This is a pre-production deployment of Warehouse, however changes made here WILL affect the production instance of PyPI.
Latest Version Dependencies status unknown Test status unknown Test coverage unknown
Project Description

Tools to add and a verify a cryptographic signature to WARC (or any gzip-chunked) files

This package provides complemetary warc-sign tool which signs WARC(s) with an RSA signature and warc-verify which verifies that the WARC(s) have been signed.

Usage

Install with: python setup.py install

Tests can be run with: python setup.py test

To sign a warc:

warc-sign privatekey.pem my-warc-file.warc.gz

To verify that a warc has been signed:

warc-verify publickey.pem my-warc-file.warc.gz

API Usage

warcsigner can be used from other scripts. To sign a warc:

from warcsigner.warcsigner import RSASigner

signer = RSASigner(private_key_file='privatekey.pem')

if signer.sign('my-warc-file.warc.gz'):
    # warc signed successfully

or to verify:

from warcsigner.warcsigner import RSASigner

signer = RSASigner(public_key_file='publickey.pem')

if signer.verify('my-warc-file.warc.gz'):
    # signature verified
else:
    # signature not found/invalid

the sign and verify methods can take either a filename string or a file-like stream object (an object with a read method)

Additionally, upon verification, the signature can be removed:

if signer.verify('my-warc-file.warc.gz', remove=True):
    # signature verified and removed

assert signer.verify('my-warc-file.warc.gz') == False

If the first verify succeeds, the signature will be removed and file truncated to its previous pre-signature size. (The file is unaltered if the verification fails). This may be useful if planning to append to the WARC and then resigning it.

Streaming and seek()

It is possible to use a file-like object which supports a read() instead of a filename.

When a WARC is signed, the signature is appended to the end of the file.

When verifying a file, the seek() may be used to determine the file size and the position of the signature. However, if a size= param is added to verify or verify_stream calls, no seek() calls are made during the verification and the file-like object is consumed linearly. This is specially useful when streaming a file from a remote location and seek() is not available. The total file size must be provided, though.

Public/Private keys are expected to be in .PEM format See the python-rsa formats doc for more information on supported key formats.

Original Stream

In certain situations, it may be useful to return the original, unsigned stream from a signed stream. signer.get_unsigned_stream(stream, size) will return a wrapper for stream which will not include the signature (if present). This is useful if concatenating WARCs without including a signature (and empty record) for each one.

How it works

The python-rsa library is used to sign and verify the signature.

The signature is stored in an extra gzip chunk containing no data but using custom extra field to store the signature. This allows the verify tool to quickly access the signature by checking a fixed offset from the end of the WARC.

When decompressing gzip chunks, there should be no detectable difference as most gzip tools ignore the extra gzip header.

While this is designed for compressed WARCs, this can be used for any format consisting of concatenated gzip chunks, ARC files, etc…

Note: since the signature is a gzip block, it makes less sense for uncompressed / plain text files.

Release History

Release History

0.3.1

This version

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.3.0

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

Download Files

Download Files

TODO: Brief introduction on what you do with files - including link to relevant help section.

File Name & Checksum SHA256 Checksum Help Version File Type Upload Date
warcsigner-0.3.1.tar.gz (7.2 kB) Copy SHA256 Checksum SHA256 Source Oct 21, 2015

Supported By

WebFaction WebFaction Technical Writing Elastic Elastic Search Pingdom Pingdom Monitoring Dyn Dyn DNS HPE HPE Development Sentry Sentry Error Logging CloudAMQP CloudAMQP RabbitMQ Heroku Heroku PaaS Kabu Creative Kabu Creative UX & Design Fastly Fastly CDN DigiCert DigiCert EV Certificate Rackspace Rackspace Cloud Servers DreamHost DreamHost Log Hosting