Validator for SignedShot media authenticity proofs

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for felippemsc2 from gravatar.com felippemsc2

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Tags signedshot , media , authenticity , validation , cryptography
  • Requires: Python >=3.8
Classifiers
Report project as malware

Project description

SignedShot

Verify SignedShot media authenticity proofs in Python.

PyPI

Installation

pip install signedshot

Quick Start

import signedshot

# Validate from files
result = signedshot.validate_files("photo.sidecar.json", "photo.jpg")

print(result.valid)   # True if all checks pass
print(result.error)   # Error message if validation failed

Usage

Validate from Files

result = signedshot.validate_files("photo.sidecar.json", "photo.jpg")

Validate from Bytes

with open("photo.sidecar.json") as f:
    sidecar_json = f.read()
with open("photo.jpg", "rb") as f:
    media_bytes = f.read()

result = signedshot.validate(sidecar_json, media_bytes)

Validate with Pre-loaded JWKS

Avoid HTTP calls by providing JWKS directly:

import requests

jwks = requests.get("https://api.signedshot.io/.well-known/jwks.json").text
result = signedshot.validate_with_jwks(sidecar_json, media_bytes, jwks)

Validation Result

result = signedshot.validate_files("photo.sidecar.json", "photo.jpg")

# Overall result
result.valid      # True/False
result.version    # Sidecar format version
result.error      # Error message (if any)

# Capture trust (JWT verification)
trust = result.capture_trust
trust["signature_valid"]   # JWT signature verified
trust["issuer"]            # API that issued the token
trust["publisher_id"]      # Publisher ID
trust["device_id"]         # Device ID
trust["capture_id"]        # Capture session ID
trust["method"]            # "sandbox", "app_check", or "app_attest"
trust["app_id"]            # App bundle ID (if attested)
trust["issued_at"]         # Unix timestamp

# Media integrity (content verification)
integrity = result.media_integrity
integrity["content_hash_valid"]   # SHA-256 hash matches
integrity["signature_valid"]      # ECDSA signature verified
integrity["capture_id_match"]     # Capture IDs match
integrity["content_hash"]         # SHA-256 of media
integrity["captured_at"]          # ISO8601 timestamp

# Export
result.to_dict()   # Convert to dictionary
result.to_json()   # Convert to JSON string

What It Validates

  1. Capture Trust (JWT)

    • Fetches JWKS from issuer
    • Verifies ES256 signature
    • Extracts attestation claims

  2. Media Integrity

    • Computes SHA-256 of media
    • Verifies ECDSA signature
    • Confirms capture_id matches

Links

License

MIT

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for felippemsc2 from gravatar.com felippemsc2

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Tags signedshot , media , authenticity , validation , cryptography
  • Requires: Python >=3.8
Classifiers

Release history Release notifications | RSS feed

0.1.9

0.1.8

This version

0.1.7

0.1.5

0.1.4

0.1.3

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

signedshot-0.1.7.tar.gz (32.0 kB view details)

Uploaded Source

Built Distributions

If you're not sure about the file name format, learn more about wheel file names.

signedshot-0.1.7-cp312-cp312-win_amd64.whl (1.8 MB view details)

Uploaded CPython 3.12Windows x86-64

signedshot-0.1.7-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (2.2 MB view details)

Uploaded CPython 3.12manylinux: glibc 2.17+ x86-64

signedshot-0.1.7-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl (2.2 MB view details)

Uploaded CPython 3.12manylinux: glibc 2.17+ ARM64

signedshot-0.1.7-cp312-cp312-macosx_11_0_arm64.whl (2.0 MB view details)

Uploaded CPython 3.12macOS 11.0+ ARM64

signedshot-0.1.7-cp312-cp312-macosx_10_12_x86_64.whl (2.1 MB view details)

Uploaded CPython 3.12macOS 10.12+ x86-64

File details

Details for the file signedshot-0.1.7.tar.gz.

File metadata

  • Download URL: signedshot-0.1.7.tar.gz
  • Upload date:
  • Size: 32.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for signedshot-0.1.7.tar.gz
Algorithm Hash digest
SHA256 494502ac6484a767f20256120446568e0be608170ff483881b89253930b4eb0f
MD5 4fc6c91429fdd6c3eeda9151ae98ec39
BLAKE2b-256 548337e792acf2ae267ca29997a272b6fc89816e7e99d8fdcc1514ab0d05022c

See more details on using hashes here.

Provenance

The following attestation bundles were made for signedshot-0.1.7.tar.gz:

Publisher: release.yml on SignedShot/signedshot-validator

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file signedshot-0.1.7-cp312-cp312-win_amd64.whl.

File metadata

  • Download URL: signedshot-0.1.7-cp312-cp312-win_amd64.whl
  • Upload date:
  • Size: 1.8 MB
  • Tags: CPython 3.12, Windows x86-64
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for signedshot-0.1.7-cp312-cp312-win_amd64.whl
Algorithm Hash digest
SHA256 1394f2a49ee8bd6d706d2a004e0f20bda4a8ee72122e100145d09ce982a4e76d
MD5 6eec04ad5a73c525785512239287f132
BLAKE2b-256 47dcd2793cc2038802dc7a6d98e2f10cb0dea7ef6baec7771c8dbb490b3bb7e5

See more details on using hashes here.

Provenance

The following attestation bundles were made for signedshot-0.1.7-cp312-cp312-win_amd64.whl:

Publisher: release.yml on SignedShot/signedshot-validator

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file signedshot-0.1.7-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.

File metadata

File hashes

Hashes for signedshot-0.1.7-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Algorithm Hash digest
SHA256 1f25d4816624f76693db57687006add4f8056534d4667285b52916848fab9073
MD5 15a5190e1a587ac13152e9b4b20bd127
BLAKE2b-256 50ce68265381d9feddba1198f46771c63ca7af46fc704b12038832e0ec601d88

See more details on using hashes here.

Provenance

The following attestation bundles were made for signedshot-0.1.7-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl:

Publisher: release.yml on SignedShot/signedshot-validator

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file signedshot-0.1.7-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl.

File metadata

File hashes

Hashes for signedshot-0.1.7-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl
Algorithm Hash digest
SHA256 6ecba8539b2ccf8153620a8af0153d72c989073b8af48b55263e8fc6832bcd8c
MD5 d0015562a3e8bdf9dea6bcc5d0df4d90
BLAKE2b-256 9bed5449b438e13d5ac1e553820dd271df2213a65f6144c21209e2f41a95b661

See more details on using hashes here.

Provenance

The following attestation bundles were made for signedshot-0.1.7-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl:

Publisher: release.yml on SignedShot/signedshot-validator

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file signedshot-0.1.7-cp312-cp312-macosx_11_0_arm64.whl.

File metadata

File hashes

Hashes for signedshot-0.1.7-cp312-cp312-macosx_11_0_arm64.whl
Algorithm Hash digest
SHA256 3b7fb97364e0600f3741d20691ef44eefb34344a6e594b96215f2b0c546fbefd
MD5 53d59071fc26609046176ebdd788a5ad
BLAKE2b-256 9c988067c00a61551554183e0546683a580df3a8a3abc72532e7e73149b84804

See more details on using hashes here.

Provenance

The following attestation bundles were made for signedshot-0.1.7-cp312-cp312-macosx_11_0_arm64.whl:

Publisher: release.yml on SignedShot/signedshot-validator

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file signedshot-0.1.7-cp312-cp312-macosx_10_12_x86_64.whl.

File metadata

File hashes

Hashes for signedshot-0.1.7-cp312-cp312-macosx_10_12_x86_64.whl
Algorithm Hash digest
SHA256 2d31b302c52aaf3760138ef8dc5f34e211d17f6ba630b0c9772f3be0f38c0464
MD5 119b5424cb2c18c1fc1a70eb8c9b849d
BLAKE2b-256 0295f51f35779f0148b6bb09c3012afb537155ed8906a2997315e88efa4aa4ec

See more details on using hashes here.

Provenance

The following attestation bundles were made for signedshot-0.1.7-cp312-cp312-macosx_10_12_x86_64.whl:

Publisher: release.yml on SignedShot/signedshot-validator

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page