Validator for SignedShot media authenticity proofs

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for felippemsc2 from gravatar.com felippemsc2

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Tags signedshot , media , authenticity , validation , cryptography
  • Requires: Python >=3.8
Classifiers
Report project as malware

Project description

SignedShot

Verify SignedShot media authenticity proofs in Python.

PyPI

Installation

pip install signedshot

Quick Start

import signedshot

# Validate from files
result = signedshot.validate_files("photo.sidecar.json", "photo.jpg")

print(result.valid)   # True if all checks pass
print(result.error)   # Error message if validation failed

Usage

Validate from Files

result = signedshot.validate_files("photo.sidecar.json", "photo.jpg")

Validate from Bytes

with open("photo.sidecar.json") as f:
    sidecar_json = f.read()
with open("photo.jpg", "rb") as f:
    media_bytes = f.read()

result = signedshot.validate(sidecar_json, media_bytes)

Validate with Pre-loaded JWKS

Avoid HTTP calls by providing JWKS directly:

import requests

jwks = requests.get("https://api.signedshot.io/.well-known/jwks.json").text
result = signedshot.validate_with_jwks(sidecar_json, media_bytes, jwks)

Validation Result

result = signedshot.validate_files("photo.sidecar.json", "photo.jpg")

# Overall result
result.valid      # True/False
result.version    # Sidecar format version
result.error      # Error message (if any)

# Capture trust (JWT verification)
trust = result.capture_trust
trust["signature_valid"]   # JWT signature verified
trust["issuer"]            # API that issued the token
trust["publisher_id"]      # Publisher ID
trust["device_id"]         # Device ID
trust["capture_id"]        # Capture session ID
trust["method"]            # "sandbox", "app_check", or "app_attest"
trust["app_id"]            # App bundle ID (if attested)
trust["issued_at"]         # Unix timestamp

# Media integrity (content verification)
integrity = result.media_integrity
integrity["content_hash_valid"]   # SHA-256 hash matches
integrity["signature_valid"]      # ECDSA signature verified
integrity["capture_id_match"]     # Capture IDs match
integrity["content_hash"]         # SHA-256 of media
integrity["captured_at"]          # ISO8601 timestamp

# Export
result.to_dict()   # Convert to dictionary
result.to_json()   # Convert to JSON string

What It Validates

  1. Capture Trust (JWT)

    • Fetches JWKS from issuer
    • Verifies ES256 signature
    • Extracts attestation claims

  2. Media Integrity

    • Computes SHA-256 of media
    • Verifies ECDSA signature
    • Confirms capture_id matches

Links

License

MIT

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for felippemsc2 from gravatar.com felippemsc2

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Tags signedshot , media , authenticity , validation , cryptography
  • Requires: Python >=3.8
Classifiers

Release history Release notifications | RSS feed

0.1.9

This version

0.1.8

0.1.7

0.1.5

0.1.4

0.1.3

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

signedshot-0.1.8.tar.gz (34.7 kB view details)

Uploaded Source

Built Distributions

If you're not sure about the file name format, learn more about wheel file names.

signedshot-0.1.8-cp312-cp312-win_amd64.whl (2.1 MB view details)

Uploaded CPython 3.12Windows x86-64

signedshot-0.1.8-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (2.6 MB view details)

Uploaded CPython 3.12manylinux: glibc 2.17+ x86-64

signedshot-0.1.8-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl (2.5 MB view details)

Uploaded CPython 3.12manylinux: glibc 2.17+ ARM64

signedshot-0.1.8-cp312-cp312-macosx_11_0_arm64.whl (2.3 MB view details)

Uploaded CPython 3.12macOS 11.0+ ARM64

signedshot-0.1.8-cp312-cp312-macosx_10_12_x86_64.whl (2.4 MB view details)

Uploaded CPython 3.12macOS 10.12+ x86-64

File details

Details for the file signedshot-0.1.8.tar.gz.

File metadata

  • Download URL: signedshot-0.1.8.tar.gz
  • Upload date:
  • Size: 34.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for signedshot-0.1.8.tar.gz
Algorithm Hash digest
SHA256 ee46a63234ab25b7467f5921d50dbe3e7c06ed3de6d65540c08dd52b2abbeede
MD5 05091c850ac6947ffa96873eedbd4c07
BLAKE2b-256 8fb6b4c8b26251c921a43ae8a9e73915682bbaf62c05013a0bd72b2f9cd4ea5e

See more details on using hashes here.

Provenance

The following attestation bundles were made for signedshot-0.1.8.tar.gz:

Publisher: release.yml on SignedShot/signedshot-validator

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file signedshot-0.1.8-cp312-cp312-win_amd64.whl.

File metadata

  • Download URL: signedshot-0.1.8-cp312-cp312-win_amd64.whl
  • Upload date:
  • Size: 2.1 MB
  • Tags: CPython 3.12, Windows x86-64
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for signedshot-0.1.8-cp312-cp312-win_amd64.whl
Algorithm Hash digest
SHA256 10c33abd14ced1477b7b371936cc29fabcba4422e1fa0cd167838fa7596d5df7
MD5 849c10ed42392523bdef349076700ece
BLAKE2b-256 71605263827cc319158e45508d9367ed540adab6e2d82cf6fc30125fe82d26bf

See more details on using hashes here.

Provenance

The following attestation bundles were made for signedshot-0.1.8-cp312-cp312-win_amd64.whl:

Publisher: release.yml on SignedShot/signedshot-validator

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file signedshot-0.1.8-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.

File metadata

File hashes

Hashes for signedshot-0.1.8-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Algorithm Hash digest
SHA256 887f9c6412ef15ba0dafcdc3b599cda1787cbf8b72e45d432add2d786819f841
MD5 176213cff143244f0e57a1b4161b9ebf
BLAKE2b-256 8cf70727508eb35bd0947f9127743ba6ad6f574028e96d67c502e4a84e7aa48d

See more details on using hashes here.

Provenance

The following attestation bundles were made for signedshot-0.1.8-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl:

Publisher: release.yml on SignedShot/signedshot-validator

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file signedshot-0.1.8-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl.

File metadata

File hashes

Hashes for signedshot-0.1.8-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl
Algorithm Hash digest
SHA256 0fe544a3328553d1f1fb0d1599f7e6b2a1c377e5fe1c436064cfe95395ffac88
MD5 8e33909b929af951e6cc6fb0f6de3a8c
BLAKE2b-256 545317e9a394c3b29d88f2b311e7538709c1a2a44af2c289cb89fb214a818f8e

See more details on using hashes here.

Provenance

The following attestation bundles were made for signedshot-0.1.8-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl:

Publisher: release.yml on SignedShot/signedshot-validator

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file signedshot-0.1.8-cp312-cp312-macosx_11_0_arm64.whl.

File metadata

File hashes

Hashes for signedshot-0.1.8-cp312-cp312-macosx_11_0_arm64.whl
Algorithm Hash digest
SHA256 f030228a51c67747d78ecac7a2f5ed63f94a365ac612b64d7d3f6c6a7de1186a
MD5 1d2edbcfbab340320590fa6ea0785010
BLAKE2b-256 458c897806b3925dfb07b1a673c6fd094d09e2f063ca0188fabe5a7df0a4b90c

See more details on using hashes here.

Provenance

The following attestation bundles were made for signedshot-0.1.8-cp312-cp312-macosx_11_0_arm64.whl:

Publisher: release.yml on SignedShot/signedshot-validator

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file signedshot-0.1.8-cp312-cp312-macosx_10_12_x86_64.whl.

File metadata

File hashes

Hashes for signedshot-0.1.8-cp312-cp312-macosx_10_12_x86_64.whl
Algorithm Hash digest
SHA256 3190b0162d22e1592c4756cf3f6a23019aa60bddf65ea9bcca7003175620c1c3
MD5 15c7375d91c9e8dc4c6340918c07546d
BLAKE2b-256 27a53a0a34f1c8c2d591e77fbe59fd0bd437088896601ee56d493077b26c43ac

See more details on using hashes here.

Provenance

The following attestation bundles were made for signedshot-0.1.8-cp312-cp312-macosx_10_12_x86_64.whl:

Publisher: release.yml on SignedShot/signedshot-validator

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page