SafePickling is a python library that allows you to sign and verify python pickles
Project description
SafePickling
SafePickling is a python library that allows you to sign and verify python pickles.
graph LR
subgraph Server
A[Object]:::object -->B{Pickle and sign}:::cryptography
C[Key]:::storage --> B
B --> pik2[signature] --> D(Server):::network
B --> pik1[pickle] --> D
end
subgraph Client
D ==> E(Client):::network
E -->unpik2[signature]
E -->unpik1[pickle] --> F{Sign}:::cryptography
known[(Known keys)]:::storage --> F --> F
F --> eq{Is equal?}
unpik2 --> eq:::cryptography
eq -->|Yes|unpik{{Unpickle}}:::cryptography --> Z[Object]:::object
eq -->|No|Invalid(Invalid):::error
end
classDef network fill:#FFD666;
classDef cryptography fill:#82FF66;
classDef error fill:#FF6B66;
classDef storage fill:#DE66FF;
classDef object fill:#666EFF;
Installation
pip install safepickling
Usage Example
object = ExampleObject()
server = SafePickling() # Create a server instance
server.generate_key() # Generate a random key for the server
pickled_object = server.pickle(object) # Pickle the object and sign it
client = SafePickling() # Create a client instance
client.add_trusted_keys([server.key]) # Add the server's key to the client's trusted keys
unpickled_object = client.unpickle(pickled_object) # Unpickle the data while verifying it's signature with the server's key
Cryptography
Random provided by secrets.token_bytes
Hash comparison with hmac.compare_digest
Hashing done using hashlib.blake2b
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
SafePickling-1.0.0.tar.gz
(2.9 kB
view hashes)
Built Distribution
Close
Hashes for SafePickling-1.0.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | c7ff91413c990d07e75dd31909a91405ce906324c87dbcbbb54a5c0162d3b3fb |
|
MD5 | e8e70a60e8359038865f16e3cbe661e0 |
|
BLAKE2b-256 | 9c4eb4375aeb2babad2c9fecd7e49b2cd30a532f81ec90194fc43efb832a6ee8 |