SafePickling is a python library that allows you to sign and verify python pickles
Project description
SafePickling
SafePickling is a python library that allows you to sign and verify python pickles.
graph LR
subgraph Server
A[Object]:::object -->B{Pickle and sign}:::cryptography
C[Key]:::storage --> B
B --> pik2[signature] --> D(Server):::network
B --> pik1[pickle] --> D
end
subgraph Client
D ==> E(Client):::network
E -->unpik2[signature]
E -->unpik1[pickle] --> F{Sign}:::cryptography
known[(Known keys)]:::storage --> F --> F
F --> eq{Is equal?}
unpik2 --> eq:::cryptography
eq -->|Yes|unpik{{Unpickle}}:::cryptography --> Z[Object]:::object
eq -->|No|Invalid(Invalid):::error
end
classDef network fill:#FFD666;
classDef cryptography fill:#82FF66;
classDef error fill:#FF6B66;
classDef storage fill:#DE66FF;
classDef object fill:#666EFF;
Installation
pip install safepickling
Usage Example
object = ExampleObject()
server = SafePickling() # Create a server instance
server.generate_key() # Generate a random key for the server
pickled_object = server.pickle(object) # Pickle the object and sign it
client = SafePickling() # Create a client instance
client.add_trusted_keys([server.key]) # Add the server's key to the client's trusted keys
unpickled_object = client.unpickle(pickled_object) # Unpickle the data while verifying it's signature with the server's key
Cryptography
Random provided by secrets.token_bytes
Hash comparison with hmac.compare_digest
Hashing done using hashlib.blake2b
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
SafePickling-1.0.1.tar.gz
(3.1 kB
view hashes)
Built Distribution
Close
Hashes for SafePickling-1.0.1-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 286149d8fed558ef511a459479db44ce7bfdb2083c259e6f6fe1cf809d7cd264 |
|
| MD5 | 91defb76eb919340b4e36dfa87939856 |
|
| BLAKE2b-256 | c5bd50524a54bf326197c3deba1ce08a07550a53e950edee543a1bf197315fb2 |
