Skip to main content

AWS Signature Version 4 signer for Swarmauri

Project description

Swarmauri Logo

PyPI - Downloads Hits PyPI - Python Version PyPI - License PyPI - swarmauri_signing_sigv4 Discord

Swarmauri Signing SigV4

AWS Signature Version 4 (SigV4) signer and verifier that implements the ISigning interface for HTTP requests and raw byte payloads.

Features

  • Canonicalizes HTTP request envelopes according to AWS SigV4 rules
  • Derives SigV4 signing keys from AWS credentials and scope information
  • Supports both request signing and raw payload HMAC generation/verification
  • Returns structured signature metadata (scope, signed headers, canonical hash) for downstream Authorization headers

Security Notes

  • Requires valid AWS-style credentials (access_key, secret_key, optional session_token)
  • Verification requires access to the shared secret material; compare signatures externally when AWS performs verification
  • Payload canonicalization expects callers to supply the appropriate SHA-256 hash or the UNSIGNED-PAYLOAD marker

Installation

Install the package with your preferred Python packaging tool:

pip install swarmauri_signing_sigv4
uv pip install swarmauri_signing_sigv4
poetry add swarmauri_signing_sigv4

Usage

import asyncio
from swarmauri_signing_sigv4 import SigV4Signing


envelope = {
    "method": "GET",
    "uri": "/",
    "query": {"Action": ["ListUsers"], "Version": ["2010-05-08"]},
    "headers": {
        "host": "iam.amazonaws.com",
        "x-amz-date": "20150830T123600Z",
        "content-type": "application/x-www-form-urlencoded; charset=utf-8",
    },
    "payload_hash": "UNSIGNED-PAYLOAD",
    "amz_date": "20150830T123600Z",
    "scope": {"date": "20150830", "region": "us-east-1", "service": "iam"},
}

key = {"access_key": "AKIDEXAMPLE", "secret_key": "wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY"}


async def main() -> None:
    signer = SigV4Signing()
    signatures = await signer.sign_envelope(key, envelope)
    print(signatures[0]["signature"])


asyncio.run(main())

When verifying signatures you must provide the shared secret via opts["secret_key"] or require["secret_key"].

Byte payload signing

Use sign_bytes / verify_bytes when you only need a SigV4-derived HMAC:

payload = b"example"
opts = {"date": "20150830", "region": "us-east-1", "service": "iam"}
signatures = await signer.sign_bytes(key, payload, opts=opts)
assert await signer.verify_bytes(payload, signatures, opts={**opts, "secret_key": key["secret_key"]})

Entry Point

The signer registers under the swarmauri.signings entry point as SigV4Signing.

Want to help?

If you want to contribute to swarmauri-sdk, read up on our guidelines for contributing that will help you get started.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

swarmauri_signing_sigv4-0.11.0.dev1.tar.gz (9.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

swarmauri_signing_sigv4-0.11.0.dev1-py3-none-any.whl (10.8 kB view details)

Uploaded Python 3

File details

Details for the file swarmauri_signing_sigv4-0.11.0.dev1.tar.gz.

File metadata

  • Download URL: swarmauri_signing_sigv4-0.11.0.dev1.tar.gz
  • Upload date:
  • Size: 9.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.11.26 {"installer":{"name":"uv","version":"0.11.26","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_signing_sigv4-0.11.0.dev1.tar.gz
Algorithm Hash digest
SHA256 e45f05ab73758905d26fbe2457f1b5082543037d87428f27f0376390d6f6f07a
MD5 4679871833b856a4af506afef9717632
BLAKE2b-256 1603c6d729d1d9ca05b0fcf0b1e98f72cb1f5490fe39013d53104966ba8eca97

See more details on using hashes here.

File details

Details for the file swarmauri_signing_sigv4-0.11.0.dev1-py3-none-any.whl.

File metadata

  • Download URL: swarmauri_signing_sigv4-0.11.0.dev1-py3-none-any.whl
  • Upload date:
  • Size: 10.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.11.26 {"installer":{"name":"uv","version":"0.11.26","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_signing_sigv4-0.11.0.dev1-py3-none-any.whl
Algorithm Hash digest
SHA256 57418f9ceb70f254fa0728a67e06c4b317a24659a565fba21b1805a8289d1ed2
MD5 7cb4655a60dfb15d51735f0dab8c4abd
BLAKE2b-256 eb2f0c6369ed90e52c777a715a2bd2e861d3764e602c0979f53612c60b222ac2

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page