqdm/4.62.3 importlib-metadata/4.11.1 keyring/23.5.0 rfc3986/2.0.0 colorama/0.4.4 CPython/3.9.10
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | b4856ba2dfd23ccc7f2519cb6dfa1b43695e4db344fb28229ea433b4f373dbaa |
|
| MD5 | bc7f48e201c23170bf8716e28f11def5 |
|
| BLAKE2b-256 | 6cf9d5bd6bdc0d8c3cb75cc7fd2dac54eab61973952827de594545677bdbb0c2 |
