Skip to main content

SafePickling is a python library that allows you to sign and verify python pickles

Project description

SafePickling

SafePickling is a python library that allows you to sign and verify python pickles.

graph LR
    subgraph Server
        A[Object]:::object -->B{Pickle and sign}:::cryptography
        C[Key]:::storage --> B
        B --> pik2[signature] --> D(Server):::network
        B --> pik1[pickle] --> D
    end
    subgraph Client
        D ==> E(Client):::network
        E -->unpik2[signature]
        E -->unpik1[pickle] --> F{Sign}:::cryptography
        known[(Known keys)]:::storage --> F --> F
        F --> eq{Is equal?}
        unpik2 --> eq:::cryptography
        eq -->|Yes|unpik{{Unpickle}}:::cryptography --> Z[Object]:::object
        eq -->|No|Invalid(Invalid):::error
    end

    classDef network fill:#FFD666;
    classDef cryptography fill:#82FF66;
    classDef error fill:#FF6B66;
    classDef storage fill:#DE66FF;
    classDef object fill:#666EFF;

Installation

pip install safepickling

Usage Example

object = ExampleObject()

server = SafePickling() # Create a server instance
server.generate_key() # Generate a random key for the server
pickled_object = server.pickle(object) # Pickle the object and sign it
client = SafePickling() # Create a client instance
client.add_trusted_keys([server.key]) # Add the server's key to the client's trusted keys
unpickled_object = client.unpickle(pickled_object) # Unpickle the data while verifying it's signature with the server's key

Cryptography

Random provided by secrets.token_bytes

Hash comparison with hmac.compare_digest

Hashing done using hashlib.blake2b

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

SafePickling-1.0.1.tar.gz (3.1 kB view hashes)

Uploaded Source

Built Distribution

SafePickling-1.0.1-py3-none-any.whl (2.8 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page